[Federal Register Volume 78, Number 53 (Tuesday, March 19, 2013)]
[Rules and Regulations]
[Pages 16922-17022]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-05895]
[[Page 16921]]
Vol. 78
Tuesday,
No. 53
March 19, 2013
Part II
Nuclear Regulatory Commission
-----------------------------------------------------------------------
10 CFR Parts 20, 30, 32, et al.
Physical Protection of Byproduct Material; Rule
��Federal Register / Vol. 78 , No. 53 / Tuesday, March 19, 2013 / Rules
and Regulations��
[[Page 16922]]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
10 CFR Parts 20, 30, 32, 33, 34, 35, 36, 37, 39, 51, 71, and 73
[NRC-2008-0120; NRC-2010-0194]
RIN 3150-AI12
Physical Protection of Byproduct Material
AGENCY: Nuclear Regulatory Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is amending its
regulations to establish security requirements for the use and
transport of category 1 and category 2 quantities of radioactive
material. The NRC considers these quantities to be risk significant
and, therefore, to warrant additional protection. Category 1 and
category 2 thresholds are based on the quantities established by the
International Atomic Energy Agency (IAEA) in its Code of Conduct on the
Safety and Security of Radioactive Sources, which the NRC endorses. The
objective of this final rule is to provide reasonable assurance of
preventing the theft or diversion of category 1 and category 2
quantities of radioactive material. The regulations also include
security requirements for the transportation of irradiated reactor fuel
that weighs 100 grams or less in net weight of irradiated fuel. The
final rule affects any licensee that possesses an aggregated category 1
or category 2 quantity of radioactive material, any licensee that
transports these materials using ground transportation, and any
licensee that transports small quantities of irradiated reactor fuel.
The rule also considers a petition for rulemaking (PRM-71-13) submitted
by the State of Washington that requested that the NRC adopt the use of
global positioning satellite tracking as a national requirement for
vehicles transporting highly radioactive mobile or portable radioactive
devices.
DATES: Effective Date: This final rule is effective on May 20, 2013.
Compliance Date: Compliance with this final rule is required on
March 19, 2014.
ADDRESSES: You can access publicly available documents related to this
document using the following methods:
NRC's Public Document Room (PDR): The public may examine
and have copied, for a fee, publicly available documents at the NRC's
PDR, O1-F21, One White Flint North, 11555 Rockville Pike, Rockville,
Maryland 20852.
NRC's Agencywide Documents Access and Management System
(ADAMS): Publicly available documents created or received at the NRC
are available online in the NRC Library at http://www.nrc.gov/reading-rm/adams.html. From this page, the public can gain entry into ADAMS,
which provides text and image files of the NRC's public documents. If
you do not have access to ADAMS or if there are problems in accessing
the documents located in ADAMS, contact the NRC's PDR reference staff
at 1-800-397-4209, 301-415-4737, or by email to nrc.gov">[email protected]nrc.gov.
Federal Rulemaking Web site: Public comments and
supporting materials related to this final rule can be found at http://www.regulations.gov by searching on Docket ID NRC-2008-0120. Public
comments on the guidance document supporting this rule can be found by
searching Docket ID NRC-2010-0194. Address questions about NRC dockets
to Carol Gallagher, telephone: 301-492-3668; email:
nrc.gov">[email protected]nrc.gov.
Availability of Guidance
The NRC is issuing new guidance for the implementation of the
requirements of 10 CFR part 37. The guidance document is NUREG-2155,
Implementation Guidance for 10 CFR part 37, ``Physical Protection of
Category 1 and Category 2 Quantities of Radioactive Material'' (ADAMS
Accession No. ML13053A061). This guidance is publicly available as
stated in this ADDRESSES section.
FOR FURTHER INFORMATION CONTACT: Merri Horn, Office of Federal and
State Materials and Environmental Management Programs, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001; telephone: 01-415-
8126, email: nrc.gov">[email protected]nrc.gov.
SUPPLEMENTARY INFORMATION:
I. Background
PRM 71-1
II. Discussion
A. General Applicability
B. Background Investigations and Access Authorization Program
C. Physical Protection During Use
D. Transportation Security
III. Summary and Analysis of Public Comments on the Proposed Rule
IV. Discussion of Final Amendments by Section
V. Criminal Penalties
VI. Agreement State Compatibility
VII. Plain Writing
VIII. Voluntary Consensus Standards
IX. Finding of No Significant Environmental Impact: Availability
X. Paperwork Reduction Act Statement
XI. Regulatory Analysis
XII. Regulatory Flexibility Certification
XIII. Backfit Analysis
XIV. Congressional Review Act
I. Background
The NRC has long participated in efforts to ensure radioactive
source protection and security. The terrorist attacks of September 11,
2001, heightened concerns about the use of risk-significant radioactive
materials in a malevolent act. Such an attack is of particular concern
because of the widespread use of radioactive materials in the United
States by industrial, medical, and academic institutions. The theft or
diversion of risk-significant quantities of radioactive materials could
lead to their use in a radiological dispersal device (RDD) or a
radiological exposure device (RED).
The NRC's current regulations provide requirements for the safe
use, transportation, and control of licensed radioactive material. Loss
of control of risk-significant radioactive material, whether
inadvertent or through a deliberate act, could result in significant
adverse impacts that could reasonably constitute a threat to the public
health and safety or the common defense and security of the United
States. In the changed threat environment after the attacks of
September 11, 2001, the Commission determined that certain licensed
material should be subject to enhanced security requirements and
safeguarded during transport, and that individuals with unescorted
access to risk-significant quantities of radioactive material should be
subject to background investigations.
As part of the development of the enhanced security measures, the
NRC performed threat and vulnerability assessments to identify gaps or
vulnerabilities in security and the effectiveness and costs of certain
physical protection enhancements at various licensed facilities. The
results of these assessments were used in the development of security
enhancement orders that were issued to licensees using a graded
approach based on the relative risk and quantity of material possessed
by the licensee.
The NRC issued the first series of orders to certain panoramic and
underwater irradiator licensees that possessed more than 370
Terabequerels (TBq) (10,000 curies (Ci)) of radioactive material (EA-
02-249; June 6, 2003) (68 FR 35458; June 13, 2003). The next series of
orders were issued to certain manufacturing and distribution (M&D)
licensees (EA-03-225; January 12, 2004) (69 FR 5375; February 4, 2004).
These orders require the implementation of additional security measures
and the protection of the licensee's physical
[[Page 16923]]
protection information as Safeguards Information--Modified Handling
(SGI-M). The original orders are not publicly available because they
contain detailed security requirements that are designated as SGI-M.
However, redacted versions of these orders have been made available to
the public (73 FR 33859; June 13, 2008, and 73 FR 49714; August 22,
2008). These orders were issued to both NRC and Agreement State
licensees under the NRC's authority to protect the common defense and
security.
Subsequently, the NRC issued Increased Control Orders (EA-05-090;
November 14, 2005) (70 FR 72128; December 1, 2005) to other licensees
authorized to possess certain risk-significant quantities of
radioactive material (category 1 and category 2 quantities). The
Increased Control Orders do not contain safeguards information (SGI) or
SGI-M, and are available on the NRC's public Web site at http://www.nrc.gov/security/byproduct/orders.html. These orders were issued
under the NRC's authority to protect public health and safety, and
require licensees to implement enhanced security measures known as
Increased Controls. To effect nationwide implementation of the
Increased Control Orders, each Agreement State issued legally binding
requirements to impose enhanced security measures, identical to the
Increased Controls, for licensees under that State's regulatory
jurisdiction.
All of the orders described above specifically address the security
of byproduct material possessed in quantities equal to or greater than
category 1 or category 2 quantities. The orders provide for enhanced
security measures for such things as license verification before the
transfer of these materials, access control, intrusion detection and
response, and coordination with local law enforcement authorities
(LLEAs). The orders also contain requirements for the licensee to
determine the trustworthiness and reliability of individuals permitted
unescorted access to risk-significant radioactive materials. The
determination involves a background investigation of the individual.
The background investigations were originally limited to local criminal
history records checks with law enforcement agencies, verification of
employment history, education, personal references, and confirmation of
employment eligibility (legal immigration status).
In 2005, Congress passed, and the President signed, the Energy
Policy Act of 2005 (EPAct). The EPAct amended Section 149 of the Atomic
Energy Act (AEA) to authorize the Commission to require to be
fingerprinted any individual who is permitted unescorted access to
radioactive material or other property subject to regulation by the
Commission that the Commission determines to be of such significance to
the public health and safety or the common defense and security as to
warrant fingerprinting and a Federal Bureau of Investigation (FBI)
criminal history records check. With this new authority, the Commission
determined that individuals who have access to category 1 and category
2 quantities of radioactive material warrant fingerprinting and FBI
criminal history records checks.
On October 17, 2006, the NRC issued orders to panoramic and
underwater irradiator licensees (EA-06-248) (71 FR 63043; October 27,
2006), M&D licensees (EA-06-250) (71 FR 63046; October 27, 2006), and
licensees making shipments of category 1 quantities of radioactive
material (EA-06-249) (71 FR 62302; October 24, 2006) to require
fingerprinting and FBI criminal history records checks for unescorted
access to risk-significant quantities of radioactive material at their
facilities. In issuing these orders, the NRC noted that a malevolent
act by an individual with unescorted access to these materials could
result in significant adverse impacts to the public health and safety
or the common defense and security and, thus, necessitated expedited
implementation of fingerprinting requirements. The orders were issued
to both NRC and Agreement State licensees under the NRC's authority to
protect the common defense and security. On December 5, 2007, the NRC
issued orders to all other NRC licensees that possessed category 1 or
category 2 quantities of radioactive material (EA-07-305) (72 FR 70901;
December 13, 2007) to require fingerprinting and FBI criminal history
records checks for unescorted access to category 1 or category 2
quantities of radioactive material. These orders were issued under the
NRC's authority to protect the public health and safety and are
available on the NRC's public Web site at http://www.nrc.gov/security/byproduct/orders.html. To effect nationwide implementation, each
Agreement State issued legally binding requirements consistent with the
Increased Control Orders to licensees under their regulatory
jurisdiction.
In 2005, the NRC issued two sets of orders to licensees
transporting radioactive material in quantities of concern. The first
set of transportation security orders was issued to certain licensees
that might be expected to transport radioactive materials in category 1
quantities (EA-05-006; July 19, 2005) (70 FR 44407; August 2, 2005).
These orders require the implementation of additional security measures
and the protection of the licensee's physical protection information as
SGI-M. The original orders are not publicly available because they
contain detailed security requirements that are designated as SGI-M.
However, a redacted version of the order is publicly available (73 FR
51016; August 29, 2008). These orders were issued to both NRC and
Agreement State licensees under the NRC's authority to protect the
common defense and security.
Subsequently, the NRC issued orders (EA-05-090; November 14, 2005)
(70 FR 72128; December 1, 2005) to specifically address the
transportation security of byproduct material transported in quantities
equal to or greater than category 2. The Increased Control Orders
mentioned earlier also contain requirements for transporting category 2
quantities of radioactive material. The additional security measures
contained in these two sets of orders provide for enhanced security
measures during transportation that are beyond the regulations then
applicable, and include: Enhanced security in preplanning and
coordinating shipments; advance notification of shipments to the NRC
and States through which the shipment will pass; control and monitoring
of shipments that are underway; trustworthiness and reliability of
transport personnel; information security considerations; and control
of mobile or portable devices such as radiography cameras and well-
logging devices.
In November 2009, the NRC issued the Increased Control Order and
the Fingerprint Order to power reactor licensees that are undergoing
decommissioning (EA-09-204 and EA-09-205; November 23, 2009) (74 FR
66168 and 74 FR 66164; December 14, 2009). The orders required these
licensees to implement the Increased Controls and to obtain
fingerprints and criminal history records checks for individuals to
have or continue having unescorted access to aggregated category 1 or
category 2 quantities of radioactive material.
In December 2009, the NRC issued orders to service provider
licensees that were not manufacturers or distributors (EA-09-293;
December 16, 2009 (75 FR 160; January 4, 2010). The order required
service provider licensees to implement specific measures to ensure the
trustworthiness and reliability of
[[Page 16924]]
their service representatives that have unescorted access to category 1
or category 2 quantities of radioactive materials.
The requirements put in place by all these above-described orders
supplement the existing regulatory requirements. These additional
requirements are primarily intended to provide reasonable assurance of
preventing the theft or diversion of risk-significant radioactive
material. These requirements provide the Commission with reasonable
assurance that public health and safety and the common defense and
security continue to be adequately protected.
It is the Commission's preference to implement generically
applicable requirements through rulemaking rather than by orders. An
order is legally binding only on the licensee or licensees receiving
the order. Further, the notice-and-comment rulemaking process allows
members of the public to provide comments on the proposed rule.
This rulemaking promulgates generically applicable security
requirements for licensees possessing category 1 and category 2
quantities of radioactive material in the regulations. New requirements
for background investigations and an access authorization program are
included to ensure that individuals who have access to these materials
have gone through background investigations and are determined to be
trustworthy and reliable. New requirements are also included to
establish physical protection systems to detect, assess, and respond to
unauthorized access to category 1 and category 2 quantities of
radioactive material. For transport of the radioactive materials, new
requirements for recipient license verification; preplanning and
coordination of shipments; advance notification of shipments;
notification of shipment delays, schedule changes, and suspected loss
of a shipment; and control and monitoring of shipments are included.
The amendments also include security requirements for shipments of
irradiated reactor fuel that weigh 100 grams (g) (0.22 pounds (lb)) or
less in net weight of irradiated fuel, exclusive of cladding or other
structural or packaging material, which has a total external radiation
dose rate in excess of 1 Gray (100 rad) per hour at a distance of 1
meters (m) (3.3 feet (ft)) from any accessible surface without
intervening shielding.
In developing this final rule, the NRC considered, among other
things, the various orders, lessons-learned during implementation of
the orders, the recommendations of the Independent External Review
Panel and the Materials Program Working Group, and stakeholder comments
received on the proposed rule and the draft implementation guidance.
The Commission chartered the Independent External Review Panel to: (1)
Identify vulnerabilities in the NRC's materials licensing program with
respect to import, export, specific, and general licenses; (2) validate
the ongoing byproduct material security efforts; and (3) evaluate the
apparent ``good faith presumption'' in the NRC licensing process that
had in the past justified minimal investigation of new license
applicants or inspection of their facilities before allowing their
possession of radioactive material. The Panel's March 2008 report is
available in ADAMS under Accession No. ML080700957. The Materials
Program Working Group conducted a comprehensive evaluation of the
materials program to identify short- and long-term strategies to
mitigate security vulnerabilities. The Working Group report contains
sensitive information and is not publicly available. However, the
Group's comments on the Panel's report are publicly available in ADAMS
under Accession No. ML080660424.
PRM-71-13
On July 16, 2008 (73 FR 40767), the NRC published the resolution
and closure of a petition for rulemaking filed by Christine O.
Gregoire, Governor of the State of Washington (PRM-71-13). The NRC
indicated that the issues raised by the petitioner would be considered
in an ongoing rulemaking on security requirements for the
transportation of radioactive material in quantities of concern.
The petitioner requested that the NRC adopt the use of global
positioning system (GPS) tracking as a national requirement for
vehicles transporting highly radioactive mobile or portable radioactive
devices. As an alternative, the petitioner stated that the Commission
could grant States the flexibility to impose more stringent
requirements than those required under the current Increased Controls
Orders. The petitioner believes that GPS technology is an effective and
relatively inexpensive tool that would give law enforcement a
significant advantage in locating a missing source. However, the
petitioner acknowledged that requiring a GPS on these vehicles does not
ensure that the radiological source will be found.
The NRC considered the issues identified by the petitioner and the
petitioner's suggested approach to address those issues in the
decision-making process and final determination of the rule
requirements in the area of the petitioner's concern. The NRC
ultimately did not include a requirement for GPS tracking in the rule.
However, the rule does contain a requirement to use a telemetric
position monitoring system or an alternative tracking system when
transporting category 1 quantities of radioactive material. Use of GPS
would be one method to satisfy this requirement. For licensees
transporting category 2 quantities of radioactive material, tracking is
not required. The licensee is required to maintain constant control or
surveillance during transit. In addition, the rule at Sec. 37.53
imposes additional security measures on mobile devices that includes
using a method to disable the vehicle or trailer when not under direct
control and constant surveillance by the licensee. The NRC believes
that these requirements provide adequate protection for mobile devices
and that GPS is neither justified nor necessary. The majority of the
transportation security requirements are Compatibility Category B
because there are direct and significant transboundary implications.
Because the requirements are Compatibility B, Agreement States must
adopt program elements essentially identical to those of the NRC and do
not have the flexibility to adopt more stringent requirements. See also
response to comment D29.
II. Discussion
The NRC has determined that a new part for Title 10 of the Code of
Federal Regulations (10 CFR) should be established for the security
requirements for use and transportation of category 1 and category 2
quantities of radioactive material. Separate safety and physical
protection requirements have already been established for special
nuclear material in 10 CFR part 73. The establishment of a new part for
security-related requirements for byproduct material would be more
effective and efficient compared to interspersing the requirements with
safety requirements or placing them with the part 73 security
requirements for special nuclear material. A new part specifically
directed to byproduct material licensees should make applicable
requirements easier for both licensees and other stakeholders to locate
and understand.
This discussion section has been divided into four subsections to
better present information on the final rule. Each section presents
information on a different aspect of the final rule. Section A provides
information that is generally applicable to all aspects of this
[[Page 16925]]
rulemaking. Section B provides information on background investigations
and the access authorization program. Section C provides information on
the physical protection of the materials during use. Lastly, Section D
provides information on transportation security aspects.
A. General Applicability
1. What action is the NRC taking?
The NRC is amending its regulations to impose security requirements
for the use and transportation of category 1 and category 2 quantities
of radioactive material. The requirements establish the objectives and
minimum requirements that licensees must meet to protect against theft
or diversion of this material. These requirements are intended to
increase the protection of the public against the unauthorized use of
category 1 or category 2 quantities of radioactive material by reducing
the risk of the theft or diversion of the material. The NRC is also
amending the regulations to impose security requirements for the
transportation of small quantities (100 grams or less) of irradiated
fuel.
2. Why do the requirements need to be revised?
Prior to September 11, 2001, the NRC requirements focused on safety
and preventing inadvertent or accidental exposure of both workers and
the public to these materials. These requirements also provided
security for the material. The events of September 11, 2001, made the
NRC take a broader look at its requirements and reevaluate what a
terrorist might do to obtain these materials. From this effort, the NRC
identified several areas where additional requirements were necessary
to improve security. The security requirements need to be placed in the
regulations so that they are generally applicable to all licensees.
Publication of the proposed rule also provided an opportunity for all
stakeholders to comment on the proposed requirements.
3. Why doesn't the NRC just keep the orders in effect?
The orders issued by the NRC could stay in place indefinitely.
However, the regulations would not reflect current Commission policy or
requirements. Imposing long-term requirements through orders has not
traditionally been the agency's preferred method of regulation. Orders,
unlike rules, do not apply prospectively to applicants for new
licenses. The NRC would have to periodically issue new orders to cover
new and amended licenses, and perhaps reissue orders periodically to
existing licensees if requirements or administrative practices change.
In order to make the requirements generally applicable to all present
and future licensees, the security-related requirements need to be
placed in the regulations.
The NRC is now formally revising its security requirements. The
orders will remain in place for NRC licensees until the final rule is
implemented (1 year after publication of the final rule). Once the
final rule is implemented, the NRC will rescind the orders that were
issued to its licensees. For Agreement State licensees that received an
NRC order, the order will remain in place until the effective date of
compatible requirements issued by the Agreement States. Each Agreement
State will follow its own process for issuing these requirements. Once
the State has issued its requirements and they become effective, the
NRC will rescind the order.
4. Whom would this action affect?
These requirements will apply to NRC and Agreement State licensees
that possess an aggregated category 1 or category 2 quantity of
radioactive material or that transport irradiated reactor fuel less
than 100 grams net weight. This includes a wide range of licensees,
including pool-type irradiator licensees; manufacturer and distributor
licensees; medical facilities with gamma knife devices; self-shielded
irradiator licensees (including blood irradiators); teletherapy unit
licensees; radiographers; well loggers; broad scope users; radioisotope
thermoelectric generator licensees; and licensees that ship or prepare
for shipment category 1 or category 2 quantities of radioactive
material. Nearly 1,400 licensees are implementing the various orders
and are the entities that will be primarily impacted by this final
rule. In addition, some fuel cycle and reactor licensees that possess
sources at these levels may be impacted. Some decommissioning reactor
licensees may also be impacted. Most licensees whose activities are
covered under the physical protection requirements of 10 CFR part 73
are exempt from the requirements of 10 CFR part 37. For example, a
reactor licensed under part 50 that also possesses a radiography source
under an NRC license does not need to implement the part 37 provisions
if the source is protected under the reactor security program required
by part 73. Licensees that possess an aggregated quantity of
radioactive waste that equals or exceeds the category 2 threshold will
need to meet some requirements, but would not need to meet most of the
program elements in part 37.
Aggregated quantity refers to the total quantity of radioactive
material, calculated by use of the sum of fractions method discussed in
question 7, that can be accessed by defeating a single physical
barrier.
5. What are Category 1 and Category 2 quantities of radioactive
material?
Category 1 quantities of radioactive material have been called
radioactive material in quantities of concern (RAMQC). Category 1 and
category 2 quantities of radioactive material have been called risk-
significant radioactive material and refer specifically to 16
radioactive materials (14 single radionuclides and 2 combinations).
These materials are: Americium-241; americium-241/beryllium;
californium-252; curium-244; cobalt-60; cesium-137; gadolinium-153;
iridium-192; plutonium-238; plutonium-239/beryllium; promethium-147;
radium-226; selenium-75; strontium-90 (yttrium-90); thulium-170; and
ytterbium-169. Irradiated fuel and mixed oxide fuel are not included
even though they may contain category 1 or category 2 quantities of
radioactive material; these materials are covered by other regulations.
The thresholds for category 1 and category 2 quantities of radioactive
material are provided in the following table. Terabecquerels is the
official unit to be used for determining whether a radioactive material
is a category 1 or category 2 quantity. Because many licensees use
curies in their activities instead of Becquerels, the table provides
the curie value at three significant figures for convenience.
----------------------------------------------------------------------------------------------------------------
Category 1 threshold Category 2 Threshold
-------------------------------------------------------------------------
Radioactive material Terabecquerels Terabecquerels
(TBq) Curies (Ci) (TBq) Curies (Ci)
----------------------------------------------------------------------------------------------------------------
Americium-241......................... 60 1,620 0.6 16.2
Americium-241/Beryllium............... 60 1,620 0.6 16.2
Californium-252....................... 20 540 0.2 5.40
[[Page 16926]]
Curium-244............................ 50 1,350 0.5 13.5
Cobalt-60............................. 30 810 0.3 8.10
Cesium-137............................ 100 2,700 1 27.0
Gadolinium-153........................ 1000 27,000 10.0 270
Iridium-192........................... 80 2,160 0.8 21.6
Plutonium-238......................... 60 1,620 0.6 16.2
Plutonium-239/Beryllium............... 60 1,620 0.6 16.2
Promethium-147........................ 40,000 1,080,000 400 10,800
Radium-226............................ 40 1,080 0.4 10.8
Selenium-75........................... 200 5,400 2.0 54.0
Strontium-90 (Yttrium-90)............. 1,000 27,000 10.0 270
Thulium-170........................... 20,000 540,000 200 5,400
Ytterbium-169......................... 300 8,100 3 81.0
----------------------------------------------------------------------------------------------------------------
These materials and thresholds are based on the IAEA Code of
Conduct. The IAEA published these results in a document titled ``Code
of Conduct on the Safety and Security of Radioactive Sources.'' A link
to this document can be found on the NRC's Web site at http://www.nrc.gov/security/byproduct/enhanced-security.html. The NRC and the
international community, led by the IAEA, revised the IAEA Code of
Conduct in 2003, to establish common international guidance for safety
and security measures for radioactive sources. In a separate effort,
the U.S. Department of Energy (DOE) and the NRC reviewed the chemical,
physical, and radiological characteristics of each radioactive material
that is licensed in the United States, for its attractiveness to a
terrorist. This effort identified 16 radioactive materials that could
pose a serious threat to people and the environment if used
malevolently. This effort further identified the different quantities
or ``thresholds'' of materials that could be useful to a terrorist. The
results of the DOE/NRC effort closely matched the Code of Conduct
Category 2 quantities. The NRC adopted the IAEA Code of Conduct
Category 1 and Category 2 threshold quantities to provide consistency
between domestic and international efforts for security of radioactive
materials that are deemed to be attractive targets for malevolent use.
IAEA Safety Series RS-G-1.9, Categorization of Radioactive Sources,
provides the underlying methodology for the development of the Code of
Conduct thresholds. Safety Series RS-G-1.9 provides a risk-based
ranking of radioactive sources in five categories in terms of their
potential to cause severe deterministic effects for a range of
scenarios that include both external exposure from an unshielded source
and internal exposure following dispersal. The categorization system
uses the `D' values as normalizing factors. The `D' value is the
radionuclide specific activity of a source that, if not under control,
could cause severe deterministic effects for a range of scenarios that
include both external exposure from an unshielded source and internal
exposure following dispersal of the source material. Safety Series RS-
G-1.9 is available on the IAEA's Web site at: http://www-pub.iaea.org/MTCD/publications/PDF/Pub1227_web.pdf.
6. Why are the requirements limited to these 16 radionuclides?
The Radiation Source Protection and Security Task Force, an
interagency task force established by the EPAct, concluded in its 2006
report to Congress and the President (ADAMS Accession No. ML062190349)
that the appropriate radioactive sources were being protected. The Task
Force also concluded that the IAEA Code of Conduct serves as an
appropriate framework for considering which sources warrant additional
protection. For its 2010, report to Congress and the President (ADAMS
Accession No. ML102230141), the Task Force conducted a reevaluation of
the radionuclides that warrant additional security and protection. The
Task Force found ``that the Category 1 and 2 quantities remain valid
for sealed and unsealed sources as the list and threshold levels of
radionuclides that could result in a significant RED or RDD event and
therefore warrant enhanced security and protection.'' The Task Force
identified seven additional radionuclides that may be of concern when
aggregated, but the Task Force did not recommend at this time that
these additional radionuclides should receive enhanced protection. If
in the future the Task Force revises its view and determines that
additional security is necessary for these materials, the NRC would
consider requiring additional security for these materials. The Task
Force periodically reevaluates the list of radionuclides that warrant
additional security and protection. If the radionuclides and/or
thresholds change in the future, any changes would be addressed in a
future rulemaking.
7. What is the sum of fractions methodology or unity rule?
The sum of fractions methodology, also known as the unity rule, is
used to determine if a licensee is required to implement 10 CFR part 37
requirements. A licensee may need to implement the requirements in 10
CFR part 37 even if it does not possess any single source or single
radionuclide in excess of the category 2 thresholds. For combinations
of materials (to include sealed sources, unsealed sources, and bulk or
loose material) and radionuclides, a licensee must include multiple
items (including bulk material) of the same radionuclide and multiple
items (including bulk material) of different radionuclides to determine
if the requirements apply. For the purposes of this calculation,
licensees are required to consider all of the aggregated radioactive
material from the list of applicable radionuclides at any location
where the material can be accessed by breaching a single barrier. The
following formula for the unity rule is used to determine if a licensee
is required to implement the part 37 requirements: [(Total amount of
radionuclide A) / (category 2 threshold of radionuclide A)] + [(total
amount of radionuclide B) / (category 2 threshold of radionuclide B)] +
etc.....>= 1. If the sum is greater than or equal to 1, the licensee
has at least a category 2 quantity of radioactive material, and the 10
CFR part 37 requirements apply.
[[Page 16927]]
8. Does the NRC plan to issue guidance on these requirements?
Yes, the NRC plans to issue guidance on the security requirements
for category 1 and category 2 quantities of radioactive materials. The
draft guidance was issued for public comment (75 FR 40756; July 14,
2010) during the comment period on the proposed rule. The NRC is
issuing new guidance for the implementation of the requirements of 10
CFR part 37. The guidance document is NUREG-2155, Implementation
Guidance for 10 CFR part 37, ``Physical Protection of Category 1 and
Category 2 Quantities of Radioactive Material'' (ADAMS Accession No.
ML13053A061). This guidance and public comments are available as stated
in the ADDRESSES section of this document.
9. Will all of the information considered to be safeguards information
under the orders now be made public?
No. The orders issued to some licensees contained detailed security
information that could be useful to an adversary. To increase public
awareness and participation, the NRC identified the primary security
concepts behind each security measure and included these concepts in
the rule to allow discussion of the security measures in a public
forum. But the specific measures that a licensee puts in place may be
considered SGI-M. The final rule on safeguards information became
effective on February 23, 2009 (73 FR 63546; October 24, 2008), and
established as SGI-M certain physical protection information related to
panoramic and underwater irradiators that possess greater than 370 TBq
(10,000 Ci) of byproduct material in the form of sealed sources;
manufacturers and distributors of items containing source material,
byproduct material, or special nuclear material in greater than
category 2 quantities; and transportation of source, byproduct, or
special nuclear material in greater than or equal to category 1
quantities. Physical protection information for other facilities that
fall under the requirements of 10 CFR part 37 is considered physical
protection information under 10 CFR 2.390(d)(1). Licensees are also
required to protect the security plan and implementing information and
the list of individuals that have unescorted access from unauthorized
disclosure. The rule provisions that address SGI-M or include
references to the SGI-M requirements in part 73 are reserved for the
NRC and are considered compatibility category NRC.
10. What is the authority for this final rule?
As noted in the background discussion, the NRC issued some orders
under its authority to protect the common defense and security and some
orders under its authority to protect the public health and safety.
With respect to whether the following regulations are being issued
under ``public health and safety'' or ``common defense and security,''
it should be recognized that almost all regulations relating to the
security of materials serve both purposes to some degree. For example,
securing radioactive materials with multiple barriers protects the
public health and safety by preventing the unknowing theft of
radioactive materials--such as someone stealing a vehicle with material
stored in the vehicle, but whose target is the vehicle--which could
result in the unintentional exposure of members of the public to the
material. The barriers also protect the common defense and security by
preventing the theft of the radioactive material by potential
terrorists or others targeting the specific material intending to use
it to affect the common defense and security by exposing members of the
public to the material. However, the designation of the authority being
used for these regulations does have significance in determining
whether Agreement States or the NRC will be responsible for overseeing
the implementation of these requirements for Agreement State licensees.
Although section 274(b) of the AEA allows the NRC to relinquish its
regulatory authority to Agreement States for certain radioactive
materials and activities, section 274(m) of the AEA prevents such
agreements from affecting the authority of the Commission to take
regulatory action to protect the common defense and security. Thus, as
evidenced by orders issued to Agreement State licensees after the
events of September 11, 2001, the NRC has the ability to take necessary
steps to address particular common defense and security needs. If these
regulations were to be issued under the NRC's common defense and
security authority, only the NRC would have the authority to impose
these requirements on Agreement State licensees and the NRC would be
responsible for inspection and enforcement of these requirements for
Agreement State licensees.
When regulations such as these complement both the NRC's public
health and safety and common defense and security missions, the
operative question is whether NRC oversight is necessary to fulfill the
common defense and security aspects of the regulations. The NRC
believes that the Agreement States can consistently and adequately
implement the physical protection requirements on a nationwide basis,
and as such, there will be no need for independent NRC action to
protect the common defense and security. As always, the NRC retains the
authority under section 274(m) of the AEA to take any necessary actions
for protection of the common defense and security should individual
licensees or Agreement State programs develop issues requiring
immediate action. As long as all Agreement States continue to implement
compatible and adequate security requirements, there appears to be no
benefit to the public health and safety, or common defense and
security, that would justify removing oversight of these requirements
from an established regulatory program overseeing Agreement State
licensees. Implementing these regulations under the NRC's public health
and safety authority avoids potential complications with licensees
being subject to dual regulatory authority for a single license. Thus,
the NRC is issuing these regulations under its public health and safety
authority, and these requirements are applicable to Agreement State
licensees through the Agreement State Program.
11. When would the rule be effective?
The final rule is effective 60 days after publication in the
Federal Register; however, licensees do not need to comply with the
rule until 1 year after publication. This provides time for licensees
to put in place the necessary programs, develop procedures, and conduct
training on the new requirements. While most of the provisions are
similar to those contained in the orders, there are differences. The
Agreement States will be required to issue compatible requirements
within 3 years of the publication date of the final rule instead of 3
years from the effective date of the rule. Licensees in an Agreement
State will continue to operate under the orders or other legally
binding requirements until the Agreement State issues compatible
requirements and these requirements take effect. The provisions put in
place for the inspection of licensees in Agreement States that received
the orders issued under common defense and security will remain in
place until the Agreement State implements the requirements. For those
Agreement States that enter into 274i Agreements, the State can
continue inspections
[[Page 16928]]
under the Agreement. For those Agreement States that did not enter into
274i Agreements, the NRC will continue to conduct the inspections until
the new Agreement State requirements become effective. The NRC will
rescind the orders as the regulatory requirements become effective.
12. How does the NRC ensure licensees are following these rules?
The NRC and Agreement States conduct inspections to ensure that
licensees are following the requirements. The NRC and Agreement State
inspectors will receive training and follow inspection procedures on
how to ascertain whether licensees are meeting security requirements.
Potential violations that are identified will be processed in
accordance with the NRC Enforcement Policy, and depending on the
severity of a violation, licensees could be subject to civil or
criminal penalties. Additionally, the NRC has developed enforcement
guidance to ensure consistency in the enforcement process. Agreement
State licensees are subject to the State's enforcement process. Those
Agreement State licensees that were issued NRC orders under common
defense and security would remain subject to the NRC's enforcement
process, until the Agreement State adopts the regulations with its own
legally binding requirements.
B. Background Investigations and Access Authorization Program
1. Who is required to have an access authorization program?
Any licensee that possesses category 1 or category 2 quantities of
radioactive materials at a facility needs to determine whether it needs
to have an access authorization program. Only those licensees that
permit unescorted access to an aggregated category 1 or category 2
quantity of radioactive material are required to establish and
implement an access authorization program. If the material can be
accessed by the breach of a single physical barrier, the licensee needs
to implement an access authorization program. In addition, any
applicant for a license or license amendment to possess category 1 or
category 2 quantities of radioactive material at a facility is required
to establish an access authorization program before obtaining the
radioactive material, if it will be aggregating the material at or
above the category 2 threshold.
2. What is the objective of the access authorization program?
The main objective of the access authorization program is to ensure
that individuals who have unescorted access to category 1 or category 2
quantities of radioactive material are trustworthy and reliable and do
not constitute an unreasonable risk to the public health and safety or
common defense and security.
3. Who is subject to the licensee's access authorization program?
Section 652 of the EPAct authorizes the Commission to require
fingerprinting of any individual who is permitted unescorted access to
``any radioactive material that the Commission determines to be of such
significance to the public health and safety or the common defense and
security as to warrant fingerprinting and background checks.'' The
Commission has determined that the threshold that warrants
fingerprinting and background checks is category 2. The Commission
directed that any licensee implementing the Increased Control Orders
should also have a fingerprinting and an FBI criminal records check for
any individual with unescorted access to category 1 or category 2
quantities of radioactive material. Because only licensees that had
aggregated quantities at or above the category 2 threshold implemented
the orders, these are the licensees that need to have an access
authorization program, i.e., any licensee that has an aggregated
quantity of radioactive material at or above the category 2 threshold.
Therefore, individuals subject to a licensee's access authorization
program include anyone permitted to have unescorted access to category
1 or category 2 quantities of radioactive material. Unescorted access
is defined as solitary access to category 1 or category 2 quantities of
radioactive material or the devices that contain the material. The
reviewing official is also included in the program to ensure that this
individual is subjected to the same background check and degree of
trustworthiness and reliability.
The access authorization program may also include individuals that
have access to SGI-M, such as vehicle drivers and accompanying
individuals for road shipments of category 1 quantities of radioactive
material, movement control center personnel for shipments of category 1
quantities of radioactive material, and any individual whose assigned
duties provide access to shipment information on category 1 quantities
of radioactive material. Licensees may have a separate program for
access to SGI or may include the program with the part 37 program for
unescorted access to the material.
Those individuals who have unescorted access to certain quantities
of byproduct material could pose a threat to the public health and
safety or the common defense and security because they could divert or
steal risk-significant radioactive material, or could aid others in the
commission of such acts. The Radiation Source Protection and Security
Task Force encouraged the NRC to require fingerprinting and Federal
criminal history checks of any individual with access to category 1 or
category 2 quantities of radioactive material.
Certain categories of individuals are relieved from the background
investigation aspect of the access authorization program (see Section
II, question B20 and B21). Licensees do have the option to escort an
individual and not make a trustworthiness and reliability
determination. The escorts need to be approved for unescorted access.
4. What are the key access authorization program requirements?
The key components of an access authorization program are the
reviewing official, a background investigation, use of procedures, and
the individual's right to correct and complete the information on which
the decision to grant unescorted access is based. Each of these areas
is discussed in more detail in the following questions and answers.
5. What is the role of the reviewing official?
The reviewing official is the individual that makes the
trustworthiness and reliability determinations for the licensee; the
reviewing official determines who can be allowed unescorted access
authorization. Note that the Increased Control Fingerprinting Orders
referred to a trustworthiness and reliability official (or T&R
official) as the individual who made determinations on a subject
individual's trustworthiness and reliability. Unlike the reviewing
official, the T&R official did not have to be fingerprinted. Under this
rule, fingerprints of the reviewing official(s) need to be taken by
either a law enforcement agency, a Federal or State agency that
provides fingerprinting services to the public, or a commercial
fingerprinting service authorized by a State to take fingerprints and
then be submitted to the NRC. This ensures the identification of the
individual submitting the fingerprints. Without this requirement the
reviewing official could
[[Page 16929]]
submit the fingerprints of another individual that is known not to have
a criminal history or known terrorist ties. Reviewing officials must be
permitted either access to safeguards information or unescorted access
to category 1 or category 2 quantities of radioactive material because
section 149 of the AEA only authorizes the collection of fingerprints
for the purposes of unescorted access to radioactive material or access
to safeguards information. After the licensee has completed the
background investigation for the reviewing official and determined that
the individual is trustworthy and reliable, the licensee must provide
under oath and affirmation, a certification that the reviewing official
is deemed trustworthy and reliable. For certain licensees, the NRC may
have approved reviewing officials, either under the October 17, 2006,
orders (EA-06-248, EA-06-250, and EA-06-249), under the August 21,
2006, SGI-M Orders, or under other regulatory requirements. In those
cases, the reviewing official may continue to act in that capacity. If
the reviewing (or T&R) official has not had an FBI criminal records
history check, he or she needs to be fingerprinted and undergo a
background investigation and be named by the licensee before making
additional trustworthiness and reliability determinations. If the
individual falls under one of the categories of individuals granted
relief from the background investigation, the individual can be
determined to be trustworthy and reliable without going through a full
background investigation. The NRC believes that it is important that
the individual who is making the final determination on whether an
individual is trustworthy and reliable be trustworthy and reliable
themselves and have undergone the same background investigation as
individuals who would be granted unescorted access, including
fingerprinting and the FBI criminal records check. If the reviewing
official is not fingerprinted, a gap could be created in the security
program that could potentially be exploited. The reviewing official
could have a criminal history or terrorist ties and allow other
individuals with a criminal history or terrorist ties to have
unescorted access to radioactive material in quantities of concern.
This addresses the good faith presumption.
6. What is informed consent?
Informed consent is the authorization provided by an individual
that allows a background investigation to be conducted to determine
whether the individual is trustworthy and reliable. The signed consent
includes authorization to share personal information with other
individuals or organizations as necessary to complete the background
investigation. An individual can withdraw his or her consent at any
time. After the withdrawal, the licensee may not initiate any elements
of the background investigation that were not in process at the time of
the withdrawal of consent. The licensee is required to inform the
individual that withdrawal of consent for the background investigation
is sufficient cause for denial or termination of unescorted access
authorization.
Licensees do not need to obtain signed consent from individuals
that have already undergone a background investigation that included
fingerprinting and an FBI criminal history records check, been
determined to be trustworthy and reliable, and permitted unescorted
access to category 1 or category 2 quantities of radioactive material
under the NRC orders or the legally binding requirements issued by the
Agreement States. A signed consent is needed for any reinvestigation.
7. What is a personal history disclosure?
The personal history disclosure is the personal history required to
be provided by the individual seeking unescorted access to category 1
or category 2 quantities of radioactive material. The information
includes items such as employment history, education, and any arrest
record. This information provides the reviewing official with a
starting point for the background investigation. Failure to provide the
information or falsification of any information could be grounds for
denial of the individual's request for unescorted access authorization
or termination of access if the individual already has access. If the
individual provides false information, it could be an indication that
he or she is not trustworthy or reliable.
8. What are the components of a background investigation?
A background investigation includes several components:
Fingerprinting and an FBI identification and criminal history records
check; verification of true identity; employment history verification;
verification of education; and character and reputation determination.
It is the licensee's responsibility to make a trustworthiness and
reliability determination of an employee, contractor, or other
individual who will be granted unescorted access to category 1 or
category 2 quantities of radioactive material or a device containing
such radioactive material. It is expected that licensees will use their
best efforts to obtain the information required to conduct a background
investigation to determine an individual's trustworthiness and
reliability. Information previously obtained during the hiring process
may be used to support a licensee's determination of an individual's
trustworthiness and reliability without having to reverify that
information. There is no particular piece of information that would
automatically disqualify an individual from access. The intent is that
the information is considered as a whole in determining if an
individual is both trustworthy and reliable.
Fingerprinting an individual for an FBI criminal history records
check is an important element of the background investigation. It can
provide comprehensive information regarding an individual's recorded
criminal activities within the United States and its territories and
the individual's known affiliations with violent gangs or terrorist
organizations.
Verification of true identity is necessary to make sure that the
individual is who he or she claims to be and that the documentation
matches. This check is important to make sure that someone is not
posing as someone else.
Employment history, education verification, character and
reputation determination; and obtaining independent information are
necessary to ensure that the individual is who they claim to be, that
the individual has not made false claims, has a good reputation, and
conducts his or herself in a trustworthy and reliable manner.
The background investigation is a tool to determine whether
individuals are trustworthy and reliable and could be permitted
unescorted access to category 1 or category 2 quantities of radioactive
material. It is essential to ensure that individuals seeking unescorted
access to radioactive material are dependable in judgment, character,
and performance, such that unescorted access to category 1 or category
2 quantities of radioactive material by that individual does not
constitute an unreasonable risk to the public health and safety or
common defense and security.
Nothing in the regulations prevents a licensee from including other
elements in its background investigation. Although the NRC did not
include the credit history check as a required element of the
background investigation, a credit history check can provide
supplemental information that could be useful to licensees,
particularly in the situation where it is difficult to
[[Page 16930]]
make a trustworthiness and reliability determination. Information from
a credit history check could provide additional information that would
be useful in making that final decision. To the extent that a licensee
decides to use a credit history check as a measure beyond the
regulatory minimum required for the access authorization program, the
NRC acknowledges the merit of such use.
9. Where does a licensee submit the fingerprints for processing?
Under the EPAct, licensees are required to submit the fingerprints
to the NRC, which forwards the fingerprints to the FBI for processing.
If an individual comes under one of the categories for relief specified
in 10 CFR 37.29, the licensee does not need to submit the individual's
fingerprints to the NRC.
10. What should a licensee do if an individual or entity contacted as
part of a background investigation refuses to respond?
If a previous employer, educational institution, or any other
entity fails to provide information or indicates an inability or
unwillingness to provide information in a timely manner, the licensee
is required to document the refusal, unwillingness, or inability to
respond in the record of investigation. The licensee then needs to
attempt to obtain confirmation from at least one alternate source that
has not been previously used.
11. Does an individual have the right to correct his or her criminal
history records?
Yes, an individual has the right to correct his or her criminal
history records before any final adverse determination is made. If the
individual believes that his or her criminal history records are
incorrect or incomplete in any respect, he or she can initiate
challenge procedures. These procedures include direct application by
the individual challenging the criminal history records to the law
enforcement agency that contributed the questioned information. Before
an adverse determination on a request for unescorted access,
individuals have the right to provide additional information.
12. Is a licensee required to have procedures for implementing the
access authorization program?
Yes, licensees are required to develop, implement, and maintain
written procedures for implementing the access authorization program.
At a minimum, procedures need to address notification of individuals
denied unescorted access authorization, including provisions for review
of the denial.
13. What information should the reviewing official use to determine
that an individual is trustworthy and reliable?
The reviewing official uses all of the information gathered during
the background investigation, including the information received from
the FBI, in making a determination that an individual is trustworthy
and reliable. The reviewing official may not determine that an
individual is trustworthy and reliable and grant unescorted access
until the information obtained for the background investigation has
been evaluated. The reviewing official may deny unescorted access to
any individual based on any information obtained at any time during the
background investigation. However, as required by section 149.c(2)(c)
of the AEA, the licensee may not base a final determination to deny an
individual unescorted access to category 1 or category 2 quantities of
radioactive material solely on the basis of information received from
the FBI involving: (1) An arrest more than 1 year old for which there
is no information of the disposition of the case; or (2) an arrest that
resulted in dismissal of the charge or an acquittal. If there is no
record on the disposition of the case, it may be that information on a
dismissal or acquittal was not recorded.
14. How frequently is a reinvestigation required?
A reinvestigation is required every 10 years to help maintain the
integrity of the access authorization program. This is necessary
because an individual's situation may change over time in a manner that
can adversely affect his or her trustworthiness and reliability. The
reinvestigation includes only the fingerprinting and the FBI criminal
history check.
15. Are licensees required to protect information obtained during a
background investigation?
Yes, licensees are required to protect the information obtained
during a background investigation. The licensee is required to
establish and maintain a system of files and procedures for protection
of the information from unauthorized disclosure. Licensees are only
permitted to disclose the information to the subject individual, the
individual's representative, those who have a need-to-know the
information to perform their assigned duties to grant or deny
unescorted access to category 1 or category 2 quantities of material or
safeguards information, or an authorized representative of the NRC.
16. Can a licensee transfer personal information obtained during an
investigation to another licensee?
Yes, a licensee can transfer background information on an
individual to another licensee if the individual makes a written
request to the licensee to transfer the information contained in his or
her file.
17. If I receive background investigation information from another
licensee, can I rely on that information?
Yes, a licensee can rely on the background investigation
information that is transferred from another licensee. However, a
licensee is required to verify information such as name, date of birth,
social security number, gender, and other physical characteristics to
ensure that the individual is the person whose file has been
transferred. The licensee can also choose to verify other information
that is transferred or to escort the individual and not grant him or
her unescorted access.
18. What records are required to be maintained?
Licensees are required to retain all fingerprint and criminal
history records received from the FBI, or a copy if the individual's
file has been transferred, for 3 years after the individual no longer
requires unescorted access to category 1 or category 2 quantities of
radioactive material. Licensees are also required to retain the written
confirmation received from entities concerning a security clearance or
favorably adjudicated criminal history records check and any written
verifications received from service providers. A licensee is not
required to retain the actual fingerprints. The licensee must keep the
determination basis and the list of individuals permitted unescorted
access.
19. How does a licensee determine the effectiveness of the access
authorization control program?
Licensees are required to review their program annually to confirm
compliance with the requirements. The review evaluates all program
performance objectives and requirements, documents any findings and
corrective actions, and is conducted annually. Any records need to be
maintained for 3 years.
[[Page 16931]]
20. Are individuals transporting radioactive material subject to the
background investigation requirements?
As part of this rulemaking, the NRC considered what level of
responsibility to place on its licensees regarding fingerprinting and
criminal history records checks for persons involved in the
transportation of category 1 and category 2 quantities of radioactive
material. Licensees covered by the fingerprinting and criminal history
records check requirements of this final rule may decide to transfer
radioactive material away from the site or may receive radioactive
material from another entity.
Such transfers or receipts may occur either as part of a shipment
to or from a domestic company or an international company. Individuals
involved in the shipment, in particular those employed by carriers or
other organizations handling shipments, may have unescorted access to
the material during the shipment process. These persons may not be
employees of the licensee and thus may not be under the licensee's
direct control. Section 37.29(a) grants relief from the background
investigation for those individuals who are commercial vehicle drivers
for road shipments of category 2 quantities of radioactive material and
package handlers at transportation facilities such as freight terminals
and railroad yards. Individuals that have access to SGI-M, such as
drivers for category 1 shipments and movement control personnel for
category 1 shipments, must undergo fingerprinting and an FBI criminal
history records check as required by 10 CFR 73.21.
21. Who would be relieved from the background investigation
requirements?
Under section 149.b. of the AEA, the NRC may, by rule, relieve
individuals from the fingerprinting, identification, and criminal
history records check requirements if it finds that such action is
``consistent with its obligations to promote the common defense and
security and to protect the health and safety of the public.'' The NRC
issued a final rule, 10 CFR 73.61, relieving certain individuals who
are permitted unescorted access to radioactive materials from the
fingerprinting, identification, and criminal history records checks
required by section 149.a. of the AEA (72 FR 4945; February 2, 2007).
The individuals relieved from fingerprinting, identification, and
criminal history records checks under that rule include Federal, State,
and local officials involved in security planning; Agreement State
employees who conduct security inspections on behalf of the NRC
pursuant to 274.i. of the AEA; and other government officials who may
need unescorted access to radioactive materials or other property
subject to regulation by the Commission as part of their oversight
function. The categories of individuals relieved by the rule included
the same individuals as those relieved in an earlier rulemaking from
fingerprinting and criminal history records check requirements
applicable to safeguards information (71 FR 33989; June 13, 2006).
Under this final rule, the Commission is using the same listing of
categories of individuals with the following modifications. Emergency
response personnel who are responding to an emergency are relieved from
the requirements because it is impossible to predict when emergency
access might be necessary. The need to provide an escort for those
responding to an emergency could impede the response function.
Employees of carriers that transport category 2 quantities of
radioactive material and package handlers at transportation facilities
are also relieved. These individuals would typically be outside the
control of the licensee and the licensee would have no way of knowing
or influencing who those individuals might be. The NRC will rely on the
U.S. Department of Transportation (DOT) and the Transportation Security
Administration (TSA) programs for background investigations of these
personnel. While the background investigation may not be identical to
those required under 10 CFR part 37, the NRC believes that the
potential risk that a commercial driver or package handler might pose
due to any difference in the background investigation is acceptably
small.
Many of the individuals that are relieved from the background
investigation requirements are considered trustworthy and reliable by
virtue of their occupational status and have either already undergone a
background investigation as a condition of their employment, or are
subject to direct oversight by government authorities in their day-to-
day job functions.
Certain persons, as part of the duties of their specific
occupation, may be separately or previously subject to background
investigations, either as a result of NRC requirements (such as under
other requirements for access to SGI or SGI-M) or as a result of
requirements of other agencies. These persons are not subject to
separate background investigation requirements under this final rule;
individuals who have undergone a background investigation, including
fingerprinting, and been found acceptable for unescorted access under
provisions of other such requirements, do not need to undergo another
background investigation nor would a separate determination of their
trustworthiness and reliability need to be made. Individuals that have
undergone fingerprinting and an FBI criminal history records check
under other agency programs do not need to be fingerprinted again, but
would be subject to the other elements of the background investigation.
These programs include the National Agency Check, Transportation Worker
Identification Credentials (TWIC) under 49 CFR 1572, Bureau of Alcohol,
Tobacco, Firearms, and Explosives background check and clearances under
27 CFR 555, Health and Human Services security risk assessments for
possession and use of select agents and toxins under 42 CFR 73,
Hazardous Material security threat assessment for hazardous material
endorsement to commercial drivers license under 49 CFR 1572, and
Customs and Border Patrol's Free and Secure Trade (FAST) Program. The
individual must make available the appropriate documentation. Written
confirmation from the agency/employer that granted the Federal security
clearance or reviewed the criminal history records check must be
provided to the licensee.
This rule does not authorize unescorted access to any radioactive
materials or other property subject to regulation by the Commission.
Rather, the rule makes clear that a licensee may permit unescorted
access to certain categories of individuals otherwise qualified for
access without performing a background investigation. Licensees still
need to decide whether to grant or deny an individual unescorted access
independently of this provision. Any required training needs to be
conducted before allowing unescorted access.
C. Physical Protection During Use
1. Who is affected by the requirements?
Any licensee that possesses an aggregated category 1 or category 2
quantity of radioactive material is required to establish, implement,
and maintain a security program meeting the requirements of 10 CFR part
37 of subpart C. (The NRC considers material to be ``aggregated'' if an
adversary could gain access to a category 2 or greater quantity by
breaching a single physical barrier.) In addition, any applicant for a
license or license amendment to possess category 1 or category 2
quantities of radioactive material at a facility is
[[Page 16932]]
required to establish a security program before obtaining the
radioactive material, if it will be aggregating the material at or
above the category 2 threshold.
2. What is the objective of the security program and what are the key
security program requirements?
The final rule requires affected licensees to establish, implement,
and maintain a security program. The objective of the security program
is to monitor, and without delay detect, assess, and respond to any
actual or attempted unauthorized access to category 1 or category 2
quantities of radioactive materials. A licensee's security program
needs to include a written security plan, implementing procedures,
training, use of security zones, protection of information,
coordination with the LLEA, testing and maintenance of security-related
equipment, security measures, and a program review. Each of these areas
is discussed in more detail in the following questions and answers.
3. What should a licensee's security plan address?
The purpose of a security plan is to establish, in writing, the
licensee's overall security strategy to ensure that all of the required
security measures work effectively and in an integrated way for all
facilities and operations where aggregated quantities of category 1 or
category 2 quantities of radioactive material will be used or stored.
The plan should, among other things, include a description of the
measures and strategies to implement the security requirements and
identify the security resources being used to meet the requirements.
A licensee can revise its security plan to address changing
circumstances. Any changes to the security plan, as well as the
original plan, must be approved by the individual with overall
responsibility for the security program. The security plan must be
retained for 3 years after it is no longer needed. The licensee must
retain any superseded portions of the security plan for 3 years.
Security plans are important for the implementation of a
performance-based regulation. An adequate plan requires a licensee to
analyze the particular security needs of its individual facilities and
to explain how it will implement its chosen security measures to ensure
that they work together to meet the applicable performance objectives.
4. Is a licensee required to have security procedures?
Yes, licensees are required to develop and maintain written
implementing procedures that document how the security requirements and
the security plan will be met. These procedures must be designed to
meet the individualized security needs of each location where an
aggregated category 1 or category 2 quantity of radioactive material is
used or stored. Procedures need to be approved, in writing, by the
individual with overall responsibility for the security program.
Licensees are required to keep a copy of the current procedures as a
record for 3 years. Superseded portions of the procedures are retained
for 3 years. Licensees should not submit procedures to the NRC as part
of the license application.
5. What training is required?
As part of its physical protection program, each licensee is
required to conduct training on the security plan to ensure that those
individuals responsible for implementation of the plan possess and
maintain the knowledge, skills, and abilities to carry out their
assigned duties and responsibilities effectively. The extent of the
training needs to be commensurate with the individual's potential
involvement in the security of category 1 or category 2 quantities of
radioactive material. Individuals need to be instructed in the
licensee's security program and implementing procedures, their
responsibilities, and the appropriate response to alarms. Licensees
with dedicated security staff are encouraged to train their security
personnel in the timely notification of affected LLEAs during
emergencies.
An individual subject to the training requirements of 10 CFR
37.43(c) needs to complete the training before being allowed unescorted
access to category 1 or category 2 quantities of radioactive material.
The licensee needs to provide refresher training annually or when
significant changes have been made to the security program. The
refresher training addresses any significant changes; reports on
relevant security issues, problems, or lessons learned; relevant
results from NRC inspections; and relevant results from the licensee's
program review and the testing and maintenance program. Training
records must be maintained for 3 years and need to include training
topics, training dates, and the list of personnel that attended the
training.
Training is essential if the licensee is to be adequately prepared
for an effective and coordinated response to any effort to steal or
divert category 1 or category 2 quantities of radioactive material.
Adequate training is indispensable for an appropriate licensee response
to an unauthorized intrusion.
6. Are licensees required to protect information concerning their
security program?
Yes. To prevent unauthorized disclosure, licensees are required to
limit access to their security plans, implementing procedures, and the
list of individuals that have unescorted access to the material. These
efforts include measures to allow access to these documents only to
those individuals who have a need to know the information to perform
their duties and have been determined to be trustworthy and reliable
based on the background investigation requirements set forth in 10 CFR
37.25(a)(2) through (a)(7). Licensees are required to store security
information in a manner to prevent unauthorized removal, such as
storage in a locked office or desk drawer.
To ensure that only trustworthy and reliable individuals with a
need to know are allowed access to security plans and procedures,
licensees need to develop, implement, and maintain written policies and
procedures to control access to their security plan and security
procedures. The licensee's information protection policies and
procedures need to ensure the proper handling and protection of
security plans and implementing procedures against unauthorized
disclosure. Licensees are required to retain copies of the policies and
procedures.
Licensees that have SGI or SGI-M would remain subject to the more
stringent information protection requirements of 10 CFR 73.21,
including fingerprinting and an FBI criminal records check.
7. What is the purpose of a security zone?
A security zone is any area established by a licensee to provide
physical protection for category 1 or category 2 quantities of
radioactive material. All category 1 and category 2 quantities of
radioactive material need to be used and stored within a security zone.
The purpose of security zones is to isolate and control access to
the material to protect it more effectively and deter theft or
diversion by providing, among other things, more time for licensees and
LLEAs to respond. Isolation measures protect category 1 or category 2
quantities of radioactive material by
[[Page 16933]]
allowing access to security zones only through established access
control points. Access control measures allow only approved individuals
to have unescorted access to the security zone, and ensure that other
individuals with a need for access are escorted by approved
individuals. A security zone effectively defines where the licensee
will apply these isolation and access control measures.
To limit unescorted access to only approved individuals, licensees
could isolate the radioactive materials using continuous physical
barriers that allow access to the security zone only through
established access control points; or licensees could exercise direct
control of the security zone by approved individuals at all times.
Security zones may be permanent or temporary. Temporary security
zones need to be established to meet transitory or intermittent
operating requirements such as periods of maintenance, source delivery,
and source replacement. A licensee could meet the requirements for a
security zone at some temporary job sites (such as those involving
onsite operations lasting less than a day) simply by keeping the area
under ``direct supervision'' by authorized personnel. Similarly, when
work is being done inside a temporary zone, a licensee could meet the
requirements for controlling unescorted access by having the material,
persons, and area within the zone under direct control of approved
individuals at all times.
Because the purpose of security zones is different from the
radiation safety purposes of the restricted areas and controlled areas
defined in 10 CFR part 20, the security zone does not have to be the
same as either of these areas. Because measures to control access are
required for both radiation protection and security, however, a
licensee does have the flexibility to use an area required for
radiation protection purposes to fulfill the required functions of a
security zone. Thus, for a temporary well-logging operation within
which the licensee is required by 10 CFR 39.71 to have a ``restricted
area'' to ``maintain direct surveillance * * * to prevent unauthorized
entry into a restricted area,'' a licensee could define a security zone
with the same boundaries as this ``restricted area.'' Similarly, a
radiographer could choose to define a security zone with the same
boundaries as the ``high radiation area'' over which radiography
licensees are required by 10 CFR 34.51 to ``maintain direct visual
surveillance * * * to protect against unauthorized entry.''
Because materials licensee sites are differently configured and do
not lend themselves to generically defined physical areas, the security
zone concept permits significant flexibility for licensees to account
for a range of site-specific concerns. It also provides regulators with
a well-defined and enforceable requirement keyed to performance
objectives of isolation and access control.
8. When are special additional measures for category 1 quantities of
radioactive material required?
One provision of the final rule applies to category 1 quantities of
radioactive material during periods of maintenance, source receipt,
preparation for shipment, installation, or source removal or exchange.
Licensees are required to provide, at a minimum, an approved individual
to maintain continuous surveillance of sources in temporary security
zones and in any security zone in which physical barriers or intrusion
detection systems have been disabled to allow the specified activities.
Due to the natural decay of their radioactivity, sources lose their
effectiveness as they get older and have to be replaced or replenished
periodically with new sources to maintain a device's expected
performance. Tamper-indicating devices and other intrusion detection
equipment typically must be disabled to permit the device to be opened
without tripping alarms. The new sources are typically shipped by an
offsite supplier, who also often performs removal and exchange or
reinstallation. After replacement, the removed older sources must be
prepared onsite for shipment back to the manufacturer or for storage
and eventual disposal. These non-routine operations by non-licensee
employees at the licensee's site, during a time when devices for
detecting theft or diversion are disabled, call for additional measures
to compensate for the temporary increase in vulnerability.
9. What is required to monitor and detect an unauthorized entry into a
security zone?
A licensee is required to establish and maintain the capability to
continuously monitor and detect all unauthorized entries into its
security zone(s). Monitoring and detection are performed by either a
monitored intrusion detection system that is linked to an onsite or
offsite central monitoring facility; electronic devices for intrusion
detection alarms that would alert nearby facility personnel; monitoring
by a video surveillance system; or direct visual surveillance by
individuals.
A licensee also needs the capability to detect unauthorized removal
of the radioactive material. For category 1 quantities of radioactive
material, a licensee needs to immediately detect any attempted
unauthorized removal through the use of electronic sensors linked to an
alarm or continuous visual surveillance. For category 2 quantities of
radioactive material, a licensee needs to verify the presence of the
radioactive material through weekly physical checks, tamper indicating
devices, actual usage of the material, or other means.
10. What are the requirements for personnel communications and data
transmission?
Licensees are required to maintain continuous capability for
personnel communication and electronic data transmission and processing
among site security systems for any personnel and automated or
electronic systems used to support the site security systems. Licensees
are required to have alternative capability for any system in the event
of loss of the primary means of communication or data transmission and
processing. The alternative means cannot be subject to the same failure
mode as the primary systems.
11. What does a licensee need to do when it detects an intrusion into
its security zone?
A licensee's response to an intrusion depends on the licensee's
assessment of the purpose of the intrusion, but a response is required
without delay. If the unauthorized access appeared to the licensee to
be an actual or attempted theft, sabotage, or diversion of category 1
or category 2 quantities of radioactive material, the licensee needs to
immediately notify and request an armed response from the appropriate
LLEA. An immediate response by the licensee permits a more timely
response from law enforcement, thereby, reducing the risk that the
material could be used for malevolent purposes. Immediate notification
also allows for early warning to other possible targets of a
simultaneous attempt to divert material from multiple locations.
A licensee's decision to call the LLEA and the NRC depends not only
on the licensee's assessment of the intent of the unauthorized access
but also on whether the area where the breach occurred is an area the
licensee had previously determined needed to be monitored in order to
meet the NRC's physical protection requirements. Thus, a licensee's
assessment and response to an intrusion alarm in the business office
section of its facility could be entirely
[[Page 16934]]
different from its assessment and response to an intrusion alarm in a
radioactive materials storage area.
12. Can a licensee use automated devices to assess an intrusion and
alert an LLEA?
Depending on the security system, the layout of controlled areas,
and the design capabilities of the sensors, automated devices or
systems may be programmed to automatically summon LLEA assistance in
response to an intrusion alarm.
13. What coordination is required with LLEA?
Licensees are required to coordinate, to the extent practicable,
with the LLEA to discuss the LLEA response to threats to the licensee's
use of Category 1 or 2 quantities of radioactive material. An LLEA is
defined as a public or private organization that has been approved by a
Federal, State, or local government to carry firearms and make arrests,
and is authorized and has the capability to provide an armed response
in the jurisdiction where the licensed category 1 or category 2
quantity of radioactive material is used, stored, or transported. In
the event of an actual or attempted theft, sabotage, or diversion of
radioactive material, an armed response is likely to be necessary.
Adversaries could be well armed, and the small unarmed or lightly-armed
private security guard service typically used at byproduct material
licensee sites would not be an adequate substitute for an LLEA.
However, the LLEA need not be a municipal or county police force. If a
hospital or university campus police force is the nearest law
enforcement agency to the licensee's operation capable of providing an
armed response and making arrests, that police force would meet the
definition of an LLEA.
Coordination activities include providing a description of the
facility, radioactive materials, and security measures and notification
that the licensee will request a timely and armed response to any
actual or attempted theft, sabotage, or diversion of the licensee's
radioactive materials. The licensee is required to document its
coordination efforts. The documentation could include such items as the
dates, times, and locations of meetings or phone calls and a list of
licensee and LLEA staff present at the meetings. Licensees are required
to coordinate with the LLEA at least every 12 months.
Coordination with an LLEA is essential in developing an effective
and efficient physical protection program. Because certain situations
may necessitate an armed response, a strategy that is consistent in
scope and timing with realistic potential vulnerabilities of the
subject radioactive material should be coordinated well in advance with
the LLEA. Another purpose of coordination is to provide the responsible
LLEA with an understanding of the potential consequences associated
with unauthorized use of the radioactive material of concern, so that
the LLEA can determine the appropriate priority of its response. The
LLEA response is needed not only to interdict and disrupt an attempted
theft or sabotage onsite, but also possibly for offsite coordination to
protect public health and safety and to mitigate the potential
consequences of unauthorized use of the radioactive material.
14. What if the LLEA declines to coordinate with a licensee?
The NRC recognizes that it cannot exercise authority over LLEAs, or
any party over which a licensee has no control and the NRC has no legal
jurisdiction. The NRC also recognizes that an LLEA may have good
reasons for not engaging in coordination activities.
An LLEA's refusal to coordinate with a licensee does not by itself
render a licensee's security plan inadequate. The NRC recognizes that
in an actual emergency, State and local government officials will
respond to protect the health and safety of the public. A licensee is
required under 10 CFR 37.45(a)(2) to notify the appropriate NRC
regional office within 3 business days if the LLEA has not responded to
a request for coordination within 60 days of the coordination request,
or if the LLEA notifies the licensee that the LLEA does not plan to
participate in coordination activities. The notification allows the NRC
to contact the LLEA directly to ensure that the LLEA understands the
importance of adequate coordination. In some cases, the NRC might
contact the Department of Homeland Security (DHS) and request DHS
assistance with the LLEA. If the LLEA refuses to coordinate beforehand,
the licensee could still comply by making and documenting periodic
good-faith efforts to elicit the LLEA's participation in planning for a
timely and effective response.
15. What are the LLEA notification requirements for work at a temporary
job site?
The final rule does not require any notification of or coordination
with the LLEA for work at temporary jobsites.
16. What are the special requirements for mobile sources?
The rule requires licensees using mobile devices containing a
category 1 or category 2 quantity of radioactive material to have two
independent physical controls that form tangible barriers to prevent
unauthorized removal of the device. For devices in or on a vehicle or
trailer, a licensee is required to use a method to disable the vehicle
or trailer when it is not under direct control and constant
surveillance by the licensee. Licensees are not allowed to rely on the
removal of an ignition key to meet this requirement. The rule does
allow for the situation where a site's health and safety procedures
prohibit the disabling of the ignition. In those instances, the
licensee would not be required to disable the ignition. These
provisions are in addition to the other requirements in subpart C.
Mobile devices, particularly portable ones, are likely to be more
vulnerable to attempted theft or diversion because an adversary could
more easily remove these devices before the licensee or LLEA has an
opportunity to respond. The objective of this requirement is to delay
intruders long enough for a timely licensee and LLEA response.
A mobile device is defined in the rule as a piece of equipment
containing licensed radioactive material that is either: (1) Mounted on
wheels or casters or otherwise equipped for moving without a need for
disassembly or dismounting, or (2) designed to be hand carried. Mobile
devices do not include stationary equipment installed in a fixed
location, such as an irradiator, but the definition includes
radiography cameras, source changers, well logging equipment, and
gauges or controllers. The definition could also include storage
containers, lead pigs for holding sources during a source exchange, and
onsite or offsite transportation packages, if they contained category 1
or category 2 quantities of radioactive material.
17. What maintenance and testing requirements apply to the security
systems?
Consistent with 10 CFR 37.51, licensees are required to test
intrusion alarms, physical barriers, and other systems used for
securing and monitoring access to radioactive material, and these items
need to be maintained in operable condition. Each intrusion alarm and
associated communication system subject to the rule's requirements for
monitoring, detection, and assessment needs to be inspected and tested
for performance.
[[Page 16935]]
The licensee only needs to test the equipment that it relies on to meet
the requirements of 10 CFR part 37. This would include any backup
equipment or systems relied upon in the event of a primary system
failure. If the licensee has additional equipment or systems that are
not relied on to meet the rule requirements, the extra equipment and
systems would not need to be tested and maintained.
The frequency for testing is based on the manufacturer's suggested
timing. If the manufacturer does not suggest a frequency, the licensee
must conduct the maintenance and testing at least annually. Licensees
are required to maintain records of the maintenance and testing
activities for 3 years.
18. What events does a licensee need to report to the NRC?
A licensee is required to report any actual or attempted theft,
sabotage, or diversion of a category 1 or category 2 quantity of
radioactive material as soon as possible after initiating a response,
which includes notification of the LLEA. The licensee is required to
submit a written report to the NRC within 30 days after the initial
notification. A licensee is also required to assess any suspicious
activity related to possible theft, sabotage, or diversion of category
1 or category 2 quantities of radioactive material and notify the LLEA
as appropriate. If the licensee notifies the LLEA, it must also notify
the NRC. The written 30-day report is not required for suspicious
activity reports.
19. How does a licensee determine the effectiveness of the security
program?
Licensees are required to review the security program annually to
confirm compliance with the requirements. The review is to evaluate the
security program content and implementation. The licensee is required
to document any review findings and corrective actions, and the records
need to be maintained for 3 years.
D. Transportation Security
1. What is the NRC authority to issue these transportation security
requirements?
Sections 53, 81, and 161 of the AEA, as amended, provide the NRC
with the statutory authority to issue these transportation security
requirements. The NRC shares jurisdiction over the transport of
radioactive material traveling over public roadways and by rail with
DOT and DHS.
2. Why is this material being shipped?
In general, category 1 and category 2 quantities of radioactive
material are shipped to medical institutions, companies that support
medical and academic institutions, and companies that manufacture and
distribute radioactive material for various industrial applications. As
radioactive sources get older, radioactive decay decreases the sources'
strength and the sources lose their effectiveness and have to be
replaced or replenished with new sources. The older sources must be
transported for disposal or back to the manufacturer.
3. What are the new transportation security requirements?
In general, the final rule includes requirements for pretransfer
checks, preplanning and coordination of shipments, advance notification
of shipments, control, monitoring, and communications during shipments,
procedures, investigations of missing shipments, and reporting of
missing material. Each of these areas is discussed in more detail in
the following questions and answers.
These requirements apply to ground transport of category 1 or
category 2 quantities of radioactive material shipped in a single
package or in multiple packages in a single conveyance. The category 1
requirements also apply to shipments of irradiated reactor fuel
weighing 100 g (0.22 lb) or less in net weight of irradiated fuel,
exclusive of cladding or other structural or packaging material, which
has a total external radiation does rate in excess of 1 Gray (100 rad)
per hour at a distance of 1 m (3.3 ft) from any accessible surface
without intervening shielding. Note that a licensee is not responsible
for complying with these requirements when a carrier aggregates
radioactive material, during transport or storage incidental to
transport, for two or more conveyances from separate licensees that
individually do not exceed the limits. The shipping licensee is
responsible for meeting the requirements unless the receiving licensee
agrees in writing to arrange for the in-transit physical protection,
including preplanning and coordination activities.
4. Is verification of the transferee's license necessary?
Yes, 10 CFR 37.71 requires any licensee transferring category 1 or
category 2 quantities of radioactive material to a licensee of the NRC
or an Agreement State to verify that the transferee's license
authorizes the receipt of the type, form, and quantity of radioactive
material to be transferred. Licensees that transfer material within the
same organization do not need to verify the validity of the license
(i.e., for companies that have licenses in several States). The
licensee should know if its licenses are valid. For transfers of
category 1 quantities of radioactive material, the transferring
licensee is also required to verify that the licensee is authorized to
receive radioactive material at the address requested for delivery.
These verifications are conducted with the license issuing authority,
i.e., the NRC or the appropriate Agreement State, or by using the
license verification system. The license verification system is a new
web-based system that NRC is developing that may be used to verify the
validity of a license issued by either NRC or an Agreement State. The
license verification system is currently scheduled to be operational by
the effective date of the final rule. If it appears that the system
will not be available in time to support the rule, the NRC will change
the compliance date of this provision. Licensees should contact the
appropriate NRC regional office to verify the validity of NRC
licensees. Information on Agreement State contacts is provided on the
NRC's Web page at http://nrc-stp.ornl.gov/asdirectory.html. If the
license verification system is non-functional and the licensee cannot
reach the license issuing authority, the rule does have a provision
that allows the licensee to obtain certification from the requesting
licensee. Licensees are required to document any method of
verification, except for use of the license verification system.
Licensees exporting material need to meet the requirements in 10 CFR
part 110 for checking the documentation that the recipient has the
necessary authorization under the laws and regulations of the importing
country. These actions are intended to mitigate the risk that the
material could be shipped to an unauthorized recipient.
5. Is preplanning and coordination of the shipments necessary?
Yes, 10 CFR 37.75(a) requires preplanning and coordination of
shipment information for shipments of category 1 quantities of
radioactive material. The shipping licensee (licensee sending the
licensed material) is required to coordinate the departure and arrival
times with the receiving licensee (licensee receiving the licensed
material). This coordination reduces the risk that theft or diversion
of the material would go unnoticed or unreported. The licensee also
needs to preplan and coordinate the shipment information with the
State(s) through
[[Page 16936]]
which the shipment will pass. As part of the coordination activities,
the licensee is required to discuss the State's intention to provide
law enforcement escorts for the shipments and identify safe havens.
Under the rule, safe havens are sites at which security is present or
from which the transport crew can notify and wait for the local law
enforcement authorities in the event of an emergency. The licensee is
responsible for identification of the safe havens. The purpose of the
information sharing is to ensure minimal delay of the shipment.
For shipments of category 2 quantities of radioactive material, 10
CFR 37.75(b) requires that the shipping licensee verify the shipment
no-later-than arrival time and the expected arrival time with the
receiving licensee.
The definitions section of the final rule defines the term ``no-
later-than arrival time'' as the date and time that the shipping
licensee and receiving licensee have established as the time at which
an investigation will be initiated if the shipment has not arrived at
the receiving facility. The no-later-than-arrival time may not be more
than 6 hours after the estimated arrival time for category 2 shipments.
Verifying that the shipment arrives on time provides the licensee with
the means to identify and immediately report an unusual occurrence that
could lead to the theft or diversion of the material.
6. What does the NRC consider to be a safe haven?
A safe haven is a readily recognizable and readily accessible site
at which security is present or from which, in the event of an
emergency, the transport crew can notify and wait for the LLEA. The NRC
expects safe havens to be identified and designated by the licensee.
Licensees should use the following criteria in identifying safe
havens for shipments: Close proximity to the route, i.e., readily
available to the transport vehicle; security from local, State, or
Federal assets is present or is accessible for timely response; the
site is well lit, has adequate parking, and can be used for emergency
repair or to wait for LLEA response on a 24-hour a day basis; and
additional telephone facilities are available should the communications
system of the transport vehicle not function properly. Possible safe
haven sites include: Federal sites having significant security assets;
secure company terminals; State weigh stations; truck stops with secure
areas; and LLEA sites, including State police barracks.
7. Is the shipping licensee required to notify the receiving licensee
if the no-later-than arrival time changes?
Yes. If the no-later-than arrival time will not be met, the
shipping licensee must inform the receiving licensee of the new no-
later-than arrival time for shipments of category 2 quantities of
radioactive material. This provision allows licensees the ability to
modify departure and arrival times due to unforeseen events.
8. Whom does the licensee notify when the shipment arrives?
The receiving licensee is required to notify the shipping licensee
when the shipment of a category 2 quantity of radioactive material
arrives at its destination. This requirement ensures positive
communication between the shipper and recipient. Additionally, this
requirement ensures that the shipper does not unnecessarily start an
investigation because they are not sure that the shipment has arrived.
The receiving licensee must notify the shipping licensee if the
shipment has not arrived by the no-later-than arrival time. This
notification is the trigger to initiate an investigation into where the
package is located.
9. What does the term state mean in the requirements?
As used in the definitions section of the final rule, the term
``State'' means the 50 States, the District of Columbia, the
Commonwealth of Puerto Rico, the Virgin Islands, Guam, American Samoa,
and the Commonwealth of the Northern Mariana Islands. A list of the
contact information for the governor's designees is published annually
in the Federal Register, most recently on October 31, 2011 (76 FR
67229). An updated list is posted on the NRC's Web site at http://nrc-stp.ornl.gov/special/designee.pdf. Copies may also be obtained by
contacting the Director, Division of Intergovernmental Liaison and
Rulemaking, Office of Federal and State Materials and Environmental
Management Programs, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001. The NRC will work with the States to include a separate
column.
10. What advance notifications are required?
The final rule requires advance written notifications for shipments
containing category 1 quantities of radioactive material. The advance
notifications are made to the NRC (or Agreement State which then would
notify the NRC) and to any State through which a shipment is being
transported. The State notification is made to the governor or the
governor's designee. The NRC shares the information with some of its
Federal partners.
Advance notification provides States and the NRC with knowledge of
shipments so that in the event there is an increase in the risk of
theft or diversion of the material, the regulator could delay or
reroute the shipment to minimize the risk. This advance notification
also allows States with escort requirements to engage in planning to
support the shipment.
Advance notifications are not required for shipments of category 2
quantities of radioactive material, unless the shipment falls within
the scope of 10 CFR 71.97(b).
11. What information should be included in an advance notification?
The final rule requires that the following information be included
in an advance notification for a category 1 shipment of radioactive
material, if available at the time of notification: (1) The name,
address, and telephone number of the shipper, carrier, and receiver of
the shipment; (2) the license number of the shipper and receiver; (3) a
description of the radioactive material contained in the shipment,
including the radionuclides and quantity; (4) the point of origin of
the shipment and the estimated time and date that shipment will
commence; (5) the estimated time and date that the shipment is expected
to enter each State along the route; (6) the estimated time and date of
arrival of the shipment at the destination; and (7) the contact and
telephone number for the point of contact. For the purpose of
coordination only, the actual information in the advance notification
would not be considered to be SGI-M. Any information that is not
available at the time of the initial notification would be provided in
a revised notification once the information becomes available.
12. What should a licensee do if the shipment schedule is revised or
the shipment cancelled?
If the category 1 shipment schedule is revised or cancelled, the
final rule requires the shipping licensee to notify the appropriate
States and the NRC.
13. What should a licensee do if the shipment does not arrive by the
no-later-than arrival time?
The final rule requires a licensee that has shipped category 2
quantities of radioactive material to initiate an investigation for any
shipment that has not arrived at the receiving licensee's facility by
the designated no-later-than
[[Page 16937]]
arrival time. The no-later-than arrival time is defined as the date and
time that the shipping licensee and receiving licensee have established
as the time at which an investigation will be initiated if the shipment
has not arrived at the receiving facility. The no-later-than-arrival
time may not be longer than 6 hours after the estimated arrival time
for a shipment of category 2 quantities of radioactive material. A no-
later-than arrival time was not included for category 1 shipments as
the licensee is required to maintain continuous position monitoring and
detect any unauthorized access to or removal of the material
immediately. This would enable the shipping licensee of a category 1
shipment to know right away if the shipment was late or experiencing
problems.
14. When must a licensee make notification that a shipment is lost or
missing?
When a licensee determines that a shipment of a category 1 quantity
of radioactive material is lost or missing, the rule requires the
licensee to notify the LLEA in the area of the shipment's last
confirmed location within 1 hour and then to notify the NRC's
Operations Center. Notification to the NRC should be as prompt as
possible, but not at the expense of causing delay or interference with
the LLEA response to the event.
When a licensee determines that a shipment of category 2 quantities
of radioactive material is lost or missing, the rule requires the
licensee to notify the NRC's Operations Center within 4 hours of such
determination. The licensee is also required to immediately notify the
NRC's Operations Center if, after 24 hours from its determination that
the shipment was lost or missing, the location of the material still
cannot be determined.
Early notification provides for a more timely response from law
enforcement, thereby reducing the risk of the misuse of the material.
15. Should licensees make notification that a lost or missing shipment
has been found?
Yes, 10 CFR 37.81(e) and (f), for category 1 shipments and category
2 shipments, respectively, require the licensee to notify the NRC's
Operations Center when a lost or missing shipment has been located.
This notification is considered an update on the initial notification.
Without this notification, regulatory authorities and LLEA may
waste resources continuing any search for the material.
16. What is a licensee required to do if there is an attempt to steal
or divert a shipment?
For shipments of category 1 quantities of radioactive material, a
licensee who discovers an actual or attempted theft or diversion of a
shipment, or any suspicious activity related to a shipment, is required
to notify the designated LLEA along the shipment route as soon as
possible. After notifying the LLEA, the licensee is required to notify
the NRC's Operations Center. The NRC's Operations Center will notify
other affected States and the agency's Federal partners. For shipments
of category 2 quantities of radioactive material, a licensee who
discovers an actual or attempted theft or diversion of a shipment, or
any suspicious activity related to a shipment, is required to notify
the NRC's Operations Center as soon as possible. These security
measures enhance the likelihood that the material will be successfully
protected or recovered and allows for early warning of other possible
victims of a simultaneous attempt to divert material from multiple
locations.
17. What types of procedures are necessary for shipping category 1
quantities of radioactive material?
Licensees shipping category 1 quantities of radioactive material by
road are required to ensure that normal and contingency procedures are
developed to cover notifications; communication protocols; loss of
communication; and response to an actual or attempted theft or
diversion of a shipment, or any suspicious activity related to a
shipment. The licensees are required to ensure that drivers,
accompanying personnel, railroad personnel, and movement control center
personnel have access to the normal and contingency procedures.
Procedures provide reasonable assurance that these individuals are
prepared for most situations and are able to act without delay to
prevent the theft or diversion of shipments.
18. What should be included in the communication protocols?
The final rule requires that the communication protocols include a
strategy for the use of authentication and duress codes and provisions
for refueling or other stops, detours, and locations where
communication is expected to be temporarily lost.
19. What are the physical protection requirements for road shipments of
category 1 quantities of radioactive material?
The final rule requires that any licensee that ships category 1
quantities of radioactive material by road either establish or use a
carrier that has established, movement control centers that maintain
position information from a location remote from the activity of the
transport vehicle or trailer. The control centers are required to
monitor shipments on a continuous and active monitoring basis (24 hours
a day, 7 days a week), and have the ability to communicate immediately,
in an emergency, with the appropriate law enforcement agencies.
The final rule requires that the licensee ensure that redundant
communications are in place that would allow the transport to contact
an escort vehicle (if used) and the movement control center at all
times. The redundant communication must not be subject to the same
interference factors as the primary communication method. The same
interference factors mean any two systems that rely on the same
hardware or software to transmit their signal (e.g., cell tower or
proprietary network).
Redundant communications provide drivers with the means to
immediately report an unusual occurrence that could lead to the theft
or diversion of the material. Early notification would permit a more
timely response from law enforcement, thereby, reducing the risk of the
misuse of the material.
The final rule also requires that the licensee ensure that category
1 shipments are continuously and actively monitored by a telemetric
position monitoring system or an alternative tracking system reporting
to a movement control center. The movement control center is required
to provide positive confirmation of the location, status, and control
over the shipment and be prepared to implement preplanned procedures in
response to deviations from the authorized route or to a notification
of actual or attempted theft or diversion or suspicious activities
related to the theft, loss, or diversion of a shipment. These
procedures include the identification of, and contact information for,
the appropriate LLEA along the shipment route.
A telemetric position monitoring system is a data transfer system
that captures information by instrumentation and/or measuring devices
about the location and status of a transport vehicle or package between
the departure and
[[Page 16938]]
destination locations. The gathering of this information permits remote
monitoring and reporting of the location of a transport vehicle or
package. GPS and radiofrequency identification (RFID) are examples of
telemetric position monitoring systems.
If the driving time period is greater than the maximum number of
allowable hours of service in a 24-hour duty day as established by the
DOT Federal Motor Carrier Safety Administration, the final rule
requires that the licensee ensure that an accompanying individual is
provided for the entire shipment. The accompanying individual may be
another driver. This security measure provides reasonable assurance
that the material will be protected from theft or diversion when it is
stationary, as well as in emergency situations where it becomes
necessary for the driver to stop or leave the vehicle.
20. Is GPS required?
No, GPS is not required. For category 1 material, the NRC requires
continuous and active monitoring for shipments. Continuous and active
monitoring means that at any time while the shipment is enroute, the
licensee must be knowledgeable of the shipment's whereabouts. Not
specifying a particular technology provides licensees with flexibility
to design a continuous and active monitoring system that meets their
unique circumstances. However, GPS is considered an acceptable method
of continuous and active monitoring.
21. What are the physical protection requirements for rail shipments of
category 1 quantities of radioactive material?
The final rule requires each licensee that ships category 1
quantities of radioactive material by rail to ensure that rail
shipments are monitored by a telemetric position monitoring system or
an alternative tracking system reporting to a licensee, third party, or
railroad communications center which meets certain criteria. The
communications center needs to provide positive confirmation of the
location of the shipment and its status. Rail shipment tracking
provides the means for a communications center to immediately report an
unusual occurrence that could lead to the theft or diversion of the
material. Early notification provides for a more timely response from
LLEAs, thereby reducing the risk of the misuse of the material.
22. What are the physical protection requirements for shipments of
category 2 quantities of radioactive material?
The final rule requires that a licensee shipping category 2
quantities of radioactive material by road maintain constant control
and/or surveillance during transit and have the capability for
immediate communication to summon appropriate response or assistance.
In the case of the licensee using a common carrier, the final rule
requires that licensees use a carrier that has an established package
tracking system. An established package tracking system means a
documented, proven, and reliable system routinely used to transport
objects of value. The package tracking system must allow the shipper or
transporter to identify when and where the package was last and when it
should arrive at the next point of control. The licensee is required to
use a carrier that maintains constant control and surveillance during
transit and has the capability for immediate communication to summon
appropriate response or assistance. The carrier must also require an
authorized signature prior to releasing the package for delivery or
return.
In general, the licensee must be able to contact the shipping
carrier and determine the approximate location of the shipment. Package
tracking systems, such as common overnight delivery service with
standard tracking, are acceptable. These requirements mitigate with
reasonable assurance the risk of loss, theft, or diversion of the
material.
23. How long do records related to a shipment need to be maintained?
Licensees are required to retain records for 3 years.
24. How is the public protected from loss, theft, or diversion of these
shipments?
Regulating transport of radioactive material is a joint
responsibility of the NRC and DOT. The quantities of radioactive
materials being considered as part of this rulemaking are transported
in packages (casks) that meet rigorous NRC and DOT safety standards.
The NRC fact sheet on transportation of radioactive materials can be
found at: http://www.nrc.gov/reading-rm/doc-collections/fact-sheets/transport-spenfuel-radiomats-bg.html.
The carrier transporting radioactive material must also meet DOT's
requirements for shipment of the radioactive material. A link to DOT's
Web site is provided on the NRC's Web site at: http://www.nrc.gov/materials/transportation.html.
25. What are the requirements for small quantities or irradiated
reactor fuel?
The final rule adds a new Sec. 73.35 to 10 CFR part 73, which
provides that the requirements for shipments of irradiated reactor fuel
weighing 100 g (0.22 lb) or less in net weight of irradiated fuel,
exclusive of cladding or other structural or packaging material, which
has a total external radiation dose rate in excess of 1 Gray (100 rad)
per hour at a distance of 1 m (3.3 ft) from any accessible surface
without intervening shielding. The requirements are the same as the
requirements for shipments of category 1 quantities of radioactive
material.
26. What means of transportation are not addressed in this rule?
The rule does not address air or water transport. Transport of
radioactive material within airports and by air is regulated by the
Federal Aviation Administration. Transport of radioactive material
within ports and by waterway is regulated by the U.S. Coast Guard.
The rule also does not address transshipments of category 1 or
category 2 quantities of radioactive material through the United
States. Transshipments are shipments that are originated by a foreign
company in one country, pass through the United States, and then
continue on to a company in another country. Transshipments are
regulated by DOT and DHS.
Finally, this rulemaking does not address transport of spent fuel,
except irradiated reactor fuel weighing 100 g (0.22 lb) or less in net
weight of irradiated fuel, exclusive of cladding or other structural or
packaging material, which has a total external radiation dose rate in
excess of 1 Gray (100 rad) per hour at a distance of 1 m (3.3 ft) from
any accessible surface without intervening shielding.
III. Summary and Analysis of Public Comments on the Proposed Rule
The proposed rule was published on June 15, 2010 (75 FR 33902), for
a 120-day public comment period that ended on October 13, 2010. After
receiving several requests to extend the comment period, the NRC
published an extension notice on October 8, 2010 (75 FR 62330), that
extended the public comment period until January 18, 2011. The NRC
received comments from 110 organizations and individuals. The
commenters on the proposed rule included States, licensees, industry
organizations, individuals, and a Federal agency.
In general, there was a range of stakeholder views concerning the
rulemaking, supporting some aspects of
[[Page 16939]]
the rulemaking, others opposing some aspects of the rulemaking. Some
commenters described the new requirements as going beyond the order
requirements. It is important to note that the Commission never
intended to just place the orders into the regulations to make them
generically applicable. The Commission always intended to consider
insights gained from implementation of the orders and any lessons
learned during implementation. In addition, the Commission considered
recommendations from the Independent Review Panel and the Materials
Working Group, as well as a petition filed by the State of Washington.
The comments and responses have been grouped into five areas:
General, access authorization program, security during use,
transportation security, and miscellaneous. To the extent possible, all
of the comments on a particular subject are grouped together. The
Commission specifically requested input on eight subjects: (1)
Fingerprinting of the reviewing official; (2) background investigation
elements; (3) protection of information; (4) LLEA notification at
temporary jobsites; (5) reporting requirements; (6) disabling vehicle
exemption; (7) license verification; and (8) monitoring plans for
railroad classification yard. These eight subjects are addressed within
the appropriate area grouping. A discussion of the comments and the
NRC's responses follow.
A. General
Comment A1: One commenter stated that the definition for access
control should be expanded to include persons with access to SGI, as
such individuals are subject to the requirements in Sec. 37.21(c).
Response: The NRC disagrees with the comment. A licensee may
include the SGI component in its access authorization program, but it
is not required to include SGI. The requirements for SGI are contained
in 10 CFR part 73, and the licensee can choose to use the same
reviewing official and process or may use a different reviewing
official and process. If a licensee chooses to include SGI in its
access authorization program under 10 CFR part 37, it will meet the
requirements of 10 CFR part 73.
Comment A2: One commenter noted that the definition for aggregated
was unclear. Another commenter suggested including unsealed sources and
bulk material in this definition. Commenters recommended either
clarifying ``multiple sources of bulk material'' or giving it its own
definition. A commenter noted it was unclear if the term bulk material
aligns with DOT terminology for bulk packaging.
Response: The NRC agrees that the definition could be confusing and
has revised the definition to make it clear that radioactive material
in any form should be included. The definition is not related to DOT.
The intent was to include all material, whether it was in the form of a
source (sealed or unsealed) or was contained in a container of some
sort, such as feed material, that might be used to create a source.
Comment A3: One commenter noted that the term ``Aggregated'' uses
the term ``sealed source'' in its definition and that ``sealed source''
should be defined in 10 CFR part 37 as the use lacks clarity and safety
significance. The commenter stated that the definition for sealed
source should also be revised in 10 CFR parts 30 and 70. The commenter
provided a suggested definition for ``sealed source'' as follows:
``Sealed source means any radioactive material contained to minimize
the spread of contamination in accordance with the presentation made in
a Sealed Source and Device Registry certificate issued by the U.S.
Nuclear Regulatory Commission, an Agreement State or the International
Atomic Energy Agency.''
Response: The NRC disagrees with the comment. The term ``sealed
source'' has been in the regulations for a long time and the NRC is not
aware of any issues that have arisen due to a lack of clarity or safety
significance. The term does not need to also be defined in 10 CFR part
37 as it is defined in the parts under which a sealed source would be
licensed. Changing the definition of sealed source in 10 CFR parts 30
and 70 is beyond the scope of this rulemaking.
Comment A4: One commenter requested that the definition of
``Escorted Access'' be revised to delete the term ``line-of-sight'' as
it is too prescriptive and creates compliance issues should someone
``look away'' or stand in an area of the security zone where the
escorted individual's view may be blocked by some object or equipment
in the zone. The commenter noted that surveillance can also be
accomplished by remote video monitoring. Two commenters suggested that
the term escorted access should be revised to allow for video
surveillance. The commenters noted that, although the definition was a
straightforward, easy way to define escorting, certain video
surveillance systems provide improved security and should be allowed.
The commenters suggested revising the definition as follows: ``Escorted
access means that the actions of the individual are observed 100% of
the time while they are in the security zone.''
Response: The NRC agrees with the comment in part. The NRC has
removed the term ``line-of-sight surveillance'' from the definition and
changed it to ``direct continuous visual surveillance.'' The revised
definition will provide greater flexibility for the licensee. The
definition of escorted access was not intended to eliminate a
licensee's use of video surveillance. Video surveillance is appropriate
in some, but not all cases. For example, video surveillance of patients
during a treatment would be appropriate.
Comment A5: One commenter requested that the definition of license
be revised as follows: ``License, except where otherwise specified,
means a license for byproduct material issued pursuant to the
regulations in 10 CFR parts 30 through 36 and 39 of this chapter or a
permit issued by a master materials licensee.''
Response: The NRC disagrees that the definition for license should
be revised. The definition used in 10 CFR part 37 is identical to the
definition used in 10 CFR part 30. No license will be issued under 10
CFR part 37.
Comment A6: One commenter requested that the definition of license
issuing authority be revised to include a master materials licensee
(MML) as the MML issues individual permits.
Response: The NRC disagrees with the comment. An MML is not
equivalent to an Agreement State and does not issue licenses. The MML
does authorize individual permits for specific locations, but cannot
authorize beyond what is specified on the MML license.
Comment A7: Several commenters requested that the definition of
LLEAs be revised by removing the requirement that the agency be a
government entity and to broaden the definition to include private
security forces that possess the authority to carry firearms and make
arrests. Commenters felt that the definition was confusing and was not
clear whether university police could be considered an LLEA under the
definition. One of the commenters noted that some university police
departments serve as the LLEA and are a fully badged and sworn police
force with the authority to make arrests and provide armed response.
Some of the commenters suggested revised rule language to clarify the
definition.
Response: The NRC agrees with the commenters and has revised the
definition of LLEA as follows: ``Local law enforcement agency (LLEA)
means a public or private organization that has been approved by a
federal, state, or local government to carry firearms and
[[Page 16940]]
make arrests, and is authorized and has the capability to provide an
armed response in the jurisdiction where the licensed category 1 or
category 2 quantity of radioactive material is used, stored, or
transported.''
Comment A8: Five commenters suggested revising the definition of
``Lost or missing licensed material.'' Commenters indicated that the
definition contains subjective terms that make compliance with the
reporting criteria difficult. Two commenters recommended removing
``readily'' from the definition as it is too subjective and could lead
to inadvertent noncompliance. One commenter recommended linking the
definition for lost or missing licensed material with the no-later-than
arrival time definition and providing a specific criterion in regards
to time to locate material in transit. The commenter suggested the
following definition: ``Lost or missing licensed material'' means
licensed material whose location is unknown. It includes material that
has been shipped but has not reached its destination and whose
whereabouts have not been traced in the transportation system within 8
hours past the scheduled no-later-than arrival time.'' The commenter
noted that compliance and enforcement of the reporting criteria
established in Sec. 37.81 is difficult and that an 8-hour
investigation period seems reasonable. Another commenter noted that it
typically gives the carrier 24 hours to trace within their
transportation cycle, before the package is declared as lost or
missing, and that anything less than the 24 hours does not allow
sufficient time for the carrier to do a complete document and tracking
search and/or a physical search at potential locations. The commenter
noted that to declare the package as lost or missing before that will
result in many false positives, as 99.99% of the time the package is
located within the 24-hour window.
Response: The NRC disagrees with the comment. The term ``lost and
missing licensed material'' has been in part 20 for some time, and the
definition in 10 CFR part 37 is identical. It would be confusing to
have different definitions for the same term and concept in the
regulations and licensees would still need to meet the 10 CFR part 20
reporting requirements. A change to 10 CFR part 20 is beyond the scope
of this rulemaking. The NRC will provide additional information on the
security-specific meaning of ``lost or missing'' in the 10 CFR part 37
guidance document.
Comment A9: One commenter stated that the definition for reviewing
official should include a trustworthiness and reliability determination
of an individual who has access to SGI-M.
Response: The NRC disagrees with the comment. A licensee may use
the same reviewing official for trustworthiness and reliability
determinations for both unescorted access and access to SGI. However,
the licensee is not required to use the same reviewing official.
Determining access for SGI can be a separate program.
Comment A10: One commenter stated that the definition for
``sabotage'' should include a definition of ``security system'' that is
referenced in the definition.
Response: The NRC disagrees with the comment. Security system does
not need to be defined in the definition of Sabotage. The security
system will be different for each licensee as it is the system that a
licensee uses to protect its category 1 and category 2 quantities of
radioactive material.
Comment A11: Two commenters suggested modifications to the
definition for safe haven. Another commenter noted that the provision
cannot be implemented. The commenter noted that based on discussions
with military and other Federal institutions, material shipments could
not be diverted to them under any circumstances. The commenter
suggested that safe havens be contacted, confirmed, and identified. The
commenter noted that the licensee and carrier are capable of
determining safe havens along the route and that past experience has
shown that requesting a State to identify safe havens has been
fruitless. Two commenters suggested that the NRC work with the States
to identify potential safe havens and publish a list with the final
rule. One commenter noted that a licensee does not need to work with
the State to identify safe havens. Two commenters noted that the term
``safe haven'' is loosely defined by various agencies and States, and
that States do not recognize, identify, or acknowledge that they have
such sites. Two commenters noted that DOT removed the term from its
regulations because it could not be implemented.
Response: The definition for safe haven has been retained in the
final rule. Licensees, not States, are responsible for identifying safe
havens. Identification of safe havens has been in the regulations for
spent fuel transportation for a number of years and was included in the
RAMQC Orders for transport of category 1 shipments, so it is not a new
concept. If a licensee is having trouble identifying safe havens along
a route, it may discuss possible locations with the NRC, State police,
or the State's designated contact (usually State police).
Comment A12: One commenter (a State) noted that the definition for
temporary job site has a compatibility of Level B, which requires
identical wording. The commenter noted that this definition does not
meet its definition which is much more restrictive in that it limits
the amount of time radioactive material can be used at a temporary job
site. The commenter stated that there should not be two different
definitions for the same word listed in different parts of the
regulations. Another commenter stated that the temporary job site
definition would be more appropriate with a designation of C instead of
B as it would allow States to be more restrictive.
Response: The NRC agrees with the comment in part and disagrees in
part. The NRC tries to use the same definition for terms that are used
in more than one part of the regulations. However, there are terms that
have different meanings depending on the use. Temporary job site is
defined in both 10 CFR part 34 and part 39 with definitions that are
specific to the part. Since activities that are covered by both 10 CFR
part 34 (radiography) and part 39 (well logging) may also be subject to
10 CFR part 37 security provisions, the NRC extracted the common
elements of the definitions for use in 10 CFR part 37. However, the
requirements related to temporary job sites have been removed from 10
CFR part 37, and the term is no longer defined in the rule.
Comment A13: Three commenters suggested revising the definition of
``Trustworthiness and reliability.'' One commenter stated that the
definition is vague and subjective and that use of subjective terms in
the definition such as ``dependable'' and ``unreasonable'' makes it
impossible to apply. The commenter noted that a licensee cannot ensure
that individuals are trustworthy and reliable and as such do not
constitute an unreasonable risk to public health and safety. The
commenter requested that concrete and nonsubjective criteria be
provided. Another commenter requested that the definition be revised by
adding ``or as provided for in Sec. 37.29'' to the end of the
definition. One commenter stated that the definition should be modified
to include characteristics required by individuals having access to
SGI-M.
Response: The NRC disagrees with the comment. The NRC does not
believe that these terms make it impossible for licensees to determine
trustworthiness and reliability. The concepts of dependable and
unreasonable were also contained in the orders. The
[[Page 16941]]
determination is performance based and provides licensees the
flexibility to develop programs and criteria that they are comfortable
with. The definition in 10 CFR part 37 is consistent with the
definition of the term in 10 CFR part 73. The NRC does not believe that
it is necessary to add provisions that include access to SGI. Access to
SGI is covered by 10 CFR part 73. While a licensee may use the same
access authorization program for determinations for access to SGI, the
licensee may have a separate program.
Comment A14: One commenter suggested maintaining the current
interpretation for unescorted access that an individual having
unescorted access to several less than category 2 quantity sources
which are secured behind their own physical barrier would not require
inclusion in the trustworthiness and reliability determination program.
The commenter noted that the rule defines unescorted access to include
individuals who have access to sufficient quantities of radioactive
materials such that the individual could successfully accumulate lesser
quantities of material into a category 1 or category 2 quantity. The
commenter noted that this is a significant change and would result in a
big increase in the number of individuals who will need background
checks completed or require very complex source handling procedures to
prevent the ability to aggregate sources. One commenter noted that the
examples provided in the Statements of Consideration did not appear to
apply to an individual with access to multiple licensee facilities
listed on the same license or multiple separate licenses by the same
organization. The commenter noted that these persons could aggregate
materials just as easily as if they were at a single location under one
license, but the security rules would not apply to them. One commenter
stated that the NRC should reevaluate the need to include accumulation
considerations for access authorization control.
Response: The NRC has reevaluated the requirement and has revised
the definition for Unescorted access. All provisions of the rule now
only apply to licensees that possess an aggregated quantity of
radioactive material that equals or exceeds the category 2 threshold.
The term aggregated contains the concept of co-location and breach of a
barrier.
Comment A15: One commenter requested that the NRC add a definition
for master material license to 10 CFR part 37.
Response: The NRC disagrees with the comment. Master material
license is not specifically mentioned anywhere in the regulations, and
the NRC does not believe that there is a need to mention it in 10 CFR
part 37 as licenses are not issued under 10 CFR part 37.
Comment A16: One commenter suggested including a definition for
security plan at least to the extent that `security plan' is meant to
encompass a description of a licensee's background investigation
process, access control program, and physical protection measures with
those specific features as identified elsewhere in the part.
Response: The NRC disagrees with the comment and does not believe
that a definition of security plan is necessary. Section 37.43(a)
contains the purpose of the security plan and specifies in general
terms what must be included in the security plan. A definition would
not add further to the understanding.
Comment A17: One commenter suggested that a limited exemption be
provided to licensees who consistently meet the requirements imposed by
the orders. The commenter noted that the NRC could establish criteria
for the assessment of licensee's security programs and if the program
was deemed inadequate, corrective action could be initiated.
Response: The NRC disagrees with the comment. The NRC believes that
the requirements in 10 CFR part 37 are necessary to ensure adequate
protection of category 1 and category 2 quantities of radioactive
material. A licensee can always ask for relief from a particular
measure and if the NRC agrees that adequate basis exists and that it is
protective of public health and safety, it can grant the request.
Comment A18: One commenter, while supporting the decision to limit
the rule to category 1 and category 2 sources, noted that not all
category 2 sources are realistically in danger of being tampered with,
particularly in large medical facilities with exhaustive security
controls in place. The commenter noted that if a large medical
facility's security measures are breached, sealed sources in medical
devices are generally not readily accessible even by technicians with
highly specialized skills and tools. Two commenters suggested exempting
medical and research facilities from all of the 10 CFR part 37
requirements except for the security program or security plan. The
commenters noted that the public pays for and benefits from medical and
research use of these sources, and as such, should have a higher
acceptable risk. The commenters noted that this is similar to the basic
premise behind the patient release criteria in 10 CFR part 35 (Sec.
35.75), generally licensed sources, tritium exit signs, and smoke
detectors, where the public can have a higher acceptable risk for the
benefits which the materials bring them.
Response: The NRC disagrees with the comment. The category 1 and
category 2 quantities of radioactive material possessed by a medical
facility present the same risk as category 1 and category 2 quantities
of radioactive material possessed by other licensees. Almost any user
could argue that its use benefits society in some manner. The
comparison to generally-licensed sources is not applicable, as
generally licensed sources contain less than category 2 quantities of
radioactive material and are considered safe for use without additional
measures.
Comment A19: One commenter expressed concern that the source
aggregation changes could cause additional medical facilities to come
under the rule. The commenter was opposed to the rule applying to any
facilities beyond those under the orders.
Response: The application of the source aggregation criteria has
not changed from the orders. The concept of co-location and breaching
of a common physical barrier are still factors. While the rule may
apply to licensees that were not subject to a particular order, the
licensee would only be subject to the requirements if it aggregates the
material. Some licensees that have an aggregated category 1 quantity
may have only been subject to the Increased Control Orders and would
now be subject to some additional requirements under the rule that
apply to all licensees that possess a category 1 quantity of
radioactive material.
Comment A20: Several commenters expressed concern about the
extension of applicability for the proposed rule beyond byproduct
material licensees to power reactor, research and test reactor, and
fuel cycle licensees. Commenters noted that extending the requirements
to large component or radioactive material storage facilities located
on power reactor plant sites appears unwarranted. Commenters
recommended limiting the applicability to exclude material that meet a
criterion for a specific activity, surface contaminated objects, bulk
packages with mass exceeding 100 pounds or limit aggregating material
to a small number (fewer than 10) of discrete sources, and areas where
a large number of packages containing low concentrations of
radionuclides of interest are stored over a very large area, because
they believe the risk is low and should not present a security concern.
Commenters recommended that an appropriate threshold be developed that
[[Page 16942]]
exempts large volume or weight of a single item or of the aggregated
quantity such that exemption requests are not necessary and the
security provisions of 10 CFR part 37 would not apply. Commenters noted
that such materials are typically either of such large mass or volume,
or of such a diffuse constitution, that they should be considered low
risk for any malevolent purpose. Commenters noted that the industry is
concerned that casting a wide net will present a situation whereby
certain categories of facilities are regulated through exemptions.
One commenter suggested that NRC should consider using dose rates
at 1 meter relative to the Appendix I definitions in IAEA TECDOC-1344
for other than sealed sources as an alternative. The commenter noted
that the IAEA document acknowledges that the categorization system may
not be appropriate for waste management. The commenter noted that
tables in the document are based primarily on discrete sealed sources
of very high specific activity and do not apply to packages in
transport. The commenter further noted that IAEA also recommends 100
rads (1 Gy) to bone marrow in 100 hours at 1 meter from sources that
cannot be carried as the threshold for a ``dangerous'' source. With a
category 2 source threshold at 10 x D, this also provides a practical
justification for exempting low specific activity (LSA) materials, as
they are restricted to dose rates of 1 rem/h at 3 meters. Using very
restrictive point source consideration (i.e., an inverse square
relationship), LSA materials cannot result in dose rates exceeding 10
rads/h at 1 meter. The other deterministic considerations presented in
the TECDOC are similarly bounded by the low specific activity of such
wastes.
Commenters noted that there is a distinct difference between a
given amount of activity confined in a relatively small sealed source
and the same quantity dispersed around a large site in numerous
containers, none of which individually contains activity approaching a
category 2 amount. Commenters noted that low specific activity
material, objects with low levels of surface contamination, or numerous
small sources would not be attractive for theft or sabotage because of
the disperse nature of the radioactivity. One commenter noted that this
is recognized in the transportation arena that allows use of industrial
packages for low specific activity and surface contaminated materials
versus more robust Type A or Type B packages for shipping higher
activity materials.
Commenters noted that the packaging of the source is relevant to
potential theft and diversion. Commenters indicated that a quantity of
material where the total activity exceeds a category 2 level but is
dispersed in contaminated metal and other material within one or more
large concrete and/or steel containers presents a different hazard than
the same amount in a relatively small unshielded source. Commenters
noted that large and heavy containers are difficult to move and steal
without detection and that the containers themselves are self-
protecting from a sabotage point of view. The commenter noted that this
is important for licensees engaged in decommissioning, processing, and
shipping of bulk waste material. Commenters noted that the volume and
mass required for a category 2 quantity of material renders theft an
incredible scenario and that damaging and dispersing a category 2
quantity of material such that deterministic effects result from
internal or external exposures are not credible.
Commenters provided examples of: (1) A commercial waste processor
that could have several thousand packages in a common storage area,
each containing waste forms of relatively low specific activity and
each with a mass of several hundred to several thousand pounds and (2)
a radioactive waste disposal facility that has a 60-car train of
radioactive waste within its controlled area.
Response: The NRC agrees with the comment in part. The NRC has
determined that it is appropriate to include a partial exemption in the
regulation instead of treating exemptions requests on a case-by-case
basis. Paragraph (c) has been added to Sec. 37.11 to address
radioactive waste materials. The provision does require that some
security measures be applied to the waste, but the majority of the 10
CFR part 37 requirements would not apply. Measures include the use of
continuous physical barriers, alarmed locked gates or doors, and
assessment and response of unauthorized entry. The provision does not
include the use of dose rates, but would cover much of the low specific
activity waste addressed by the comment.
Comment A21: One commenter felt that the proposed requirements
should not apply to holders of category 2 sources, particularly since
the new requirements would not apply to the transshipment of category 1
and category 2 sources. The commenter noted that if the Juarez, Goiana
and Mayapuri radioactive material dispersal incidents all occurred in
the United States, in a single year, the annualized risk of premature
death would be a small fraction of the 1E-6 probability frequently used
in establishing regulatory requirements.
Response: The NRC disagrees with the comment that the security
provisions should not apply to category 2 sources. The Commission has
determined that category 2 sources are risk significant and, therefore,
warrant additional security measures. The NRC does not regulate
transshipments.
Comment A22: One commenter noted that the scope suggests that 10
CFR part 37 applies to any person who is authorized to possess or use
category 1 or category 2 quantities of radioactive material at any site
or contiguous sites subject to the control by the licensee. The
commenter pointed out that when radioactive material is used at
temporary job sites, the licensee will be in control of the quantities
of radioactive material, but may not necessarily be in control of the
sites. The commenter also noted that the scope does not indicate that
this applies to persons who have access to SGI-M and implies it only
applies to those authorized.
Response: The NRC agrees that the language may be confusing as it
applies to temporary job sites and has revised the scope to clarify the
intent. The requirements of 10 CFR part 37 do not apply to SGI-M.
However, some of the security information developed under 10 CFR part
37 would be considered SGI-M and needs to be protected in accordance
with 10 CFR part 73. The requirements for SGI-M are contained in
Sec. Sec. 73.21 and 73.23.
Comment A23: One commenter stated that the exemption provided in
Sec. 37.11(b) for facilities with 10 CFR part 73 security plans should
be retained but offered a suggested revision to clarify who has
inspection/security oversight. The commenter noted that it would be a
significant paperwork task to keep records showing compliance with both
sets of controls without a real increase in the security of either
material. The commenter also noted that it would be an added inspection
burden if the program required separate inspections by an Agreement
State and the NRC. The commenter suggested adding a sentence at the end
of the paragraph: ``Although the NRC maintains primary oversight of
these facilities, inspection by Agreement State representatives is
permitted.''
Response: The NRC is retaining the exemption for licensees that
possess the category 1 or category 2 quantities of radioactive material
under an NRC license. For those licensees located in
[[Page 16943]]
non-Agreement States, the licensee can choose if it wants to protect
the material under the security plan required by 10 CFR part 73 and
approved by the NRC or protect the material under a 10 CFR part 37
security plan. If the material is protected under a 10 CFR part 73
security plan, the licensee's records should note that the material is
protected under a 10 CFR part 73 security plan. Any inspection would be
against the security plan under which the material is protected. For
licensees that are located in an Agreement State and possess category 1
or category 2 quantities of radioactive material under an NRC license,
the licensee can choose whether to protect the material under the 10
CFR part 37 or the required and approved 10 CFR part 73 security plan.
For licensees that possess the category 1 or category 2 quantities of
radioactive material under an Agreement State license, it will be up to
the Agreement State to decide if it will allow the licensee to protect
the material under an NRC-required and approved 10 CFR part 73 security
plan. The licensee would want to discuss this with its State regulator.
Agreement States are not required to adopt the provision on exemptions
in Sec. 37.11(b) as a matter of compatibility. As for adding a
provision to allow State personnel to inspect, the NRC disagrees with
the comment. A new provision is not necessary to allow an Agreement
State to inspect against a license that it has issued.
Comment A24: One commenter stated that the NRC should not
promulgate the rule for licensees currently under NRC 274i Security and
Fingerprinting Orders specified in EA-08-225 issued August 29, 2008.
The commenter noted that these licensees are few in number, and the NRC
should continue to regulate them under the existing orders. The
commenter noted that this should include possession of certain isotopes
greater than category 1. The commenter suggested new paragraphs for
Sec. 30.34 as follows: ``30.34(m) Security requirements for licenses
who possess an individual source less than category 1 but greater than
or equal to category 2 of the isotopes listed in Appendix E to 10 CFR
part 20--Nationally Tracked Sources Thresholds. Licensees or applicants
must submit to NRC for review and approval of information to comply
with the requirements and time frames specified in NRC Order EA-07-305
dated December 5, 2007, and its attachments titled ``Table 1
Radionuclide of Concern and Attachment 3 Specific Requirements
Pertaining to Fingerprinting and Criminal Records Checks'' which are
incorporated by reference (or listed in a new Appendix F of 10 CFR part
30). This rule is in addition to any other requirements specified in
applicable 10 CFR parts.'' and ``30.34(n) Licensees must notify NRC of
their intention to possess an individual source greater than category 1
of the isotopes listed in Appendix E to 10 CFR part 20--Nationally
Tracked Sources Thresholds.''
Two commenters stated that the authority to regulate the physical
protection of category 1 and 2 quantities of material in transit
(subpart D) should not be relinquished to the Agreement States. The
commenter noted that while the adequacy and compatibility requirements
of Agreement State programs would require the Agreement State
regulations to be ``essentially identical'' to those contained in
subpart D, there are several instances where Agreement State
regulations include requirements in addition to those found in the
analogous NRC regulations. The commenter noted that Agreement State
regulations that go beyond those contained in subpart D could hinder
interstate commerce and result in additional burden and expense to the
licensees. Another commenter stated that there is value to Federal
preemption in regulating the transportation security of category 1 and
category 2 quantities of radioactive material as this would ensure
uniformity of the administration of the requirements. One commenter
suggested that the authority be transferred to DOT and not the States.
Two commenters stated that the NRC should retain authority for the
security of category 1 licensees under common defense and security
unless the States are given authority to regulate all aspects of
category 1 sources. The commenters noted that the rule does not give
the States authority to regulate the safeguards information and,
therefore, the regulatory authority would be split. Commenters
suggested removing the SGI designation. One commenter noted that under
Supplementary Information Item II.(A)(10), it states, ``Although the
NRC relinquishes authority to States for certain materials, under
section 274(m) of the AEA no such agreement will affect the authority
of the Commission to take regulatory action to protect the common
defense and security.'' The commenter noted that Item 11 states, ``The
provisions put in place for the inspection of licensees that received
the orders issued under common defense and security would remain in
place until the State implements the requirements.'' The commenter
stated that this contradicts Item 19 which states the NRC will not
enter such agreement for common defense and security. The commenter
indicated that category 1 materials must be considered under the terms
of common defense and security and should remain under NRC jurisdiction
for security. The commenter noted that the proposed rule states
``licensees who activities are covered under part 73 would be exempt
from part 37.'' The commenter stated that most of the irradiator
requirements (SGI-M) are based in 10 CFR part 73 and therefore
indicates that there are no category 1 licensees that are subject to
State purview. The commenter noted that there are references to SGI-M
in the proposed rule which further leads to the need for clarification.
One commenter noted the drafted document appears to be inconsistent
in this regard and that the issue of jurisdiction and responsibility
for these licensees must be clearly made and the necessary inclusions
and exclusions to the rules made accordingly.
Response: The NRC disagrees with the comment. The NRC believes that
it is appropriate for the Agreement States to regulate the physical
protection of category 1 and category 2 quantities of radioactive
material. Although some of the security information is considered to be
SGI-M under 10 CFR part 73, the NRC does not believe that this prevents
the Agreement States from regulating the security aspects for those
facilities. While the State could not inspect the SGI provisions for
protection of the material unless it entered into a 274i Agreement with
the NRC, the State could inspect and enforce the provisions of 10 CFR
part 37. The exemption provided in Sec. 37.11 was intended to only
cover facilities that had a security plan under 10 CFR part 73 and not
the information protection aspects. The NRC has clarified the
exemption. See also the responses to comments A23, A46, and A47 and the
response to question 10 in Section II.A of the Statement of
Considerations.
Comment A25: One commenter noted that the rule should adopt the
entire categorization of radioactive sources from the IAEA Safety Guide
No. RS-G-1.9--Categorization of Radioactive Sources. The commenter
pointed out that the IAEA Safety Guide provides a more robust, risk-
based categorization of quantities than the categorization provided in
the proposed rule as it describes five different categories that
differentiate sources possessed by various licensees based on quantity
as well as use. The commenter also stated that the rule should be
limited to source quantities characterized as category 1 and category 2
in the IAEA Safety
[[Page 16944]]
Guide. The commenter noted that the types of sources used in refineries
and petrochemical plants are considered category 3 and according to the
IAEA Safety Guide, the types of sources used in refineries and
petrochemical plants present less risk than the source quantities in
category 1 and 2.
Response: While the NRC agrees that category 3 sources present less
risk individually than category 2 sources, the NRC disagrees with the
remainder of the comment. Unlike RS-G-1.9, the NRC and the IAEA Code of
Conduct do not consider use (e.g., fixed gauges, well logging, and
radiography) in the determination of source categorization. Regardless
of its intended use, any category 2 quantity may pose a significant
risk to individuals, society, and the environment. Additionally, 10 CFR
part 37 applies not only to sources, but also to bulk material. The
rule also addresses aggregation of radioactive material at or above the
category 2 threshold. If several sources are stored together that
individually are considered to be category 3 sources, but together form
an aggregated category 2 quantity, the attractiveness of the material
as a group would be the same as if there were only one category 2
source. If the sources used in the refineries and petrochemical plants
are not aggregated, 10 CFR part 37 would not apply.
Comment A26: One commenter indicated that for facilities covered
under the Maritime Transportation Security Act, the rule would mean
additional burdens, redundancies and confusion. The commenter
recommended that for facilities regulated under DHS/DOT Personnel
Surety programs, the rule should allow a program of reciprocity to
reduce redundancy. The commenter noted that at National Petrochemical &
Refiners Association (NPRA) member facilities, the Radiation Safety
Officer (RSO) and technicians have intimate contact with source holders
and the rule would be best implemented by the RSO and technicians and
not the entire facility population.
Response: The NRC disagrees that the rule imposes additional
burdens, redundancies, and confusion. The Maritime Transportation
Security Act, which amends the Merchant Marine Act of 1936, establishes
a program to ensure greater security for United States seaports and
provides requirements pertaining to personnel whose duties are related
to import and export activities at the ports. Part 37 transportation
requirements only apply to the domestic portion of an import or export.
For an import, the provisions would apply once the shipment clears
customs and for exports, up to the point the shipment crosses the
border. Holders of the TWIC do not need to undergo fingerprinting and
the FBI criminal history records check again as Sec. 37.29 relieves
them from the requirement. However, the individuals would need to
undergo the remaining elements of the background investigation.
As for the NPRA member facilities, the provisions for access
authorization under 10 CFR part 37 would only apply if the facility
allows unescorted access to category 1 or category 2 quantities of
radioactive material. The licensee decides who is in charge of the
security program as the regulations do not specify any specific
position.
Comment A27: One commenter asked for clarification whether the
provisions apply to those licensees authorized to possess the material
or those that actually possess the material. The commenter noted that
the language discrepancy occurs throughout the rule and must be
corrected. Another commenter asked that the requirements be spelled out
separately to avoid confusion.
Response: The proposed rule contained some provisions that
pertained to licensees that were authorized to possess category 1 or
category 2 quantities of radioactive material. The final rule contains
provisions that apply only to those that actually possess and aggregate
the material to a category 1 or category 2 quantity.
Comment A28: Some commenters objected to the need to submit
compliance information. The commenters felt that this is an unnecessary
burden to both the licensees who have already implemented a program and
the regulatory agency. The commenters noted that the licensees subject
to this part have already been inspected multiple times and have
established a compliance history, and therefore these licensees should
be exempted from having to resubmit existing information. One commenter
thought that the provision was vague as written and requested
clarification that compliance with the provision would be achieved by
submitting a letter to the NRC indicating that the licensee has
successfully implemented the program. One commenter noted that the NRC
must identify in the regulation what essential elements are to be
included because placing the information in guidance is unacceptable.
One commenter thought the provisions should be removed from the rule
but if retained offered suggested language. One commenter stated 30
days did not provide adequate time. Commenters noted that requiring a
licensee to report compliance was an unnecessary burden as licensees
are expected to comply and that the normal terms of implementation for
rulemaking are adequate. One commenter suggested deleting Sec.
37.41(d) as unnecessary since current implementation of the Increased
Control Orders is an adequate basis to conclude the current licensees
will transition to compliance with the new regulations.
Response: The NRC agrees that the submittal of compliance
information is not needed and has removed the requirement from the
rule. The NRC and the Agreement States already know which licensees
will need to implement 10 CFR part 37. A provision has been added in
Sec. 37.41 to require a licensee that has never implemented the orders
or 10 CFR part 37 to notify the NRC 90 days before aggregating material
to a category 1 or category 2 quantity of radioactive material.
Comment A29: One commenter stated that in Sec. 30.32 the wording
implies the application must include an affirmation that the proposed
security program meets the requirements in 10 CFR part 37. The
commenter stated that instead the application should include a proposal
as to how the requirements will be satisfied and be subject to
evaluation for sufficiency. The commenter suggested the following
language: ``(1) An application for a specific license to use, store, or
transport category 1 or category 2 quantities of radioactive material
must include information outlining the applicant's security program
designed to satisfy the requirements in part 37 of this chapter.''
Response: The NRC has reevaluated the need for the requirement and
has decided that it is unnecessary. A new applicant will be evaluated
on the need to implement 10 CFR part 37 as part of a prelicensing
review and inspection. If the licensee will be aggregating the material
to a category 1 or category 2 quantity of radioactive material, the
licensee will be expected to implement the provisions of part 37 before
receiving a license.
Comment A30: One commenter noted that institutions that have
aggregated material may require significant time to implement the
provisions as it will require a financial investment. The commenter did
not suggest an appropriate timeframe. Several commenters noted that 30
days for implementation was not sufficient for the changes that need to
be made. Two commenters suggested a 1-year effective
[[Page 16945]]
date. Commenters supported terminating the orders on the effective date
of the rule to avoid confusion and noncompliance. One commenter stated
that the rule should be clarified as to the compliance date and asked
what happens if a licensee is not in compliance by that date. One
commenter noted that it would be difficult to comply with the 30-day
timeframe for preparing and implementing the security plan and
implement the security program at least 90 days before it `` * * *
aggregates radioactive material to a quantity that equals or exceeds
the category 2 thresholds.'' The commenter further noted that work
varies significantly from project to project and that security plans
that are sufficiently robust to be effective also would vary
significantly. The commenter noted that it is not possible to prepare
or implement a project-specific security plan without knowing the
details of the project and that frequently licensees need to mobilize
and initiate work within a matter of a few days, which would not be
possible if a 90-day advance notice was required.
Response: The NRC notes that the proposed rule indicated that the
final rule would be implemented 270 days after publication in the
Federal Register. The 30-day timeframe was for the licensee to submit
compliance information. The NRC has removed the requirement to submit
the compliance information. In addition, the NRC is providing a 1-year
implementation period for the final rule. This should allow ample time
for licensees to implement the requirements, including the development
of any new procedures and the conduct of necessary training. Agreement
States will be given 3 years from publication of the final rule to
adopt the rule provisions instead of from the effective date. This will
still provide the States with a 3-year window to adopt the regulations.
Comment A31: One commenter noted that its business depends on the
ability to not co-locate or aggregate its radioactive material and that
it manages its radioactive material through quantity control and
physical separation of material not in use at any one time. The
commenter noted that, if it was required to aggregate all of its
material, which includes the standard, returned sources, sources packed
and ready to ship, cell waste (cell sweep, dust, chips), plus isotope
material, it would be continuously above the category 2 threshold, and
the additional requirements would be a significant economic hardship on
the company.
Response: The rule does not require co-location or aggregation of
radioactive material. If a licensee does not aggregate the material
above a category 2 threshold, the licensee will not need to implement
the provisions of 10 CFR part 37. The final rule only applies to those
licensees that possess aggregated quantities at or above the category 2
threshold.
Comment A32: Several commenters objected to the change from a 3-
year retention period for records to a 5-year retention period. One of
the commenters believed that the change from the standard practice
where most documents in the industry have a mandated 3-year retention
period is redundant and unnecessary and will add a potential for
confusion where none need exist. One commenter questioned why there was
a need to keep superseded portions of procedures and the security plan
for 5 years. The commenter stated that this was an added burden and
does not add to the security of the material or to the protection of
the health and welfare of the general public. The commenter also
questioned the need to keep training records for 5 years stating that
it should be adequate for a licensee to show that it is conducting
annual training and suggesting a 1-year retention period.
Response: The NRC agrees with the comment on the retention period
and has changed the record retention period for most records to 3
years. Safety records are maintained for 3 years, and the NRC agrees
that there is no benefit to keeping only the security records for 5
years. There are a few licenses that have an inspection frequency of 5
years; however, the majority of the licensees impacted by 10 CFR part
37 have a 3-year inspection frequency. Superseded procedures and
training records are necessary from an inspection and enforcement
aspect.
Comment A33: One commenter questioned how long to hold on to the
old security plan once it is updated and how long the documentation of
the coordination activities is to be maintained. Another commenter
recommended changing the record retention period for the security plan
so that the record could be destroyed 5 years after it is no longer
needed. The commenter noted that there was no value in keeping the
security plan once a licensee was no longer allowed to possess
materials that would require a security plan.
Response: Section 37.43(a)(4) specifies that the superseded
portions of the security plan be retained for 3 years (note the
proposed rule specified 5 years). For any record where a retention
period is not specified, Sec. 37.103 specifies that the record be
retained until the Commission terminates the license. The NRC has added
a retention period of 3 years for the documentation records. The NRC
agrees with the comment and has changed Sec. 37.43(a)(4) to indicate
that the security plan must be retained for 3 years after it is no
longer required.
Comment A34: One commenter requested clarification in Sec. 37.101
on the concept of ``safeguards against tampering with'' to preclude
unwarranted interpretations during a regulatory inspection about the
requirements for records. The commenter offered suggested language as
follows: ``the licensee shall maintain adequate safeguards against
tampering with and loss of records. The requirements in Sec. 37.43 for
protection of information are not applicable to this section.'' Another
commenter recommended replacing the term ``safeguard'' with ``protect''
in Sec. 37.101. The commenter felt that safeguard should be only used
when referring to safeguards.
Response: The NRC disagrees with the comment. The records provision
in Sec. 37.101 is identical to provisions in other parts of the
regulations. The NRC is not aware of any issues that have arisen over
interpretation. The provisions of Sec. 37.43 would apply if the
records were the security plan, implementing procedures, or the list of
individuals allowed unescorted access.
Comment A35: One commenter stated that the enforceability in
regulations of records retention for reporting suspicious activities is
unduly burdensome on the licensee. The commenter stated that due to the
clandestine nature of reporting suspicious activities to LLEAs, the
licensee may not have the LLEA's or NRC's fluid responses to these
reports for security reasons and that ongoing investigations can
encompass years, so the recordkeeping requirement is inconsistent and
can be inconsistent with other recordkeeping requirements depending on
the incident nature of the reporting.
Response: The NRC does not understand the commenter's concern.
There are no record retention requirements associated with reporting
suspicious activities. The 30-day written report is not required for
suspicious activity reporting. The licensee is required to assess the
suspicious activities and notify the LLEA, only if the licensee
believes it is appropriate to do so. The licensee is only required to
notify the NRC if the LLEA is notified. The NRC acknowledges that there
is
[[Page 16946]]
some subjectivity involved in determining what is considered to be
suspicious.
Comment A36: One commenter questioned who was authorized to
authenticate reproduced records in Sec. 37.101.
Response: ``Authorized personnel'' in Sec. 37.101 are those
authorized by the licensee to authenticate duplicated documents.
Comment A37: In the proposed rule, the NRC specifically requested
comment on the reporting requirements. Commenters were requested to
provide information on: (1) Whether the proposed rule contained the
appropriate items and thresholds to be reported to the LLEA; (2)
whether the proposed rule contained the appropriate items and
thresholds to be reported to the NRC; (3) whether suspicious activities
should be reported and if they are reported, what type of activities
should be considered suspicious; and 4) whether the timeframe for
reporting was appropriate. Fifteen commenters provided responses to the
specific questions on this subject.
Of those that provided responses to the questions on the reporting
requirements, the majority agreed that the reportable items and
thresholds were appropriate, and five commenters felt the items and/or
thresholds should be changed. One of the commenters indicated that the
NRC and/or FBI should be notified of any denial for cause of a request
for unescorted access as this might be domestic intelligence
information of interest to the FBI or DHS. The commenter also felt that
the NRC/FBI should be notified of activities determined to be suspect
by the LLEA. Three commenters stated that actual and attempted theft
were appropriate reportable actions but that suspicious activities
should be removed from the rule. Of the commenters that supported
reporting of suspicious activities, no commenter offered suggestions as
to what type of activities should be considered suspicious. A couple of
the commenters stated that the licensee is the best judge of what type
of activities would be considered suspicious at its facility. Other
commenters just suggested that the NRC should provide guidance to
assist the licensee. Most of the commenters indicated that the
reporting timeframes were appropriate. One commenter stated that the
timeframes did not allow for a realistic period of assessment. The
commenter noted that classifying some of these events will be very
subjective and some may be impossible to distinguish from events that
are not malicious or not related to a category 1 or category 2 quantity
of radioactive material. Another commenter stated that a specific
timeframe should be specified instead of immediate and upon discovery.
The commenter stated that failure to set specific time limits will
result in delay in implementing the Federal response framework.
In addition to those that provided responses to the specific
questions, seven commenters addressed this subject in their comments.
Two commenters noted that classifying some of these events will be very
subjective and some are likely to be impossible to distinguish from
events that are not malicious or are not related to category 1 or
category 2 quantities of radioactive material. The commenters noted
that reasonable persons could interpret the expectations of the NRC and
the details of a specific event very differently. The commenters
further noted that these events will require a period of assessment,
and sometimes a lengthy period of assessment, to determine the nature
of the event and that the timeframes for reporting do not anticipate a
period of assessment. As an example the commenters provided the
situation where a discrepancy in the inventory is discovered without
any evidence of an ``actual theft'' (e.g., locks that have been cut),
requiring a period of assessment to determine the nature of the event.
Two commenters stated that the requirement for sabotage reporting
should be removed. The commenters noted that it would not be possible
for a licensee to determine the ``intent'' of the person causing any
damage and whether his or her ``intent'' is malevolent. One commenter
noted that Sec. 37.57(b) requires NRC notification when there is
``suspicious'' activity related to ``possible'' theft, sabotage, or
diversion. The commenter stated that it would only be appropriate to
notify the NRC if the licensee, in conjunction with the LLEA,
determines that there is some validity to the suspicion. The commenter
noted that the NRC should encourage open communication between the
licensee and LLEA, and licensees should feel free to express even minor
concerns, uncertainties, etc. to LLEAs for their assistance without
having to notify the NRC in each instance. One commenter agreed with
the reporting requirement for suspicious activities but noted that it
would be dependent on the licensee's judgment based on its
circumstances. The commenter noted that it would be difficult to
quantify what suspicious activity is ahead of time, and the licensee
should not be second guessed on whether or not it made this type of
notification. One commenter noted that suspicious activities should
continue to be reported on a voluntary basis as it is very subjective
and would be difficult to enforce. One commenter recommended defining
suspicious activity. One commenter expressed concern over the
requirement to report suspicious activities asking how it could be
enforced as individual judgment may differ as to what constitutes a
suspicious action. The commenter also questioned why, if the LLEA
provides an immediate assessment and determines that the event is
completely harmless, the NRC needs to be notified. The commenter
suggested language for Sec. 37.57(b) to increase the clarity and to
allow for some local interpretation. The suggested language is as
follows: ``The licensee shall notify the LLEA upon the discovery, of
any security-related events involving suspicious activity that may
indicate preoperational surveillance, reconnaissance, or intelligence-
gathering activities directed against licensees, or their facilities
related to possible theft, sabotage, or diversion of category 1 or
category 2 quantities of radioactive material. If the event is not
found to be harmless, the licensee should notify the NRC's Operations
Center (301-816-5100) as soon as possible, but not later than 4 hours,
after notifying the LLEA.''
Response: The NRC has revised the reporting requirement to make it
clear the licensee does not need to contact the LLEA when it has
determined that an alarm was not the result of an attempted or actual
theft, sabotage or diversion. The NRC does not believe that it is
necessary for the licensee to report to the NRC the denials for
unescorted access. The NRC has access to the information during
inspections. The NRC has retained the reporting requirement for
sabotage. If an individual has caused damage and placed the radioactive
material at risk, the NRC wants to know regardless of the individual's
intent. The NRC disagrees that it is necessary to establish a set
timeframe for reporting attempted theft, diversion, or sabotage as the
terminology is consistent with other similar reporting requirements.
The NRC agrees that it is good practice to have open communication
between the LLEA and the licensee.
On the question of reporting suspicious activities, the NRC has
decided to retain a requirement on suspicious activities. The reporting
of suspicious activities is an important component of evaluating the
threat against licensed facilities and material. The NRC reviews
individual notifications of suspicious activities to evaluate whether
potential
[[Page 16947]]
preoperational activities (i.e., multiple events at a single site or
multiple events at multiple sites) may be part of a larger plan and to
integrate this information with other agencies in the homeland security
and intelligence communities. The NRC is not requesting that the
licensees actively gather intelligence but rather that they report
information they believe is relevant to the security of their facility
or activity. The reporting requirements provide a consistent means of
communicating this information to the NRC. The requirement has been
revised to require the licensee to assess suspicious activities and to
only contact the LLEA if the licensee believes it is appropriate to do
so. The licensee is required to notify the NRC only if notifying the
LLEA. Some suspicious actions may be successfully handled by the
licensee without the need to involve law enforcement or the NRC. The
NRC believes that the revision will provide the licensee more
flexibility in determining how to address any situation that involves
what might be considered suspicious activities. The NRC does recognize
that what is considered to be suspicious is subjective and not all
licensees will handle the same situation in the same way. On balance,
the NRC believes that it will receive information on the more serious
instances, but not the trivial instances.
Comment A38: One commenter noted that in the absence of any
suspicious or known mitigating factors, it has typically given the
carrier 24 hours to trace within their transportation cycle, before the
package is declared as lost or missing. The commenter noted that this
has proven to be the most effective time period and that anything less
than the 24 hours does not allow sufficient time for the carrier to do
a complete document and tracking search and/or a physical search at
potential locations. The commenter noted that to declare the package as
lost or missing before that will result in many false positives, as
99.99% of the time the package is located within the 24-hour window
which will result in significant resources of both the regulatory
agencies and licensees involved, trying to get useful information that
just isn't available.
Response: Part 37 requirements would not change this practice. The
reporting requirement in Sec. 37.81(b) is similar to the requirement
from the orders. The licensee is not required to notify the NRC when
the material has not arrived by the no-later-than arrival time, rather
it is to notify the NRC once it has been determined that the material
is lost or missing. This allows some time for investigation before the
first phone call to the NRC. Similar to the order requirement, the
licensee is required to notify the NRC a second time if the material is
still missing after 24 hours of investigating. The rule should not
result in a change in practice and in fact gives the licensee
additional time before starting an investigation.
Comment A39: Several commenters requested information on how
diversion differs from a theft as in both cases the material is removed
and the movement is unauthorized. The commenters felt that the
requirements for reporting diversion and suspicious activities were
subjective and that the NRC's expectations concerning diversion and
suspicious activities were not clear.
Response: Diversion means the unauthorized movement of radioactive
material subject to this part to a location different from the
material's authorized destination inside or outside of the site at
which the material is used or stored. As an example, a source purchased
using a legitimate license may be shipped to an unauthorized location.
Diversion does not require the adversary to defeat the licensee's
physical security system. Theft is the act of taking material from a
facility, vehicle, or temporary job site and requires the adversary to
defeat the licensee's physical security system.
What constitutes a suspicious activity can be subjective and may
vary from one licensee to another. Examples of suspicious activities
are provided in the guidance. The reporting of suspicious activities is
an important component of evaluating the threat against licensed
facilities and material. The NRC reviews individual notifications of
suspicious activities to evaluate whether potential preoperational
activities (i.e., multiple events at a single site or multiple events
at multiple sites) may be part of a larger plan and to integrate this
information with other agencies in the homeland security and
intelligence communities. The NRC is not requesting that the licensees
actively gather intelligence, but rather that they report information
they believe is relevant to the security of their facility or activity.
The reporting requirements provide a consistent means of communicating
this information to the NRC.
Comment A40: One commenter recommended placing the reporting
requirements in Sec. Sec. 37.57 and 37.81 in subpart M of 10 CFR part
20 to avoid duplicative regulations. The commenter stated that the
notifications in Sec. 37.81 should be the same as 10 CFR part 20 and
should be immediately after discovery, but only after initially
notifying the LLEA. The commenter noted that immediate notifications of
theft should be made to the LLEA, not as soon as possible as the
proposed rule would allow. Another commenter noted that the reporting
requirements should be consistent to ensure that multiple reports for
the same event are not an unintended consequence.
Response: The NRC disagrees with the need to move the 10 CFR part
37 reporting requirements to 10 CFR part 20. The NRC has revised Sec.
20.2201(c) to include a reference to 10 CFR part 37 so that duplicative
reports are not required. The NRC disagrees with the comment to change
as soon as possible to immediate in Sec. 37.81(c) and (d). The
historic interpretation of immediate reporting has been up to 4 hours.
The NRC does not believe that 4 hours is the appropriate timeframe for
the notification; notifications need to be made promptly. For this
reason, the NRC has used ``as soon as possible'' in both the orders and
the rule language.
Comment A41: One commenter questioned the difference between the
requirements to report no later than 4 hours after the discovery of any
actual theft or diversion in Sec. 37.57 and the requirement in Sec.
37.81 to report within 1 hour of lost or missing material.
Response: Under Sec. 37.57, the licensee is to immediately notify
the LLEA and then to contact the NRC as soon as possible. If contacting
the NRC would somehow interfere with or delay the LLEA response, the
licensee can take up to 4 hours to notify the NRC. The LLEA would be in
charge of any response as the occurrence was at a fixed location. It is
the NRC's expectation that the notification would occur very quickly
after the LLEA is notified. Under Sec. 37.81, the licensee is required
to contact the NRC within 1 hour because the NRC may need to initiate a
response as the occurrence was during transit.
Comment A42: One commenter noted that the rule should not require
the licensee to provide a copy of the reports required under Sec.
37.81(g) to the Office of Nuclear Security and Incident Response
(NSIR). The commenter believes that the NRC should provide the copy to
NSIR. One commenter recommended that the written follow-up report for
event reporting be submitted within 60 days instead of 30 days. The
commenter noted that 30 days is insufficient time for licensees to
complete an investigation, prepare, and submit a written report and
that the 30 days is inconsistent with the timeframe for submittal of
written follow-up reports that are required elsewhere in 10 CFR Chapter
I. One commenter objected to the wording of the requirement in Sec.
37.81(g) to ``include sufficient
[[Page 16948]]
information for NRC analysis and evaluation'' as it is too open-ended
and the commenter felt that further explanation is necessary. The
commenter stated that the NRC is doing a disservice to licensees if it
wishes to claim that such items are difficult or impossible to predict
for all cases or would be more fully addressed in guidance.
Response: The NRC agrees with the comment in part and disagrees
with the comment in part. The NRC often specifies that a copy of a
report should be submitted to a specific office and does not believe
that it presents a large burden on the licensee. While some of the
follow-up reports contained in Title 10 Chapter I are submitted within
60 days, some are submitted within 30 days. The 30-day timeframe for a
written follow-up report is consistent with the requirement for the
follow-up report for reporting lost and missing material contained in
10 CFR part 20. If the investigation is not complete, a final report
can be submitted upon completion. The NRC agrees with the comment on
sufficient information and has added language similar to the provisions
in Sec. 20.2201(b).
Comment A43: One commenter requested that a subsection be added to
Sec. 37.57 to clarify requirements for reporting by a licensee or
permittee under a master materials license that has an onsite LLEA in
order to preclude unwarranted interpretations during a regulatory
inspection about reporting to NRC. The commenter offered suggested
language as follows: ``(d) For a licensee or permittee under a master
materials license with an on-site LLEA, reporting in this subsection is
required only after the on-site LLEA has confirmed the attempted,
actual, or actual activity related to theft, sabotage, or diversion of
category 1 or category 2 quantities of radioactive material.''
Response: The NRC disagrees with the comment. The reporting
requirements remain the same whether the LLEA is on site or off site.
The NRC does note that the LLEA does not need to be contacted until
after the licensee has assessed the situation. The LLEA needs to be
notified only if the licensee has determined that an attempted or
actual theft, diversion, or sabotage act has occurred or is taking
place, or, as appropriate, if the licensee has identified suspicious
activities.
Comment A44: One commenter recommended defining substantive
information in Sec. 37.81(h). The commenter noted that the term
substantive information indicated a higher priority notification than
30 days.
Response: The NRC disagrees with the comment. The provision is
identical to the provision in Sec. 20.2201(d). A licensee should use
judgment on whether the information should be provided sooner than 30
days.
Comment A45: One commenter stated that certain provisions of the
proposed rule would be matters of mandatory compatibility between the
NRC and the Agreement States. The commenter stated that the NRC has no
statutory basis requiring an Agreement State to maintain regulations
compatible with those of the Commission. The commenter believes that
the Commission may request compatibility by the State, but cannot
require it.
Response: Section 274, ``Cooperation with States,'' of the AEA
provides for cooperation with States, authorizing the Commission to
enter into Agreements with States for certain materials provided that
certain conditions are met. Two specific sections of the AEA provide
for compatibility requirements: (1) Subsection 274d. gives the
Commission the authority to enter into an Agreement with a State if the
Commission finds that the State program is compatible with the
Commission's program for regulation of such materials (subsection
274d(2); and (2) under subsection 274g. of the AEA, the Commission is
authorized and directed to cooperate with the States in the formulation
of standards for protection against hazards of radiation to assure that
the State and Commission programs for protection against hazards of
radiation will be coordinated and compatible.
In the Commission's policy statement, ``Policy Statement on
Adequacy and Compatibility'' (62 FR 46517; September 3, 1997), the
Commission addressed a similar comment. At that time, it was the
Commission's view that, pursuant to section 274, an Agreement State's
program should be compatible with NRC's program for the duration of the
Agreement for the following reasons, set forth in the policy statement:
Subsection 274g. authorizes and directs the Commission to
cooperate with the States in the formulation of radiation protection
standards ``to assure that the State and Commission programs for the
protection against hazards of radiation will be coordinated and
compatible.'' This provision demonstrates Congress' intention that
the compatibility between the NRC and Agreement State programs
should be maintained on a continuing basis.
Subsection 274j.(1) calls on the Commission to suspend or
terminate an Agreement State's program if ``the State has not
complied with one or more of the requirements'' of Section 274. The
Commission believes that this phrase ``one or more of the
requirements,'' encompasses all requirements of Section 274,
including the requirement for compatibility in Subsection 274(g).
Under Subsection 274d.(2), the Commission is authorized to enter
into an agreement with a State if the Commission makes both
requisite findings that the State program is compatible with the
NRC's program and adequate to protect public health and safety.
Absent a continuing compatibility requirement, an Agreement State
could divert from having a compatible program the day after any
agreement is signed with NRC. This would render the Commission's
initial compatibility finding required by Subsection 274d.(2)
meaningless.
In addition, the NRC has an obligation, pursuant to section 274j.
of the AEA, to periodically review existing Agreement State programs to
ensure continued adequacy and compatibility. Section 274j. of the AEA
also provides that the NRC may terminate or suspend all or part of its
agreement with a State if the Commission finds that such termination is
necessary to protect public health and safety or that the State has not
complied with the provisions of section 274j. In fulfilling this
statutory responsibility, NRC provides oversight of Agreement State
radiation control programs to ensure that they are adequate and
compatible prior to entrance into a section 274b. agreement and that
they continue to be adequate and compatible after an agreement is
effective. The NRC, in cooperation with the Agreement States,
established and implements a performance evaluation program to provide
NRC and Agreement State management with systematic, integrated, and
reliable evaluations of the strengths and weaknesses of their
respective radiation control programs and identification of areas
needing improvement, the Integrated Materials Performance Evaluation
Program (IMPEP).
There have been no changes to the AEA or to Commission policy that
would render a different interpretation of these sections of the AEA.
Therefore, no changes were made to the rule in response to this
comment.
Comment A46: Two commenters stated that it was unclear if the rule
can be implemented under a public health and safety basis. The
commenters noted that the performance objective in Sec. 37.21(b) is to
prevent an unreasonable risk to public health and safety or the common
defense and security, but that the basis for the rule is health and
safety and not common defense and security.
Response: This rule can be implemented under the NRC's authority to
protect the public health and safety. The rule amends NRC's regulations
to impose security requirements for the
[[Page 16949]]
use of category 1 and category 2 quantities of radioactive material.
The proposed security requirements set forth the objectives and minimum
requirements that licensees must meet to protect against theft or
diversion of category 1 or category 2 quantities of radioactive
material. Accordingly, these requirements increase the protection of
the public from harm resulting from the unauthorized use of these
materials.
As discussed in the Statements of Consideration for the proposed
rule (75 FR 33902, 33907 (June 15, 2010)), when regulations such as
these address both the NRC's public health and safety and common
defense and security missions, the operative question is whether NRC
oversight is necessary to fulfill the common defense and security
aspects of the regulations. The NRC believes that the Agreement States
can consistently and adequately implement the physical protection
requirements, and as such, there is no need for independent NRC action
to protect the common defense and security. However, the NRC retains
the authority under section 274(m) of the AEA to take any necessary
actions for protection of common defense and security should individual
licensees or the State program develop issues requiring immediate
action.
Implementing these regulations under the NRC's public health and
safety authority avoids potential complications with licensees being
subject to dual regulatory authorities for a single license. Agreement
States can impose these security requirements because they provide a
reasonable assurance of preventing the theft or diversion of category 1
and category 2 quantities of radioactive material that has a potential
to result in significant adverse health impacts and reasonably
constitutes a threat to public health and safety. In addition, making
these requirements applicable to Agreement State licensees through the
Agreement State Program allows Agreement States to impose these
requirements on its licensees and makes Agreement States responsible
for enforcement of these requirements on its licensees.
Comment A47: One commenter noted that while the NRC has regular
oversight of individual Agreement State programs through its Integrated
Materials Performance Evaluation Program (IMPEP), the NRC should
evaluate its authority under IMPEP against the authority granted to the
Secretary of Transportation under U.S.C. Title 49 Section 5125--
Preemption. Prior to relinquishing its regulatory authority to the
Agreement State, the NRC should ensure that it is authorized and
capable of preempting an Agreement State regulation pertaining to the
physical protection in transit of category 1 and category 2 quantities
of radioactive materials if the Agreement State regulation does not
comply with the general criteria provided in 49 U.S.C. 5125. The
commenter stated that if the NRC concludes that it is indeed
appropriate for the Agreement States to regulate the physical
protection of category 1 and 2 quantities of radioactive material while
in transit then a mechanism has to be in place to ensure these
Agreement State regulations cannot add requirements in addition to
those provided in 10 CFR part 37.
Response: The NRC in its Policy Statement on Criteria for Guidance
of State and NRC in Discontinuance of NRC Regulatory Authority and
Assumption Thereof by States Through Agreement, developed criteria to
implement the Agreement State program, authorized by Public Law 86-373
which was enacted in the form of a new section to the AEA (section 274)
and approved by the President on September 23, 1959 (46 FR 7540-7546;
January 23, 1981). Criterion 10 of the Policy Statement, Regulations
Governing Shipment of Radioactive Materials, provides that the State
shall to the extent of its jurisdiction promulgate regulations
applicable to the shipment of radioactive materials, such regulations
to be compatible with those established by the U.S. Department of
Transportation and other agencies of the United States whose
jurisdiction over interstate shipment of such materials necessarily
continues. Therefore, State regulations regarding transportation of
radioactive materials must be compatible with 10 CFR part 71.
The NRC believes that it is indeed appropriate for the Agreement
States to regulate the physical protection of category 1 and category 2
quantities of radioactive material while in transit under the
provisions of the 274b. Agreements and the continued oversight provided
by the NRC. Many of the transportation requirements fall within the
Compatibility Category B, Program Elements with Significant
Transboundary Implications. Agreement State program elements under
Compatibility Category B should be essentially identical to those of
the NRC. The NRC evaluates these program elements under IMPEP and can
take actions when a State has a program that is not compatible
including termination or suspension of an agreement. We believe that
this mechanism appropriately addresses the concern that a mechanism be
in place to address the scenario of Agreement State regulations, adding
requirements beyond those provided in 10 CFR part 37 where the
additional requirements would not meet the compatibility designation
for a given provision.
Comment A48: Numerous commenters stated that the requirements
created too much burden with little, if any, improvement in security
and are not necessary or justified and are a waste of taxpayer money.
Some commenters felt that the requirements were not commensurate with
the risk of the material and were unnecessarily complex, complicated,
and long. Some commenters noted that there were no quantifiable
benefits, only qualitative benefits and, therefore, there is no
evidence that additional measures are necessary. One commenter noted
that there must be a balance between the real benefit of providing the
services that the category 1 and category 2 sources provide, against a
hypothetical malevolent act that may involve one of these sources. Some
commenters felt that implementation of the new requirements would
financially cripple small companies and would limit funding for new,
safer technologies. Some commenters indicated that the burden could
result in some medical facilities not offering radiation therapy
services, a reduction in research, and will negatively impact patient
care. One commenter was of the opinion that the number of licensees
would drop by 25 to 30 percent. Commenters felt that the original order
requirements are adequate and should be maintained with no additions as
they were sufficient to ensure security. Commenters felt that
additional requirements should be based on documented deficiencies in
the orders and not on the very low likelihood of a terrorist event. One
commenter noted that inspections insure that licensees are performing
operations in such a manner as to meet regulatory requirements as they
stand. One commenter noted that the NRC has not conducted a national
performance-based assessment of the current orders. Commenters stated
that the rule was overly prescriptive. Several commenters stated that
the requirements should be graded for different types of facilities and
material and fixed versus portable material. Some commenters felt that
the NRC has lost touch with the way the industry operates or wouldn't
suggest unnecessary changes.
Commenters noted that monetary burden of compliance with the orders
has required industry to reduce the amount of resources allocated for
other aspects of its business and has made it challenging to compete in
the global market. Some commenters expressed
[[Page 16950]]
concern over the cumulative impact noting the implementation of the
National Source Tracking System and the license verification system.
One commenter noted that it wasn't just the initial outlay, but also
the annual burden that needed to be considered. One commenter noted
that the rule would impact licensees who have previously not been
impacted by the orders. The commenter noted that educating and
inspecting these new licensees will impact the NRC staff resources, and
could diminish their focus on ensuring security compliance for existing
category 1 and category 2 sources. One commenter noted that the rule
would be burdensome on the regulatory agency and LLEAs, as well as
licensees.
One commenter suggested placing generic requirements in the rule
and then address subsets of licensees in the NUREG-1556 series. One
commenter suggested that the proposed rule should be renoticed after
making changes with more detail provided as to the actual safety and
security benefits to be obtained. One commenter noted that the rule
does not conform to the recent draft policy statement on the Protection
of Cs-137 Chloride sources.
Response: The NRC understands the concerns of the commenters and
has tried to limit the burden while continuing to ensure the adequate
safety and security of sources of concern. The security orders were
issued based on the specific knowledge and information available to the
Commission at the time the orders were issued. The NRC never intended
to simply make generically applicable security requirements identical
to the orders. The NRC always intended to consider insights gained from
the implementation of the orders and implementation of the inspection
program, as well as other factors. A number of changes have been made
based on specific public comment. The result of these rule changes
significantly reduces the burden of the final rule as compared to the
proposed rule. The NRC believes that the provisions in the final rule
are necessary to protect the public health and safety and ensure
security. There could be some facilities impacted by the rule that were
not impacted by the orders. Some facilities, such as reactors and fuel
facilities, may be impacted by 10 CFR part 37. There should not be any
byproduct material facilities newly impacted by 10 CFR part 37 that
were not impacted by the orders.
Comment A49: A couple of commenters stated that the NRC should only
include the order provisions in the rule and then start work on
developing a strategic rulemaking, which may need to include changes in
legislative authority, to develop a 10 CFR part 37 with a more risk-
informed and performance-based model. The commenters noted that this
effort should include evaluating requirements for different types and
quantities of radioactive material and different uses, working with
States and law enforcement groups to determine effective ways to
transport material and working with law enforcement groups to determine
effective ways that an LLEA can know and provide emergency response
support to licensees. Another commenter suggested using subparts based
on the type of business and security risks commensurate with each type.
One commenter noted that the two-part approach would be a major
accomplishment for the NRC and would be consistent with NRC's
``Principles of Good Regulation.'' The commenter noted that this
approach would reflect the Commission's Staff Requirements Memorandum
(SRM) on the draft policy statement on the protection of Cesium-137
Chloride sources (SRM for COMSECY-09-0029) which states: ``any
additional efforts to enhance security for these sources should
consider whether there are benefits of further risk reduction given the
NRC's actions to date and the current threat environment.''
Response: It was never the NRC's intent to include in the
rulemaking only the order provisions. While there are differences from
the orders, the NRC believes that the requirements contained in the
final rule are necessary. As a general principle, the NRC prefers to
construct performance-based regulation rather than explicit,
prescriptive regulation where possible. The rule does not dictate what
measures each licensee must use to protect the radioactive materials
under its possession and control, rather the rule allows the licensee
to choose those measures that best meet its needs. The NRC believes
that the rule is risk informed and contains an optimized mix of
performance-based and prescriptive requirements. A two-step process to
conduct two rulemakings would be a waste of not only to the NRC and
Agreement State resources but also those of licensees. The basic
requirements in the orders were the same for all licensees. The NRC is
aware of the areas that need enhancements and these areas are addressed
in the rule. The NRC did add a new option to the regulatory analysis
for the final rule that addresses only including the order provisions
in the rule.
Comment A50: One commenter stated that the total cost of the 10 CFR
part 37 revision should include the costs that the licensees incurred
to meet the orders and that the estimate and burden on licensees is out
of proportion to the actual risk. Another commenter stated that the
option 1 cost analysis was inappropriate because it assumed no security
measures had been implemented, and it should have considered that the
orders were in place. The commenter stated that an additional cost
option determining the cost of implementing a new 10 CFR part 37 with
requirements equivalent to the orders would be helpful. Several
commenters stated that the cost estimates were underestimated but did
not offer better cost estimates. One commenter stated that the annual
recurring licensee cost was underestimated by at least a factor of 2.
One commenter estimated that it would cost about $30,000 to implement
the provisions and about $20,000 every year to maintain the plan and
that the reinvestigation would cost between $10,000 and $20,000
depending on the number of users that need to be rechecked. One
commenter noted that the regulatory analysis did not specifically
describe the average licensee on which the analysis is based. One
commenter (a research facility) noted that it would need to process an
additional 60 individuals per year and that the rule would cost
approximately $23,000 per year and an initial outlay of $30,000. One
commenter noted that it had added one additional employee to address
the order requirements and that the rule would add yet more burden. One
commenter stated that the regulatory analysis does not provide any
technical data to support the statement that the qualitative benefits
outweigh the costs of the rule. One commenter noted that a major
medical facility could have hundreds of individuals in its access
authorization program. One commenter noted that it had spent about
$250,000 on physical site upgrades alone and has recurring costs of
$50,000 annually for the alarm system to support the existing orders.
One commenter stated that it spends approximately $100,000 a year for
the transportation of category 1 and category 2 sources under the
orders. The commenter noted that the amount of employee resources to
implement and support the orders has been approximately 400 man days
initially and 75 man days annually with total costs to date of
approximately $1.5 million. The commenter estimated that to implement
the additional requirements in the rule, it would cost
[[Page 16951]]
$250,000 initially which includes 100 man days to set up all the
programs and procedures and an ongoing annual cost of $100,000 to
$200,000 for hiring at least one to two individuals as a technical/
administrative resource to implement all the procedural and
documentation requirements. The commenter stated that the costs assumed
in the regulatory analysis ($25,000 initially and $27,000 annually) to
be substantially underestimated. Some commenters noted that the
regulatory analysis did not identify any quantifiable values and that
the qualitative benefits were identical to the program in place today.
One commenter noted that National Nuclear Security Agency (NNSA) is
spending $26 million to implement voluntary enhancements at certain
facilities. One commenter noted that it was not clear that NRC had
considered the potential impacts to licensee safety programs, research,
and an increase in disused sources due to ''deteriorating financial
circumstances'' (mentioned in SECY 10-0164) that may result from the
rulemaking.
Response: The NRC appreciates the information provided on cost and
considered that information when estimating the costs in the final
regulatory analysis, increasing the annual cost of implementing the
measures, increasing the number of individuals requiring a background
investigation, and using different values for a small, medium, and
large facility. The regulatory analysis prepared to support the
proposed rule did contain the cost information on the orders. As the
cost has already been expended, it is considered a sunk cost and is not
included in the main analysis. The cost is provided for informational
purposes. Many attributes considered in a regulatory analysis can only
be expressed in a qualitative way and cannot be quantified. Differences
in quality cannot be easily assessed or expressed. While it is possible
that some licensees may decide to go out of business and there could be
additional disused sources, the NRC is not able to predict how many, if
any, companies might decide to go out of business.
Comment A51: One commenter noted that the regulatory analysis and
regulatory flexibility analysis did not reflect the actual number of
licensees impacted (closer to 2,900) versus the number actually
implementing the orders (about 1,400).
Response: The regulatory analysis did reflect the 2,950 licensees
that would be impacted by the proposed rule. Section 3.2.3 lays out the
assumptions used in the analysis. The analysis assumed that 1,400
licensees would need to fully implement the security provisions and
that another 1,550 licensees would need to conduct some activities. The
commenter is correct that the regulatory flexibility analysis only
addressed those that fully implemented the provisions.
Comment A52: Two commenters noted that the regulatory analysis does
not address how harmonization between the NRC proposed rule and
eventual Agreement State regulations will be assured; specifically in
regards to the requirements contained in subpart D. The commenter noted
that inconsistencies between Agreement State transport security
requirements could greatly hinder the ability to transport category 1
and 2 quantities of radioactive materials in commerce and could also
serve as barriers to transporting category 1 and 2 quantities of
materials through an Agreement State. The commenter noted that it is
also unclear if the NRC considered what fees Agreement States may
impose to fund the cost of regulating the physical protection of
material in transit. The commenter noted that the State of Iowa
currently has what Industry considers excessive fees to transport
category 1 quantities of materials through the State.
Response: The commenter is correct that harmonization of the
requirements between the NRC and the Agreement States is not addressed
in the regulatory analysis; the cost for the States to adopt the
regulations is addressed. The final rule is a matter of compatibility
between the NRC and the Agreement States. The NRC analyzed the final
rule in accordance with the procedure established within Part III,
``Categorization Process for NRC Program Elements,'' of Handbook 5.9 to
Management Directive 5.9, ``Adequacy and Compatibility of Agreement
State Programs.'' Most of the provisions in subpart D are Compatibility
Category B because there are significant transboundary implications.
The Agreement States must adopt Category B program elements in an
essentially identical manner. The Agreement States do have 3 years to
adopt the regulations. For transportation of category 1 quantities of
radioactive material, an Agreement State licensee will continue to
follow the NRC order on transportation until the State adopts the
regulation. The order would then be withdrawn and the transportation
would occur under the Agreement States' regulations. For category 2
shipments, an Agreement State licensee will follow the Increased
Control provisions on transportation until the State adopts the
regulations. As for the fees that a State may charge, the NRC does not
have any control as this is not a matter of compatibility. A State
could choose to charge a fee whether the transport occurred under NRC
or State requirements. The fees aspect is beyond the scope of this
rulemaking.
Comment A53: One commenter noted that because Agreement States have
3 years to adopt regulations compatible with the final rule, provisions
need to be made so licensees with both NRC and Agreement State licenses
who modify their programs to comply with the NRC requirements are not
cited as noncompliant with the Agreement State license.
Response: A licensee must be in compliance with the regulations for
the jurisdiction in which it operates. Part 37 is no different than any
other regulation in that regard. A licensee that has implemented the 10
CFR part 37 requirements should be in compliance with the majority of
the provisions in the orders. The licensee can have discussions with
its Agreement State regulator about adopting the provisions before the
State has issued compatible requirements.
Comment A54: One commenter addressed the questions related to small
businesses. The commenter indicated that the rule needs to be more risk
informed and better recognize the actual risk associated with category
2 sources by providing more flexibility. The commenter indicated that
the annual risk from a category 2 radioactive material dispersal device
is between 10,000 and 100,000 times less likely than many other sources
of premature death that the United States population commonly accepts
from smoking, obesity, medical accidents, and auto accidents.
Response: The Commission has determined that category 1 and
category 2 quantities of radioactive material warrant additional
security measures. In addition, the Radiation Source Protection and
Security Task Force found that the category 1 and category 2 quantities
warrant enhanced security and protection. See also QA5 and QA6 in
Section II of this document.
Comment A55: Two commenters provided input on the specific
questions related to information collection. On the question of whether
the proposed information collection is necessary for the proper
performance of the functions of the NRC and the information has
practical utility, one commenter agreed with the need for signed
consent but questioned the usefulness of the credit history review and
the FBI criminal history records check. The commenter agreed that a
licensee needs to have an individual's employment and education
history, but questioned the need to
[[Page 16952]]
require the individual to provide the information multiple times if the
licensee already has the information in the individual's employment
record. The commenter did not address the utility of any other aspects
of the information collection. Two commenters did not agree with the
burden estimate. One commenter stated that the estimate of the number
of individuals who would need to have a background investigation was
low; but provided no other estimates. The commenter also indicated that
the cost of the background investigation was underestimated, and
estimated that a background check would cost from $60 to $250 and
higher. The commenter noted that it would take licensee personnel 10
hours to gather, submit, and review background information for a normal
background check, to more than 20 hours if the individual had resided
in multiple State and foreign jurisdictions. The commenter estimated
that it would take an individual 2 hours to complete a personal
disclosure history, and that this was not included in the analysis. The
commenter noted that a licensee would have to develop a compliance
program required by the Fair Credit Reporting Act to obtain credit
history and arrest records. A second commenter stated that the current
labor rate for nonroutine technical support is $149 per hour. The
commenter stated that first-year implementation would be about 320
hours, or $47,000 and about $30,000 a year thereafter. On the question
of whether the burden of the information collection could be minimized,
one commenter noted that a more prudent and efficient method of
checking background and overall status of an employee is to use the
federal database ``E-verify.'' The commenter stated that the NRC could
rely on the E-verify check as one of the background check tools for a
licensee's access authorization program. The commenter also requested
that guidance be given on FBI criminal background reports to assist a
licensee's understanding of what the information in the report means.
Response: The NRC notes that the FBI criminal history records check
is required by the EPAct. The NRC has removed the requirement for a
credit history evaluation as part of the background investigation. See
response to Comment B67 for further discussion on credit history. There
is no requirement for an individual to provide employment and education
history multiple times. If the licensee already has that information,
it does not need to go back to an individual to obtain the information
a second time. Effort for the personal history disclosure was not
included because it was viewed as information that would be provided
when seeking employment and completing an application for employment.
The information on cost and time was factored into the regulatory
analysis for the final rule. As for the E-verify system, a licensee may
use it as one tool for completing a background investigation, but use
of E-verify alone would not meet the requirements for the background
investigation. Guidance on the background investigation is available in
the implementation guidance.
Comment A56: Commenters requested guidance for various provisions
of the rule, noting that the guidance was necessary for both the
licensees and the regulatory agency. Commenters were specifically
interested in guidance for both the determination on the reviewing
official that would be used by the regulator and for the determination
for those to be allowed unescorted access to the material that could be
used by the reviewing official. Commenters felt that the lack of
criteria or guidance will result in inconsistent approval or denial of
the individuals. Commenters noted that compliance determinations are
performance based and that the regulatory agency would have no recourse
but to deem a licensee's determination appropriate as long as the
licensee documented the basis. Several commenters agreed that licensees
should be allowed flexibility in conducting the background reviews. One
commenter suggested that the NRC should review 49 CFR 73.8 for specific
guidance for denying an individual access.
Response: Guidance on the rule is available in the document
``Implementation Guidance for 10 CFR part 37 Physical Protection of
Byproduct Material Category 1 and Category 2 Quantities of Radioactive
Material,'' which will be published at approximately the same time as
this final rule. Guidance on what should be considered in evaluating
the results from the background investigation is in the document. The
document does not contain a checklist, but provides general guidelines
for making the determination on whether to grant an individual
unescorted access. The determination basis is performance based; each
licensee is responsible for making its own determination. Under the
orders, the trustworthiness and reliability official made the
determinations of who was granted access and that official is now
called the reviewing official. Although there will be additional
factors to consider, the decision-making responsibility remains
unchanged.
Comment A57: One commenter stated that the sections for the
Paperwork Reduction Act Statement and Regulatory Flexibility
Certification do not appear to have included pool irradiator and
manufacturer/distributor licensees with category 1 quantities of
radioactive material in their scope, and the documents will need to be
augmented.
Response: Pool irradiator and manufacturer/distributor licensees
were included in the analysis conducted for the Paperwork Reduction Act
Statement and the Regulatory Flexibility Certification.
B. Access Authorization Program
Comment B1: One commenter stated that Sec. 37.21(a) did not
address the requirements for currently approved access authorization
programs or the actions that must be taken by the licensee within a
specific timeframe. Another commenter noted that it was not clear what
licensees that implemented the orders needed to do.
Response: The NRC did not approve access authorization programs
under the orders. The NRC approved them in the sense that we inspected
and did not cite them if their programs were adequate. All licensees
that allow unescorted access to an aggregated category 1 or category 2
quantity of radioactive material must have an access authorization
program that meets the requirements of subpart B on the date that the
rule is effective in the State in which the licensee conducts its
operations. The NRC is providing a 1-year implementation period for the
final rule.
Comment B2: One commenter requested clarification as to whether
Sec. 37.21(a)(2) is based on possession or authorized possession.
Response: The proposed rule contained several provisions that were
based on authorization to possess. These provisions are not contained
in the final rule. The NRC has revised the text to make clear that the
provisions apply only to those that actually possess the material.
Comment B3: One commenter stated that in Sec. 37.21(b), the term
``unreasonable risk'' should be defined.
Response: The NRC disagrees with the comment. The NRC acknowledges
that implementation is dependent on the judgment of the reviewing
official; however, this is a performance-based requirement and provides
the licensee with flexibility in the implementation of its program.
Although, the NRC has removed the term ``unreasonable risk''
[[Page 16953]]
from the requirement, the concept remains because the concept is
inherent in the definition of trustworthy and reliable.
Comment B4: One commenter stated that Sec. 37.21(c) should be
deleted as being redundant to previous sections about who is approved
for unescorted access.
Response: The NRC disagrees that Sec. 37.21(c) is redundant. The
section establishes the individuals that are subject to the access
authorization program.
Comment B5: One commenter stated that Sec. 37.21(c)(1) introduces
new criteria for approval (individuals with job duties that require
unescorted access) that are not otherwise used in the regulations. The
commenter indicated that if it was considered necessary to limit
approvals, the section should be modified by inserting the word
``only.''
Response: The NRC disagrees with the comment. Section 37.21(c)(1)
establishes the individuals who are subject to the access authorization
program and, therefore, need to undergo a background investigation and
be determined to be trustworthy and reliable.
Comment B6: One commenter asked if the shipper or the carrier was
responsible in Sec. 37.21.
Response: The licensee is responsible for assuring that all
individuals who have unescorted access to the category 1 or category 2
quantities of radioactive material have undergone a background
investigation (or fall under one of the categories for relief) and been
determined to be trustworthy and reliable. A commercial carrier is
subject to separate State and federal transportation security
requirements, and is not a licensee under 10 CFR part 37.
Comment B7: One commenter noted that movement control center
personnel were included in the list of individuals who were to be
subject to an access control program. The commenter noted that the
licensee may not have direct oversight of these centers and the center
may be monitored by LLEA or other security or emergency personnel which
could make enforcement difficult or impossible as these individuals
would likely not be responding to an emergency. One commenter noted
that the vehicle driver and accompanying individual(s) and movement
control center personnel are typically employed by the carrier, and the
access authorization program should be under the carrier's
responsibility. One commenter stated that licensees can't implement the
requirement of Sec. 37.21(c)(1)(ii) and (iii) when carriers are used
for shipments of category 1 quantities.
Response: The movement control center personnel were included
because they have access to SGI-M. The vehicle driver and accompanying
personnel were included, in part, because they have access to the SGI-M
information. Whether these individuals come under 10 CFR part 37 access
authorization program or not, they would still need to be fingerprinted
and determined to be trustworthy and reliable under the requirements of
10 CFR part 73. The NRC has revised Sec. 37.21(c) to reflect that
those with access to SGI may be placed under 10 CFR part 37 access
authorization program or they may be part of a separate program that
meets the requirements of 10 CFR part 73. Law enforcement personnel are
relieved from the fingerprinting and background check that are required
for access to SGI and are relieved from the background investigation
required under 10 CFR part 37.
Comment B8: One commenter stated that Sec. 37.21(c)(3) conflicts
with the requirements of Sec. 37.21(c)(1)(ii), (iii), (iv), and (v) as
none of those personnel require unescorted access to radioactive
material.
Response: The NRC disagrees that there is conflict with the
requirements. Some of the personnel referenced in Sec. 37.21(c)(1)
were part of the access authorization program because they required
access to SGI information which also requires a determination of
trustworthiness and reliability. However, the requirements for the
background investigation required for SGI and unescorted access are not
identical, so the NRC has revised Sec. 37.21(c) to reflect that those
requiring access to SGI may be included in the access authorization
program, but are not required to be included. The licensee can choose
to have a separate program to provide access to SGI information.
Comment B9: One commenter noted that the specific requirement for
access to materials included transport of category 1 and category 2
materials and that the requirements should be consistent with 10 CFR
part 71 and 49 CFR 171 through 180.
Response: Part 71 does not contain requirements related to access
of materials. The referenced DOT regulations do not contain
requirements for access to materials, except for a driver who needs a
hazardous material certification which includes fingerprints and an FBI
criminal history check. Part 37 provides relief from the fingerprinting
aspects of the background investigation for individuals that have
undergone the DOT check.
Comment B10: Two commenters requested clarification whether an
engineer designing the security systems for an irradiator room would
need unescorted access. The commenters noted that it would be
beneficial if the requirements for individuals with access to sensitive
information were clearly described.
Response: Whether to grant unescorted access to an engineer
designing the security systems would be up to the licensee. The
licensee could arrange for the engineer to be escorted while in the
irradiator room or could conduct a background investigation and grant
the engineer unescorted access if the licensee believed it was
warranted. The requirements for individuals with access to sensitive
information are contained in Sec. 37.43(d).
Comment B11: One commenter asked what shipping information requires
an access authorization program.
Response: The shipping information related to shipments of category
1 quantities of radioactive material is considered to be SGI-M. Part 73
contains requirements for individuals to undergo a background check and
be determined to be trustworthy and reliable before being allowed
access to SGI. A licensee can include those individuals needing access
to SGI-M in its access authorization program under 10 CFR part 37 or in
a separate program under 10 CFR part 73. If a licensee has an access
authorization program that meets the requirements of 10 CFR part 37,
the program will also meet the requirements of 10 CFR part 73 for
access to SGI-M.
Comment B12: One commenter noted that a licensee's access
authorization program expands beyond those permitted to have unescorted
access to category 1 or 2 sources and, therefore, the rule text must
accurately reflect the need to include such individuals without
requiring them to have unescorted access to the sources.
Response: The access authorization program may also apply to those
that require access to SGI, such as personnel involved in
transportation of category 1 quantities of radioactive material. The
rule has been clarified to reflect that those with access to SGI may be
part of the access authorization program for materials unless the
licensee chooses to have a separate program. Although the comment is
not clear, the NRC believes that the commenter was referring to the
reviewing official as someone that should not be required to have
unescorted access to the sources. The NRC believes that it is important
that
[[Page 16954]]
the reviewing official undergo the same background investigation as
those being reviewed and approved by the reviewing official. Therefore,
the reviewing official is included in the access authorization program.
See also the responses to B14 and B15.
Comment B13: One commenter noted that if the radioactive material
is in a secured area within a room, then a trustworthiness and
reliability determination shouldn't be required for personnel who need
access to that room.
Response: Secured area can mean different things. If the material
is accessible by breaching a common barrier, then the individuals would
need to undergo a background investigation and be determined to be
trustworthy and reliable. See the implementation guidance for examples.
Comment B14: In the proposed rule, the NRC specifically invited
comment on the issue of fingerprinting the reviewing official.
Commenters were specifically requested to provide information on: (1)
Whether the reviewing official needs to be fingerprinted and have an
FBI criminal records check conducted; (2) whether the other aspects of
the background investigation are adequate to determine the
trustworthiness and reliability of the reviewing official; (3) whether
there are other methods that could be used to ensure that the reviewing
official is trustworthy and reliable; (4) whether the requirement to
fingerprint the reviewing official places too large of a burden on the
licensee; and (5) whether the Agreement States have the necessary
authority to conduct reviews of the nominated individual's criminal
history record. Twenty commenters provided responses to the specific
questions on this subject.
Of those that provided responses to the questions on fingerprinting
of reviewing officials, the commenters were evenly split on whether the
reviewing official should be fingerprinted. Of those that responded no
on the fingerprinting, most did not support the concept of a reviewing
official at all and stated that the trustworthiness and reliability
official established under the Increased Control Orders should remain
in place. One of those opposed to the fingerprinting of the reviewing
official stated that the official should be approved by the licensee as
did a couple of the commenters that indicated support for
fingerprinting. One of those supporting fingerprinting was opposed to
requiring the individual to have access to radioactive material. The
commenter suggested that the NRC table this element until NRC is
granted authority to require fingerprinting of the reviewing official.
The majority of those responding indicated that the other aspects of
the background investigation were adequate to determine the
trustworthiness and reliability of the reviewing official, including
several commenters that supported the fingerprinting requirement.
Several responded that specific guidance and acceptance or rejection
criteria must be made available. Several commenters indicated that the
reviewing official should meet all of the requirements for unescorted
access. Three commenters stated that other aspects of the background
investigation were not adequate but also indicated that they did not
support the concept of a reviewing official. Based on its experience
with the orders, one commenter stated that the criminal history derived
from the FBI should serve as the sole basis. Most of the commenters did
not think that the fingerprinting placed too large a burden on the
licensee. Of the two commenters that felt that fingerprinting did place
too large of a burden on the licensee, one of the commenters did not
explain its rationale and the other stated that it was unnecessary for
the reviewing official to have access to the material. One commenter
indicated that this placed too large a burden on the States. On the
question of whether the States have the authority to conduct reviews of
the nominated individual's criminal history record, the response was
inconclusive, with many commenters noting the authority was
undetermined or not clear whether the State had authority. One State
indicated that it did have the authority, two States that they probably
had the authority, and one State indicated that it did only if specific
disqualifying criteria are put in the regulations. Suggestions for
other methods that could be used to ensure that the reviewing official
is trustworthy and reliable included deferring the decision to licensee
management using best business practices; using a background
investigation by a professional such as a police investigator, private
security clearance contractor, or human resource professional; and use
of employment history with the licensee.
In addition to those that addressed the specific questions, 33
commenters addressed this subject. The Conference of Radiation Control
Program Directors (CRCPD) conducted a survey of the Agreement States,
and 69 percent of those that responded disagreed with the requirement
for the regulatory body to approve the reviewing official. However, 62
percent did support the requirement that the reviewing official be
fingerprinted. Some commenters noted that there may be some States that
may not have the authority to adjudicate fingerprints for approval.
CRCPD reported that 69 percent of the responders to its survey
indicated that they do not have the necessary authority to conduct the
criminal history reviews without legislative action. Some of the States
noted that they have the authority but do not want to conduct
fingerprint reviews. One State indicated that it may not have the
statutory authority to write a rule to approve the reviewing official,
and another noted that it did not have the authority unless there were
clear criteria. At least one State noted that it may not be able to
completely protect the findings of the criminal history records check
from public release. Several commenters expressed concern that the
regulatory body (NRC or the Agreement State) would be basing the
regulatory approval of the reviewing official on only the results of
the fingerprints for a criminal history records check, and the other
elements of the background investigation would not be part of the
approval process. Commenters noted that neither the regulatory body nor
the licensee would have the benefit of the complete information on an
individual in order to make an informed determination. Commenters felt
that the approval of the reviewing official should remain with the
licensee and not the regulatory body because the licensee has more
direct personal knowledge and experience with the individual, and the
licensee has much more to lose by approving an incompetent reviewing
official. Some commenters supported the approval of the reviewing
official to be an outside agency such as the NRC as a logical
methodology.
Some commenters noted that the regulator should not deny someone
based only on the fingerprint results. Several commenters noted that
this would put additional resource burden on the regulatory body and
that there is no compelling evidence of threat to public health and
safety or security or that the current system is not working. Some
States expressed concern over the possible liability for approving a
reviewing official. Some commenters objected to the need to submit or
remove the background check results outside of their offices and send
them to the regulatory body. Commenters questioned how the Agreement
State will be able to review the fingerprint results when the
fingerprints are sent to the NRC. One commenter stated that the
[[Page 16955]]
rule should specify who evaluates all of the information for the
reviewing official, as a licensee is required to have the information
reviewed before submittal of the fingerprints. The proposed rule puts
the burden of review of fingerprint results on the regulatory body
which will result in a resource burden. Commenters noted that it is
unknown what the impact on Agreement States' resources will be to begin
approving reviewing officials.
Response: After considering the comments, the NRC has decided to
change the approval for the reviewing official. The NRC (or Agreement
State) will no longer approve the reviewing official. The final rule
adopts a similar process to what was in the Increased Control Orders.
Each licensee will be required to provide the name of the reviewing
official(s) to the NRC (or Agreement State) and certify, under oath or
affirmation, that the reviewing official is trustworthy and reliable.
By the licensee certifying under oath and affirmation that the
individual is trustworthy and reliable, the NRC believes that it
adequately addresses the good faith presumption concern. This
certification occurs after the licensee has completed the background
investigation for the reviewing official. The determination basis for
the reviewing official is subject to inspection. If the individual has
undergone fingerprinting and an FBI criminal history records check, a
licensee can continue to use the trustworthiness and reliability
official or the reviewing official used under the orders.
Comment B15: Many commenters objected to the need to grant the
reviewing official access to the radioactive material or SGI. Many
licensees have used Human Resources (HR) personnel to conduct the
background investigations under the orders as they are the hiring
experts for their companies. It was further noted that HR personnel
would not have a need for unescorted access to category 1 and category
2 quantities of radioactive material. Licensees noted that this means
that HR personnel are either prohibited from doing the access
authorization or must be permitted access to the material or SGI.
Further, commenters note that permitting HR personnel access creates
possible radiation safety/security issues or creates an untenable
business model for Increased Controls licensees with no evidence that
the current system under the orders is flawed in any way. Some
commenters noted that if it is the intent simply to have this person
undergo the same level of scrutiny as those who would be given
unescorted access, then the regulation should be amended to state as
much. One commenter noted that the orders were quite emphatic that no
individual should be granted access unless the individual actually
needed access and that requiring the reviewing official to have access
appears to reduce security. Several commenters noted that the
workaround needed to require fingerprinting was an inappropriate
approach and that NRC should complete the process of obtaining from
Congress the authority to fingerprint the reviewing official.
Commenters noted that the requirement is unduly restrictive on
management options and an invasion of the rights to operate a business
as they see fit. Commenters also noted that there may be other
requirements surrounding unescorted access that could be implemented in
the future and may not apply to the reviewing official that could cause
hardships for licensees. While a few commenters were opposed to the
requirement to have the reviewing official fingerprinted, most of the
commenters did not object. One commenter noted that relying on someone
to compile the information and have the reviewing official make the
final decision also introduces the possibility of the individual
compiling the information to act in a malevolent manner. One commenter
suggested the following language: ``Reviewing officials must meet the
necessary requirements to have unescorted access to category 1 or
category 2 quantities of radioactive material.'' Two commenters noted
that, if a reviewing official is granted unescorted access as a routine
job requirement, the individual receive and satisfactorily complete
radiation safety training required by the licensee.
Response: The NRC believes that it is essential that the individual
that approves others for unescorted access to radioactive material
undergo the same background investigation before approving individuals
for unescorted access. The NRC needs to have confidence in the
integrity of the reviewing official. The reviewing official is one of
the layers for defense-in-depth of the security program. If the
reviewing official exercises the permission for unescorted access to
the material, the individual would need to undergo any required
training, including any safety training, before actually having
unescorted access. There are often individuals at facilities that have
unescorted access permission but seldom exercise the permission. The
language has been revised slightly to note that the reviewing official
must be permitted unescorted access, and the phrase ``as part of their
job duties'' has been removed. However, these individuals are not being
required to physically access the material. The changes were made to
better match the language in the AEA. The compatibility of Sec.
37.23(b)(3) was changed to Category C to allow States to be more
restrictive as it relates to access to the material. Some States may
have authority to require fingerprinting by use of other mechanisms
than the AEA.
Comment B16: Several commenters suggested allowing a reviewing
official approve others to be a reviewing official as this would
provide the licensee with more flexibility in assigning individual
duties. Commenters noted that the restriction seemed arbitrary. One of
the commenters noted that there was no reason why a reviewing official
couldn't approve someone as there is no difference in the determination
for a reviewing official and someone for unescorted access. Commenters
noted that if this requirement was an attempt to maintain a list of
reviewing officials it could be accomplished in a different manner.
Response: The NRC does not believe that the reviewing official
should be allowed to approve another individual to be a reviewing
official. While the background investigation is identical, the
responsibility for the reviewing official is greater. However, under
the final rule, a licensee is able to name its own reviewing officials.
The existing reviewing official could be involved in the background
investigation evaluation. See also response to comment B14.
Comment B17: One commenter suggested adding the word ``nominated''
before reviewing official in Sec. 37.23(b)(5) because the person is
not a reviewing official until approved by the NRC.
Response: The requirement for nominating a reviewing official has
changed in the final rule. A licensee now names the reviewing official
and certifies under oath and affirmation, to the NRC, that the
reviewing official is trustworthy and reliable. See also response to
Comment B14.
Comment B18: Two commenters objected to the wording in Sec.
37.23(b)(4) and (5) that implies that the reviewing official permits
unescorted access. The commenters agreed that the reviewing official
should be the individual who makes the trustworthiness and reliability
determinations but asserted that the reviewing official should not be
the individual who gives permission for unescorted access. The
commenters noted that after a positive determination is made, the
actual determinations for
[[Page 16956]]
unescorted access should be controlled by someone else such as the RSO.
The commenters suggested that the two sections be revised to remove the
permit unescorted access language. The commenters also suggested that
Sec. 37.23(e)(2) be modified by changing the word ``permit'' to
``authorize.''
Response: The NRC agrees with the comment. The NRC has revised the
language in Sec. 37.23(b)(1) (formerly paragraph (b)(4)) to read:
``Reviewing officials are the only individuals who may make
trustworthiness and reliability determinations that allow individuals
to have unescorted access to category 1 or category 2 quantities of
radioactive materials possessed by the licensee.'' The NRC has removed
the provision in Sec. 37.23(b)(5) as it was duplicative of paragraph
(b)(4) (now paragraph (b)(1)). The NRC has not revised the language in
Sec. 37.23(e)(2) because permit is the term used in the AEA.
Comment B19: One commenter noted that Sec. 37.23(b)(5) is
redundant as Sec. 37.23(b)(4) conveys the same requirement.
Response: The NRC agrees with the comment and has removed Sec.
37.23(b)(5) from the rule.
Comment B20: Two commenters recommended that the reviewing official
be allowed to authorize access to SGI.
Response: The reviewing official may approve individuals for access
to SGI. Part 73 requires that a reviewing official conduct the
background check review, but does not specify who that individual is or
specify any qualifications for the position. A licensee can choose to
use the same individual for both the SGI access under 10 CFR part 73
and unescorted access under 10 CFR part 37.
Comment B21: One commenter noted that licensees were allowed
fingerprint exemptions based on submittal to other governmental
programs, such as those to access Select Agents or government
clearances. The commenter noted that these programs allow for licensee
personnel to be trained to take the fingerprints but that the rule does
not allow the reviewing official to be fingerprinted by the licensee
personnel which will result in additional cost to travel to an
authorized agency and fees to have the authorized agency take
fingerprints. Two commenters noted that the requirement for the
fingerprints of the reviewing official must be taken by a law
enforcement agency, Federal or State agencies that provide
fingerprinting services to the public, or commercial fingerprinting
services authorized by a State to take fingerprints and that this
seemed arbitrarily restrictive and was not a similar requirement for
other individuals. The commenters also noted that 10 CFR part 73 did
not contain a similar provision.
Response: The NRC disagrees with the comment. Because the reviewing
official has extra responsibility in the access authorization program
and will be making the determinations to allow access, the NRC believes
that it is necessary for the reviewing official's fingerprints to be
taken by an entity that will verify that the identification matches the
person being fingerprinted. This ensures the identification of the
individual submitting the fingerprints. Without this requirement the
reviewing official could submit the fingerprints of another individual
that is known not to have a criminal history or known terrorist ties.
Comment B22: Two commenters asked how a licensee will know if an
appointed reviewing official has been approved. Commenters also asked
how long the review would take. One commenter asked the NRC to describe
the controls that will be in place to protect the personal information
provided to the NRC on behalf of the prospective reviewing official.
One commenter noted that the regulation does not indicate what the NRC
will do with the fingerprints and how long the NRC retains personal
information and the FBI data. The commenter wanted to know how long the
FBI and NRC retain the fingerprints and personal information and who
they can or will share that information with. Commenters were concerned
how the transition period, before a reviewing official is approved,
could impact a program. Some commenters questioned the length of time
for NRC review.
Response: The final rule does not contain the provision for the NRC
(or Agreement State) to approve the reviewing official. The only
information provided to the NRC is the name of the individual and the
fingerprints. The NRC typically does not retain the fingerprints and
FBI results beyond 30 days. Either the cards are destroyed or the
electronic file is deleted in accordance with Federal guidelines.
Comment B23: A few commenters indicated that the T&R officials
under the orders would be grandfathered and become reviewing officials
under the rule. Another commenter wanted to know what is meant by the
statement that the already deemed reviewing official may continue to
act in that capacity for an expanded set of persons, i.e., what is
classified as an expanded set of persons. One commenter recommended
revising the rule to relieve reviewing officials who already have
fingerprints on file from submitting fingerprints again.
Response: The NRC disagrees with the comment in part. The
commenters have misunderstood the grandfather clause. The T&R officials
would only be grandfathered if they had been fingerprinted under the
orders for either unescorted access to the radioactive material or to
SGI. If the T&R official has not previously undergone the
fingerprinting and criminal history records check, he or she would need
to complete the fingerprinting before making any additional
determinations for access to material. The expanded set simply referred
to those individuals, including new employees, who might newly require
a background investigation.
Comment B24: Several commenters noted that both the NRC-Agreement
State working group and the NRC staff steering committee developing the
fingerprinting orders discussed at great length whether to require
fingerprinting and background checks for T&R officials. Under the
orders, T&R officials were not subject to the requirements. Commenters
noted that they were not aware of any subsequent developments that
would change the situation and now warrant requiring fingerprinting and
background checks for reviewing officials now required under part 37.
The commenters objected to what they called the appearance of an
attempt to incorporate in rule a concept that did not have consensus
and was not incorporated after going through the previous security
orders working group process. They are opposed to requiring the
reviewing official to undergo fingerprinting and a background check
because in their opinion the requirements provide no plausible added
benefit to the existing structure under the orders.
Response: The 10 CFR part 37 working group considered the order
requirements, lessons learned, implementation issues, inspection
issues, recommendations from other reviews, as well as the comments on
the preliminary rule language. The 10 CFR part 37 working group
determined that there was a potential gap with the individual approving
others for access without undergoing the same background investigation.
Requiring the reviewing official to undergo a background investigation
addresses the good faith presumption. See also the response to question
B5 in Section II.
Comment B25: One commenter objected to the timing of the submittal
of the fingerprints for the reviewing official, noting that the
approval process would be timelier if the fingerprints
[[Page 16957]]
were processed at the same time the licensee is conducting the other
elements of the background investigation.
Response: The requirement for NRC approval of the reviewing
official has been removed from the rule. The rule requires the licensee
to certify that the reviewing official is trustworthy and reliable and
to then provide the name of that individual designated as the reviewing
official to the NRC. See also response to Comment B14.
Comment B26: One commenter noted that many of the items in subparts
A through D do not reference SGI, but the requirements in this rule
apply, and the inconsistencies must be corrected.
Response: The NRC disagrees with the comment. Requirements for
protection of SGI are contained in 10 CFR part 73, not 10 CFR part 37.
Part 37 contains appropriate references to the requirements for SGI
that are contained in Sec. Sec. 73.21 and 73.23.
Comment B27: One commenter requested that a section for a master
materials licensee to approve reviewing officials at the permittee
level facilities be added.
Response: The licensee is now responsible for approving the
reviewing official. See also the response to comment B14.
Comment B28: One commenter noted that it was not clear how the
licensee would comply with the requirement in Sec. 37.25(a)(1) to
complete fingerprinting and an FBI identification and criminal history
records check for reviewing officials before granting them unescorted
access inasmuch as NRC (or the Agreement State) would have the
responsibility of reviewing the FBI identification and criminal history
records check information, in lieu of the licensee doing so.
Response: The NRC (or the Agreement State) is no longer involved in
the approval of the reviewing official. See also response to comment
B14.
Comment B29: One commenter raised the issue of how individuals
denied approval for reviewing official duties will be tracked to avoid
going to another jurisdiction for approval.
Response: The final rule does not require the NRC to approve the
reviewing official. The NRC does not plan a tracking system to track
reviewing officials.
Comment B30: Two commenters requested information on what happens
if the company appointed reviewing official is denied, particularly in
smaller companies where the owner, manager, or RSO may be the appointed
reviewing official and how such a denial might affect the operation of
the company.
Response: The licensee is now responsible for approval of the
reviewing official. The NRC is not involved in the decision. See also
response to comment B14.
Comment B31: One commenter suggested changing the characteristics
derived from the background investigation. The commenter stated that
for the reviewing official to state that an individual is ``trustworthy
and reliable'' implies more of an intimate knowledge of the
characteristics of a person than would be gained from simply running
the required checks. The commenter suggested that defining an
individual as ``low-risk'' may be more appropriate.
Response: The NRC disagrees with the comment to change the rule.
The NRC recognizes that determining that an individual is considered to
be trustworthy and reliable is subjective, and not a guarantee that the
individual won't ever commit, or conspire to assist others in
committing, a malevolent act. The trustworthy and reliable concept is
in the orders and is in other locations in the regulations.
Comment B32: One commenter suggested that, for those individuals
who are relieved from the fingerprinting, identification, and other
elements under Sec. 37.29, the licensee should be exempt from the
requirement in Sec. 37.23(c) to provide informed consent and obtain a
signed consent form. The commenter noted that it conducts a background
investigation on all badge-holders (employees, fellows, contractors,
etc), the vast majority of whom have no intent of applying for purposes
of unescorted access and that there is no opportunity, or it is a
misplaced opportunity, to request an individual's signed consent under
this regulation at the point of background investigation initiation.
The commenter stated that there should also be an exemption for this
situation as there is no need to repeat the background investigation
just because an individual later determines a need to request
unescorted access. Other commenters questioned why an individual that
has already been subject to fingerprinting now needs to provide
consent.
Response: Section 37.23(c) states that the licensee does not need
to obtain signed consent from those individuals who have undergone a
background investigation under the orders or 10 CFR part 73. A signed
consent is not necessary until the reinvestigation occurs. A licensee
would not need to obtain a signed consent from an individual subject to
Sec. 37.29, unless the licensee conducted one or more of the elements
of the background investigation.
Comment B33: One commenter questioned whether the NRC would develop
a standard consent form and background questionnaire form so that
everyone asks the same questions and evaluates on the same basis.
Response: The NRC has included a consent form in the guidance that
could be used by licensees. A standard background questionnaire was not
included as this would be similar to the information included in
applications for employment. Information would include job history,
education history, and a list of references.
Comment B34: One commenter stated that Sec. 37.23(e) was
improperly named as no basis for making a determination was included,
only a requirement for licensees to develop, implement, and maintain
written procedures with the determination basis that they deem
appropriate.
Response: The NRC disagrees with the comment. The section contains
the requirement for the reviewing official to make determinations on
authorizing unescorted access, and the NRC believes that it is
appropriately named. The licensee is provided flexibility in the
criteria that it uses to make a determination.
Comment B35: One commenter stated that NRC should provide the
specific and detailed adjudication criteria that will be used to
approve the reviewing official.
Response: The guidance document contains the general criteria that
the NRC used in approving reviewing officials under the orders. The
specific criteria to be used are up to each licensee.
Comment B36: One commenter stated that licensees are not in a
position and do not have the knowledge and skill to ensure that
personnel are trustworthy and reliable and that all that licensees can
be expected to do is to follow the NRC rule that was presumably written
to provide licensees with methods to screen personnel.
Response: Licensees are required to follow the requirements in 10
CFR part 37 to acquire information about personnel and to make their
own judgments of the trustworthiness and reliability of their
employees. These determinations do not require specialized knowledge or
skill and are similar to the determinations that licensees make in
hiring decisions.
Comment B37: One commenter requested that Sec. 37.23(e)(1) and (2)
be revised to remove the requirement to review all of the background
investigation information required in
[[Page 16958]]
making a determination on trustworthiness and reliability. The
commenter felt that some of the information would be impossible to
obtain and therefore, if you are required to review all information, a
licensee could never approve some personnel. The commenter suggested
that the language be changed to ``collected background investigation
information.'' Several commenters suggested removing the term
``disqualifying'' from the paragraph as the NRC has not provided a list
of disqualifying factors.
Response: The NRC agrees with the comment and has revised the rule
to specify that the evaluation is of the information collected to meet
the requirements. The NRC has also removed the term ``disqualifying''
from Sec. 37.23(e)(2).
Comment B38: Two commenters noted that in Sec. 37.23(e)(3)
``reasonable assurance'' is not defined. One of the commenters felt
that the lack of clarity in this requirement and in what documentation
should consist of will result in disputes with NRC inspection findings.
One commenter objected to the need to document the determination basis
for granting someone unescorted access. The commenter felt that only
the reasons for denial should be documented.
Response: The NRC does not believe that ``reasonable assurance''
needs to be defined in the regulations. The determination basis is a
performance-based requirement, and licensees are provided flexibility
to develop criteria that best meet their needs. The NRC believes that
documentation of the determination basis is essential. The
documentation does not need to be extensive. It can consist only of an
indication that no negative information was found during the
investigation or an explanation of why negative information did not
disqualify the individual. Without documentation an inspector could not
be assured that the individual had actually undergone the required
background investigation. Documentation of the basis is also beneficial
to the licensee if it needs to reevaluate whether an individual should
continue to have unescorted access.
Comment B39: Several commenters objected to the requirement in
Sec. 37.23(e)(3) to immediately remove the person from the approved
list once he or she no longer require access. One commenter noted that
``immediately'' is not defined and that it is not realistic for routine
terminations such as student graduations and deaths. The commenter
indicated that the only justification for immediate removal would be
demonstrated unreliability that would result in withdrawal of the
person's trustworthiness and reliability status. The other commenter
stated that immediate removal was not warranted but should be done in a
timely manner. The commenter suggested replacing ``immediately'' with
``as soon as practical.'' Another commenter suggested removal from the
list in a timely manner not to exceed 30 days after the determination.
Response: The NRC agrees with the comment in part. An immediate
removal from the list is probably not necessary. However, prompt
actions do need to be taken to prevent access, such as deactivating his
or her access code. The NRC has revised the language to reflect that
the action should occur as soon as possible but no later than 7 working
days. The NRC believes that it is important to maintain a current list
of those individuals that are allowed unrestricted access to the
material.
Comment B40: One commenter questioned whether Sec. 37.23(e)(3)
means that the licensee must document its basis for approval of the
trustworthiness and reliability determination as a written policy. The
commenter noted that an alternate interpretation could be that the
licensee must document a rationale for each individual's
trustworthiness and reliability approval, as opposed to a generic basis
for approval for all applicants.
Response: The licensee must document the rationale for each
individual's trustworthiness and reliability determination. The
documentation does not need to be extensive. The NRC notes that the
orders also required the licensee to document the basis for concluding
that there is reasonable assurance that an individual granted
unescorted access is trustworthy and reliable.
Comment B41: One commenter stated that the access authorization
program requirements were overly prescriptive, particularly the number
of required procedures and amount of associated documentation. The
commenter noted that the licensee should be allowed to determine the
level of detail of its program as appropriate depending on the size and
complexity of the program.
Response: The NRC agrees with the comment, in part, and has made
some changes to the access authorization program. Section 37.23(f) has
been revised to remove some of the specificity in the types of required
procedures.
Comment B42: Two commenters noted that the requirement to have
procedures to ensure that individuals who have been denied unescorted
access authorization are not allowed access was redundant. The
commenters stated that a person denied unescorted access would not be
provided with a key or codes to access the sources, and a procedure is
not needed.
Response: The NRC believes that procedures are necessary to
implement the access authorization program. Not all licensees use keys
or codes to control access to the material.
Comment B43: Two commenters stated that for licensees subject to 10
CFR part 73 with additional radioactive materials not covered by the 10
CFR part 73 security plan, the procedures used for 10 CFR part 73
background investigations and updating of background investigations,
etc., should be considered adequate to meet the intent of 10 CFR part
37. One of the commenters suggested adding a new paragraph (5) to Sec.
37.23(f) to read as follows: ``Procedures and policies meeting the
requirements of the security plans required by part 73 meet the
requirements of this subpart B of this chapter.''
Response: The NRC agrees that a licensee does not need to maintain
two sets of procedures; however, a provision is not needed in the
regulations. As long as 10 CFR part 73 procedure addresses the content
of the required procedures under 10 CFR part 37, additional procedures
are not necessary.
Comment B44: One commenter suggested that NRC develop a generic set
of procedures for the conduct of background investigations as guidance
for licensees.
Response: The NRC has not included generic procedures for
conducting a background investigation. Implementation of background
investigation requirements will vary with the circumstances of
individual licensees. Guidance is available on the various elements.
Comment B45: One commenter stated that in Sec. 37.23(g) at least
10 days should be allowed for an individual to correct, complete, or
explain other components of the background investigation.
Response: The NRC has not specified a timeframe in order to allow
licensees flexibility to choose a timeframe that they believe is
appropriate for their program. The NRC has provided a 10-day timeframe
to challenge the FBI criminal history records, and 10 days would be an
appropriate timeframe for allowing a challenge of other aspects of the
background investigation results. The licensee may choose the timeframe
that works best for it.
Comment B46: One commenter noted that since Sec. 37.23(g)(2)
specifies that the licensee can't act on challenged
[[Page 16959]]
information until the FBI goes through their due process, the FBI needs
to be on board. The commenter suggested adding a requirement to allow
the licensee to make a final determination if nothing is heard from the
FBI within 30 days.
Response: The rule contains procedures for an individual to correct
background check information that are identical to the procedures in
Sec. 73.57(e)(2). The NRC disagrees that a 30-day cut-off period is
needed because such a provision would circumvent an individual's right
to complete, correct, and explain information obtained as a result of
the licensee's background investigation. Further, the 30-day cut-off
period may be unreasonably short. The FBI has indicated that once it
receives a formal challenge to an individual's record, a recheck is
completed within approximately 3-4 weeks (52 FR 6310; March 2, 1987).
Given the rule's 10-day window for an individual to initiate a
challenge, the timeframe for resolution of challenges could potentially
be greater than 30 days. Accordingly, the NRC declines to impose a 30-
day time limit for challenges to an individual's background check
information.
Comment B47: One commenter stated that Sec. 37.23(h)(2) requires
the licensee to retain a list of persons approved for unescorted access
for 5 years after the list is superseded and noted that the word
``list'' implies a written document. The commenter asked if the
``list'' may include database records that contain unescorted access
approval and removal dates and thus would allow discarding printed
copies that are no longer useful. The commenter noted that other NRC
regulations (e.g., Sec. Sec. 20.2110 and 37.51) allow records to ``be
stored in electronic media with the capability for producing legible,
accurate, and complete records during the required retention period.''
The commenter recommended changing the wording to add similar wording
as in other NRC regulations making it clear that the ``lists'' do not
need to be printed copies.
Response: Section 37.101 already allows records to be maintained in
electronic media. The language is similar to that provided in Sec.
20.2110 and applies to all records that are required by 10 CFR part 37.
Comment B48: Two commenters objected to the requirement in Sec.
37.23(h)(3) to maintain a list of individuals not approved for access.
Two commenters objected to the need to maintain every change to the
list for 5 years. One commenter felt that it would seem reasonable to
ask that a list of all persons currently granted unescorted access be
maintained (+ a month) and that a list of all persons denied or removed
from the unescorted access list be maintained ( a month).
Another commenter noted that maintaining a list has no value as a
licensee may develop a badge system that indicates a person's level of
access. Another commenter noted that there was no value in keeping a
list since the determination basis has to be documented.
Response: The NRC agrees, in part, and disagrees, in part, with the
comment. The NRC agrees that it is not necessary to maintain a list of
those individuals not approved for access and has removed the
provision. The fact that someone is not included on the access list
means that they should not be granted unescorted access to the
material, and a second list is not needed. There is currently no
mechanism in place to share information among licensees, so there is no
benefit in maintaining a list of those not approved for access. The NRC
disagrees with the comment to remove the requirement to maintain every
change to the list; however, the NRC has changed the retention time to
3 years. The superseded lists are necessary for inspections. If an
inspector discovers something during an inspection, the superseded list
could be reviewed to determine who had unescorted access during a given
time period.
Comment B49: One commenter requested clarification whether the
notification required by Sec. 37.27(a)(2) is different from the
informed consent required by Sec. 37.23(c)(1).
Response: The informed consent under Sec. 37.23(c)(1) is consent
to conduct the background investigation. The notification required by
Sec. 37.27(a)(2) is specifically for the FBI criminal history records
check. The licensee may develop one consent form that covers both
aspects.
Comment B50: In the proposed rule, the NRC specifically invited
comment on the appropriate elements for a background investigation.
Commenters were requested to provide information on: (1) Whether a
local criminal history review is necessary in light of the requirement
for an FBI criminal history records check; (2) whether a credit history
check provides valuable information for the determination of
trustworthiness and reliability; (3) whether the Agreement States have
the authority to require a credit history check as part of the
background investigation; (4) the appropriate elements of a background
investigation and why any suggested elements are appropriate; (5)
whether the elements of the background investigation are too subjective
to be effective; and (6) how much time a licensee typically spends
conducting a background investigation for an individual. Twenty-seven
commenters provided responses to the specific questions on this
subject.
Of those who provided responses to the questions on the background
investigation elements, no one supported inclusion of the local
criminal history check as part of the background investigation elements
and only one commenter indicated that the credit history check added
any value. Most commenters indicated that the FBI criminal history
records check was sufficient, and that requiring a local criminal
history check was redundant and overly burdensome. Many commenters
noted that conducting a local criminal history check would be very
difficult for foreign nationals and those who have moved frequently.
Most commenters stated that the credit history evaluation was not
useful, and that poor credit and untrustworthiness do not go hand-in-
hand. Commenters were also concerned that there were no clear
guidelines on what credit score would be cause for concern. Many
commenters expressed concern over the accuracy of information in credit
histories. Some commenters questioned whether requiring a credit
history check was legal in some States, noting that the requirement was
an invasion of privacy. One commenter suggested Social Security number
(SSN) validation instead of the credit history check.
In response to the question of whether the Agreement States have
the legal authority to require a credit history check, most commenters
indicated that they did not know. One State responded that recent
legislation prohibits discrimination based on credit history, but did
note that the law provides for exceptions. One State indicated that it
did have authority, and another noted it did if specific criteria were
provided.
The majority of commenters indicated that the current background
investigation elements from the orders were adequate. One commenter
suggested as appropriate elements: Verification of legal citizenship,
personal references, former employers, education, fingerprinting and
FBI criminal background investigation, and personal knowledge. Another
commenter noted that the elements should be employment history,
education history, reference check, and FBI history check. Two
commenters noted that the background investigation should be limited to
the fingerprint-based criminal history check, and that an adverse
criminal history could be mitigated by satisfactory employment history
with the licensee. One
[[Page 16960]]
commenter suggested a two-person rule for truly significant sources
instead of a background check. One commenter indicated that the area
that needed review is the background investigation for foreign
nationals and students because the required information is troublesome
to obtain.
Most of the commenters felt that the elements of the background
investigation were too subjective, and that guidance or criteria were
needed so that the elements could be consistently applied across the
country with minimum second guessing by auditors and inspectors. Other
commenters stated that while the elements were subjective, this did not
mean that they were ineffective. Commenters stated that there is a good
mixture of subjectivity and objectivity for the reviewing official to
use in making a determination of a person's trustworthiness and
reliability. One commenter noted that some subjectivity is necessary to
evaluate the situation and the individual, as strict adherence to
guidelines could lead to rejection and a serious impact on an
applicant's career.
NRC also requested information on how much time a licensee spends
conducting a background investigation. Responses varied from a few
hours to months; the longer times typically included wait times and not
actual effort.
One commenter suggested centralization of the background
investigation process, suggesting that the security clearance process
performed by the Defense Industrial Clearance Security Offices for
various Federal agencies could be tailored to meet the 10 CFR part 37
requirements. The commenter indicated that this could be more efficient
than requiring each licensee to develop a process.
In addition to those who provided responses to the specific
questions, 70 commenters addressed this topic. Several commenters felt
that the current background investigation elements were sufficient and
questioned the value of the proposed additional elements (credit
history evaluation, verification of true identity, military history
verification, and criminal history review from local criminal justice
resources). Some commenters felt that specific justifiable evidence
that current trustworthiness and reliability programs aren't working is
needed to justify any new requirements, and that a cost-benefit
analysis should be used to justify inclusion of any new elements.
Several commenters noted that the cost of obtaining the necessary
information may be burdensome in time and money, and that the
requirements are overly prescriptive. Commenters expressed concern that
the required checks could result in lost jobs if individuals did not
meet the standards set forth by the licensee. One commenter noted that
a licensee would probably investigate the individual before hiring,
which would result in multiple expenditures for one eventual employee.
One commenter noted that the background investigation could deter some
talented and knowledgeable professionals from applying due to the
potential invasion of privacy. One commenter noted that the NRC needs
to find the fine line between cautious and correct and overly cautious
and burdensome.
Some commenters felt that the FBI criminal history checks and work
history are sufficient. Two commenters felt that the background
investigation should only require a fingerprint-based criminal history
check and that adverse criminal history may be mitigated by the
employment history of an employee with more than 3 years employment
with the licensee. Commenters noted that employment history is far more
accurate for determining trustworthiness and reliability than any other
check proposed. One commenter suggested allowing licensees to use a
graded approach taking into consideration multiple variables, such as:
Whether the activity is category 1 or category 2; the desirability of
the source to an adversary; the physical security present; how quickly
the radioactivity could be removed from the device and readily
dispersed or used to cause serious harm; the mobility of the source or
device, and the frequency of physical inspection/observation by more
than one individual. One commenter suggested revising the requirement
so that the licensee could use either employment history evaluation,
verification of employment, or military history evaluation. At least
one commenter noted that the insider threat would be best controlled
with monitoring and detection.
Sixty commenters objected to the inclusion of the credit history
element in the background investigation. Commenters noted that, in the
current economic environment, a credit history evaluation could reflect
an inaccurate and erroneous assessment of a person's trustworthiness
and reliability and could result in some skilled individuals being
removed from employment consideration. Commenters felt that the credit
history check was an unnecessary invasion of privacy, and that most
individuals would choose not to pursue unescorted access if faced with
a credit history check. One commenter noted that when implementing the
orders it had initiated a credit history evaluation that created a
significant uproar and resulted in several researchers withdrawing
their irradiator access privileges. The commenter noted that this
created an atmosphere of distrust. Commenters felt that the information
was not relevant when attempting to determine trustworthiness and
reliability and was unjustified and not a valid gauge of
trustworthiness and reliability. Commenters noted that having a bad
credit history did not make the individual untrustworthy and that a
good credit history did not define an individual as trustworthy and
reliable. Some commenters requested that the NRC provide some study or
peer reviewed document that demonstrates that persons with poor credit
may be more easily coerced into helping terrorists. Some commenters
stated that the requirement could potentially be viewed as
discriminatory by workers. One commenter questioned how to deal with
identity theft.
Commenters noted the difficulty of obtaining a credit history of
individuals who have lived outside the United States, such as foreign
nationals. Commenters noted that in some cases it was impossible to
obtain the information. Commenters noted that many countries do not
have a combined credit history reporting agency. One commenter
expressed concern that individuals who have established a credit
history in the United States and whose credit history is poor will be
at a disadvantage over individuals with a similar but undocumentable
credit history in another country, as an employer may choose to allow
access to the foreign national based on incomplete information and deny
access to a United States citizen based on more extensive but
unfavorable information.
One commenter noted that Title 11 of the United States Code,
Section 525, makes it illegal to discriminate against employees or job
applicants solely because of filing for bankruptcy. Another commenter
noted that the Equal Employment Opportunity Commission has been
cracking down on efforts to disqualify potential hires with bad credit
history as the practice can be discriminatory. Several commenters noted
that some States have laws that prohibit employers from discriminating
against employees on the basis of credit history and prevent employers
from inquiring about credit history. One commenter stated that if
Congress, in consultation with the NRC, had deemed credit history
checks significantly useful to provide for the common defense, the
checks would have been included
[[Page 16961]]
within the most recent amendments in section 149 of the AEA. Another
commenter noted that Congress has considered passing an act to make it
unlawful to base adverse employment decisions on consumer credit
reports.
In a CRCPD survey of Agreement States, 70 percent of those
responding indicated that they did not have the authority to require a
credit history check as part of a background investigation. Some
Agreement States indicated that they were not sure if they had the
authority to require a credit history check. One State indicated that
(assuming it has authority) its administrative procedures would require
specific criteria for pass/fail. One commenter noted that there are
State laws that prohibit ``discrimination'' against employees due to
credit history and asked how this would affect the credit history check
requirement. The commenter noted that a Google search indicated that
States that have and/or are considering such laws include: Connecticut,
Wisconsin, Hawaii, Illinois, Missouri, New York, Oregon, Washington,
and Texas.
One commenter felt that much of the information obtained from a
credit history report would already be included in the personal history
disclosure. Two commenters stated that for category 2 sources it should
be up to the reviewing official to decide if they have enough
information to grant unescorted access to a category 2 source without
the need for a credit history check. One commenter noted that
individuals relieved from the background investigation elements were
just as likely to have negative credit history but will not be subject
to the same scrutiny. One commenter recommended defining ``full credit
history,'' as a licensee can't comply with open-ended requirements. Two
commenters noted that this concept had been considered in the working
group for the orders but was rejected, and, therefore, should not have
been included in the proposed rule.
Several commenters opposed the inclusion of the criminal history
check in the background investigation. They questioned why a criminal
history check from local sources was necessary if a national check
through the FBI was conducted. One commenter stated that the local
check would be an added benefit if the FBI check was somehow
inadequate. Commenters stated that the information would be difficult
to obtain in many locales and would be an increased burden to both the
licensee and local law enforcement without a corresponding benefit.
Commenters also noted that the information would be impossible to
obtain for foreign nationals, and that a provision must be provided
that allows less-than-absolute compliance. One commenter noted that
licensees in rural areas may have limited access to local resources,
and that some local resources may have limited capabilities to respond
to such requests. Commenters asked how to determine the appropriate
local law enforcement agency and what constituted local.
Several commenters objected to the inclusion of a character and
reputation element in the background investigation. Commenters felt
that the determination would be very subjective, added little value,
and unnecessarily added to the licensee's burden. Commenters noted that
an adverse judgment about an employee's character and reputation could
be perceived as discriminatory. One commenter suggested removing the
term ``trustworthy and reliable'' from the character and reputation
element and thereby removing the connotation that a personal reference
can attest to the present state of an individual's trustworthiness or
reliability. The commenter noted that including a character and
reputation check would require references to be knowledgeable about
that definition, and very few references can attest to the present
status of an individual, as required by the words ``continues to be.''
Some commenters expressed concern over possible invasion of privacy.
One commenter recommended requiring a minimum of three references. One
commenter noted that, for a reference to provide a worthwhile
evaluation of the applicant, a minimum time frame for contact with the
individual should be established in the rule. The commenter also
cautioned that the reference should not be from someone, such as a
supervisor, who may benefit from the applicant's unescorted access.
Several commenters objected to the requirement to obtain
independent information to corroborate the information provided by the
individual. Commenters stated that the provision was vague and
unreasonable, and they did not understand how it could be accomplished.
Commenters stated that it was unreasonable to expect licensees to track
down independent information, as they are not investigative agencies.
Commenters noted that many entities cannot or will not provide
background information, and licensees do not have the resources to
obtain information elsewhere. Commenters noted that the cost would be
prohibitive in many cases. One commenter recommended removing the
phrase ``to the extent possible'' because it made the section
meaningless. One commenter asked what he or she should do if it is not
practicable to confirm information. Another commenter stated that the
documentation would be excessive and time consuming. One commenter
suggested requiring independent information only in situations where
the accuracy or completeness of information provided by the applicant
is in doubt, or where the licensee can't confidently make an evaluation
based on an analysis of all of the gathered information. One commenter
suggested changing the phrase ``to the extent possible'' to ``to the
extent practicable.'' Three commenters objected to the need to obtain
information from an alternate source when a previous employer or other
entity does not respond. One commenter noted that where a company has
gone out of business, it would be impossible to obtain confirmation
that the individual worked at the company. The commenters felt that it
was unclear how a licensee could obtain this information in some cases.
One commenter noted that it doesn't have the resources to confirm an
applicant's information independently, particularly if the person's
family is excluded.
Commenters noted that obtaining the information for some groups of
people, (e.g., foreign nationals, research students, and citizens who
have resided outside the United States for long periods), is difficult
or impossible. Some commenters noted that licensees with a high
turnover, such as universities and research facilities, would incur
substantial cost and would have difficulty implementing the provisions.
One commenter provided some cost information, noting that the current
cost is $131 per applicant, excluding the $100 average cost for
processing new employees. The costs included $25 for fingerprinting,
$26 for fingerprint processing through the NRC and FBI, and $80 for a
WorldScan. The commenter noted that adding the credit history and
military history would increase the cost per approved person to $155
for United States records, and even if the credit history and military
records were obtainable and reliable, getting this information on
foreign applicants would be prohibitively expensive. Two commenters
noted that a foreign credit history check costs $170, and one commenter
noted that that a credit check would cost $1,000 per individual for a
foreign national, and another said that the cost of military
verification was $80 per person. Another commenter noted that the
current cost of conducting background investigations
[[Page 16962]]
was $125, and adding a credit check and military records check would
increase this to $400 per person (assuming that half the individuals
require foreign credit checks). One commenter noted that it would take
2 to 3 person-days to perform the different checks.
Several commenters recommended that NRC consider using the same
background check process used by the Centers for Disease Control (CDC)
for select agents because centralized NRC coordination would probably
result in more consistent evaluations at reduced cost. Other commenters
suggested that the NRC authorize unescorted access using a method
similar to the Transportation Safety Administration's TWIC program.
They noted that the CDC and the U.S. Department of Agriculture programs
for select agents and the DOT system for issuing hazardous material
certifications for Commercial Driver's Licenses, all have the
applicable Federal government agency perform the reviews and grant the
approvals. The commenters stated that this approach would provide
consistency in the conduct of the reviews and would best assure that
all needed information is collected and reviewed by well-trained
individuals. One commenter suggested that the NRC review the visa
process to see if any of the requirements could be replaced with a
verification of visa, since foreign nationals must go through a
Homeland Security review to get a visa. One commenter noted that it has
reviewed 3,182 persons since the Fingerprint Order was implemented and
has determined that 38 could not be judged trustworthy and reliable
based only on the FBI criminal history report and not because of any
other background investigation elements. The commenter noted that more
than 90% of the persons it judged to be trustworthy and reliable were
also judged trustworthy and reliable by the U.S. Bureau of Alcohol,
Tobacco, Firearms, and Explosives (BATFE), and that this experience
appears to validate why all other federal agencies that perform similar
checks do so solely on the basis of the FBI criminal history.
One commenter noted that his or her industry is subject to three
different Federal background check programs (BATFE, DOT, and NRC), and
recommended that the agencies come up with one background check that
would satisfy all three.
Response: The NRC has determined that the appropriate elements of
the background investigation include: Fingerprinting and an FBI
criminal history records check, verification of identity, employment
history verification, education verification, and a character and
reputation determination. Many of these items are part of routine
employment checks that an individual may go through before being hired
by a company. The NRC has removed military history verification from
the elements as it is considered part of the employment history and
does not need to be a separate element. The NRC has also removed the
provision to conduct a local criminal history check as part of the
background investigation. The NRC determined that while the local
criminal history check would provide some beneficial information, the
burden of obtaining the information is not justified by the limited
benefit. The NRC recognizes that conducting the background
investigation for some individuals, such as foreign nationals, may be
difficult. If there was no education or military service in the 7-year
period preceding the need for unescorted access to the material, the
investigation would not need to include these items.
After careful deliberation and consideration of all the comments
received on including credit history as a background investigation
element, the NRC has decided not to include credit history as a
required element for the background investigation or reinvestigation.
The credit history can provide information that is useful in making a
determination that an individual is trustworthy and reliable. Credit
history can add an extra layer of defense in mitigating the insider
threat and can provide some information that is not easily available
from other sources. Credit history was never intended to be the
determining factor for trustworthiness and reliability but simply one
more piece of information in making that determination. However, as
many of the commenters pointed out, there are issues with the accuracy
of credit reports, and a poor credit history is not necessarily an
indicator that an individual is not trustworthy or reliable,
particularly in these tough economic times. Although NRC disagrees,
some of the commenters indicated that there is the potential that some
Agreement States might not be able to implement the provision due to
State laws. These things could result in uneven implementation of the
provision across the country. As pointed out by the commenters, it is
harder and more expensive to obtain a credit history for those that
have resided in other countries for long periods of time. This could
lead to an imbalance in the information collected and used in making
the trustworthiness and reliability determination. In addition, some
licensees may decide not to grant unescorted access to fully qualified
individuals because of the lack of information or the difficulty in
obtaining the information. Many smaller licensees may not have staff
and/or knowledge to be able to fully utilize the information obtained
from the credit history. The NRC has determined that the potential
benefit of the credit history is not justified by the cost and,
therefore, the NRC has not included credit history as a required
element of the background investigation. While not requiring a credit
history, the NRC does note that information obtained from the credit
history could be useful to licensees, and nothing in the NRC
regulations prohibits a licensee from conducting a credit history. In
situations where a trustworthiness and reliability determination is
difficult, the information from a credit history could provide the
determining information. A licensee can always use measures beyond the
regulatory minimum that is required by the access authorization
program.
The NRC is not providing specific criteria that would disqualify an
individual from obtaining unescorted access to the material. There is
no checklist. Because the individual circumstances of each applicant
may vary significantly, each licensee needs the flexibility to
establish its own program. The implementation guidance document does
provide general information and items for consideration, but no
specific disqualifying information. A licensee should consider any
negative information together with all of the other information in
making a final determination.
At this time, the NRC has no plans to establish a new program to
conduct background investigations similar to the TSA or CDC programs.
The NRC does relieve individuals who have been approved under these
programs from the fingerprinting element of the background
investigation.
Information provided by the commenters on the burden of conducting
a background investigation has been factored into the final regulatory
analysis, as appropriate.
Comment B51: One commenter expressed concern that the new
requirements could force employment decisions based on incomplete
information and that this could lead to significant legal implications
for the facility. The commenter noted that the intersection of these
requirements with the Equal Employment Opportunity Act should be
investigated.
Response: The NRC does not agree that the background investigation
[[Page 16963]]
requirements force licensees to make employment decisions based on
incomplete information. Individuals who are granted unescorted access
to category 1 or category 2 quantities of radioactive material must be
deemed trustworthy and reliable. The background investigation is one
component designed to provide the licensee with sufficient relevant
information before making this determination. It is the licensee's
responsibility to evaluate the information received as a result of the
background investigation and all other relevant information to make its
trustworthiness and reliability determination. These requirements do
not relieve a licensee from its obligation to comply with all
applicable Federal and State labor laws. Further, the NRC does not
believe that fulfillment of these trustworthiness and reliability
determination requirements would cause the licensee to violate any
labor laws. Accordingly, the NRC does not believe that it is necessary
to develop guidance on this issue.
Comment B52: Two commenters questioned the 10-year period for the
background investigation versus the 3-year period contained in the
orders. The commenters felt that 10 years is an arbitrary timeframe and
that 3 years is sufficient. One of the commenters noted that going back
10 years is more expensive and that it is more important what happened
in the last few years of the person's life and not distant history.
Another commenter suggested changing the timeframe to 7 years as the
standard criminal history and credit checks only go back 7 years. The
commenter noted that many States charge an extra fee to extend the
check beyond 7 years. One commenter noted that there could be a problem
when attempting to use the 10 year criteria for students. Another
commenter asked for clarification for how far back the investigation
should go and what sources could be used. One commenter noted that the
employment history evaluation period of 10 years was not consistent
with 10 CFR parts 26 and 73 which only cover the most recent 3 years
and that justification should be provided for going with 10 years. One
commenter suggested going back the last two employers or 10 years
whichever is less restrictive. One commenter stated that the timeframe
should be left to the discretion of the licensee based on the situation
of the applicant. One commenter felt that 10 years was too long an
evaluation period and that there was no stopping point to the 18th
birthday. The commenter recommended changing the 10 years to 3 years or
until the person's 18th birthday, whichever is shorter. One commenter
requested that NRC clarify the date used to determine the 10-year
reinvestigation. One commenter noted that the rule needs to be clear
that the expectation for the review is to go back 10 years or to such
time as the individual was a minor.
Response: The NRC has reconsidered the time frame for the initial
background investigation and has changed the timeframe to 7 years as
suggested by the commenters. This may reduce the cost of the
investigation. The rule does provide that the investigation only goes
back to the individual's 18th birthday.
Comment B53: One commenter noted that the rule did not provide a
tiered approach for individuals who had been with the licensee for
greater than 3 years. The commenter noted that under the orders the
licensee could review the individual's employment history (i.e.
personnel files) and obtain the supervisor's standardized
recommendation. The commenter recommended retaining this system for the
initial and reinvestigation for individuals who have been with the
licensee for a long period of time (i.e. 10 years).
Response: The NRC disagrees with the comment. The NRC believes that
the longer timeframe is appropriate. If the individual has been with
the company for 7 years, the licensee would not need to check with
previous employers. The reinvestigation does not include all of the
elements of the initial background investigation.
Comment B54: One commenter requested clarification on whether the
licensee verified the true identity of individuals or the licensee's
reviewing official. The commenter also objected to the language in the
rule to verify ``true identity'' and ``ensure'' the individual is who
he or she claims to be. The commenter felt that making it the
licensee's responsibility to establish anyone's ``true identity'' is
not always possible as identification documents (IDs) can be forged,
and very few licensees are experts at identifying forged documents. The
commenter felt that the language is too strong, cannot be guaranteed,
and needs to be rewritten to just state that the licensee is
responsible to review the identification documents. The commenter also
stated that the requirement to compare the personal information data to
identify any discrepancy in the information is too vague. The commenter
asked what personal information and what should be done when
discrepancies are discovered. The commenter suggested that the language
be revised to require that the licensee review available information
from an ID that is provided to the licensee by the applicant, and
resolve any discrepancies. One commenter asked how verification of true
identity was supposed to be done and questioned the expense and value.
One commenter noted that it already performed an I-9 or E-verify for
employees but not in the case of students at universities.
Response: The licensee is not expected to determine that an ID has
been forged. Section 37.25(a)(2) states that the licensee is to review
the identification documents provided, such as a driver's license or
passport, to make sure that the information matches what was provided
by the individual. If the information such as the name of the
individual or social security number doesn't match, the licensee should
investigate further. E-verify is one tool that can be used. The
guidance document on the rule contains information on how this
provision should be addressed.
Comment B55: One commenter suggested that the requirements to
verify employment history, education history, and military history were
too rigid and that the language should be revised to ``the licensee
shall attempt to verify * * *'' The commenter noted that this would
recognize that businesses fail and overseas employers and schools may
be impossible to contact. The commenter indicated that the unsuccessful
attempts should then be documented. Another commenter noted that it
could be very expensive to verify foreign employment.
Response: The NRC agrees in part with the comment. Section
37.25(a)(7) (previously (a)(10)) already contains a provision for when
an employer or other entity doesn't provide any information. The
provision had been modified to provide additional clarification and to
add a requirement that the licensee document the actions taken when it
is unsuccessful in verifying the history.
Comment B56: One commenter questioned the relevance of obtaining
military history and how the results would be used. The commenter
stated that NRC should perform this service for foreign nationals.
Another commenter noted that military history verification can be a
lengthy and difficult process. The commenter noted that obtaining
records from the Department of Veterans Affairs was difficult,
particularly for Korean and Vietnam era veterans, and compliance is
dependent on another Federal agency. One commenter noted that in some
countries military service is a requirement of its citizens so
verification has little bearing on an individual's trustworthiness and
[[Page 16964]]
reliability. Another commenter noted that the return rate for requests
on military history has been about 20 percent and takes between 3-6
months. Commenters do not believe that this adds any value. Another
commenter questioned how to obtain military history verification.
Response: Military history is considered part of the employment
history. The rule text has been revised to include military history as
part of the employment history instead of a separate element. For some
individuals, military service could be their only employment. The
licensee only needs to verify the service if the military service
occurred in the last 7 years. Information on foreign nationals can be
more difficult to obtain. The NRC notes that licensees always have the
option of escorting the individuals. Additional guidance on foreign
nationals is provided in the implementation guidance.
Comment B57: One commenter questioned the value of verifying
education history and questioned how the verification should be
accomplished. Another commenter questioned how far back a company
needed to go for someone employed at the company for 10 years. One
commenter noted that the verification should be for the degree and not
the time period of attendance. The commenter noted that it would be a
huge burden to verify every time period at every institution for those
who completed their education over numerous years at various
institutions.
Response: Education history is similar to employment history and
helps to validate what the individual was engaged in during the noted
timeframe. Education history would typically be verified by checking
with the educational institution. Education history only needs to be
verified if it occurred in the last 7 years.
Comment B58: Two commenters felt that the employment history was
completely ignored as the rule did not provide for limiting the
background investigation to the FBI criminal history check for
employees with more than 3 years with the licensee. The commenter noted
that employment history is a factor that can be used when determining
whether an employee with a criminal history is trustworthy and
reliable. One of the commenters felt that employment history is a far
more accurate set of data for determining trustworthiness and
reliability than any other check proposed and that the employment
history should not be ignored.
Response: Employment history was not ignored by the NRC and it is
one of the elements of the background investigation. The NRC agrees
that employment history can and should be used when considering the
information obtained during the background investigation. The licensee
has the flexibility to determine how much weight to give each element
of the background investigation.
Comment B59: One commenter noted that it was impossible to verify
employment if the individual has never worked before.
Response: Part 37 specifically requires that the licensee verify
the individual's employment with each previous employer for the most
recent 7 years before the date of application. If an individual has
never worked before, there is no previous employer and no employment to
verify. For this individual, no employment verification would be
required.
Comment B60: One commenter questioned what was meant by the claimed
period and indicated it should be defined in the rule.
Response: The NRC disagrees that claimed period needs to be defined
in the rule. The claimed period is simply the period of time for which
the individual indicates that they were engaged in a particular
activity such as attending college, being a member of the military, or
working for a company.
Comment B61: One commenter asked for the definition of ``timely
manner'' for when an entity refuses to respond during a background
investigation.
Response: The rule itself does not use the term ``timely manner.''
The rule indicates that within a timeframe deemed appropriate by the
licensee but at least after 10 business days of the request.
Comment B62: One commenter objected to the language in response B8
in the Statements of Consideration indicating that licensees should use
their best efforts to obtain background information. The commenter
noted that best efforts can't be enforced and must be clearly defined.
The commenter also objected to the concept of dependable in judgment,
character, and performance and noted that this must be reduced to
something quantifiable and enforceable and not subject to disparate
interpretations.
Response: The NRC disagrees with the comment. The NRC believes that
the concept of best efforts in this context is necessary because
sometimes it is impossible to obtain information. Companies going out
of business and entities refusing to provide information or not getting
back to the licensee are examples of situations where the licensee's
best efforts will suffice, as long as the licensee documents the
efforts taken to obtain the information. The NRC understands that
judgment and character are subjective items. Licensees make
determinations on judgment and character every time they hire someone
or trust an individual with company assets.
Comment B63: One commenter stated that the NRC should ensure that
the FBI check includes checks against known terrorists or denied entity
lists.
Response: In addition to a criminal history records check, the
names and fingerprints sent to the FBI are checked against various
terrorist watch lists.
Comment B64: One commenter requested clarification on whether the
fingerprints and associated criminal history records check was part of
the background investigation conducted by the licensee since the FBI
does the check and not the licensee.
Response: The background investigation includes the collection and
review of all the information submitted by the applicant and any
information provided by outside sources upon the licensee's request.
While the actual criminal records check is conducted by the FBI upon
receipt of an applicant's fingerprints, the results of the FBI's check
are returned to the licensee, and that information should be reviewed
as part of the licensee's determination of an individual's
trustworthiness and reliability.
Comment B65: One commenter requested clarification on whether the
background investigation elements could be outsourced by licensees to a
third-party verification service. Another commenter requested
clarification on whether some elements of the background investigation
could be performed by HR personnel and have them certify what steps had
been taken.
Response: The background investigation elements could be
outsourced. However, the final determination must be made by the
licensee's reviewing official. If the investigation elements were
outsourced, the licensee would need to assure that the information was
properly protected and controlled.
Comment B66: One commenter expressed support for grandfathering
individuals already allowed unescorted access under the orders. One
commenter recommended that the grandfathering provision also include
those individuals determined trustworthy and reliable under 10 CFR part
73.
Response: The NRC agrees that those individuals deemed trustworthy
and reliable under 10 CFR part 73 should be
[[Page 16965]]
grandfathered or relieved from the fingerprinting and background
investigation elements. Those individuals who have been deemed to be
trustworthy and reliable under other security fingerprinting orders
(such as those for fuel cycle facilities and independent fuel storage
installations) should also be grandfathered. The NRC has revised the
rule to provide grandfathering for those individuals.
Comment B67: Two commenters questioned the value of the 10-year
reinvestigation. They felt that conducting a complete check again makes
no sense if the employee has worked for the licensee that long. One
commenter recommended removing the reinvestigation, or if it is
retained, making it simpler, such as a local criminal history check and
supervisor evaluation. One commenter stated that the reevaluation
needed to include character and reputation determinations. The
commenter noted that changes in a person's attitude or demeanor can
indicate a change in circumstances that warrants restricting access,
whereas there may have been no change in a credit or criminal history.
Two commenters recommended using the FBI background check for the 10-
year reinvestigation. One commenter asserted that, if there are no
indicators that something has changed, the FBI check should be adequate
for a reinvestigation. The commenter noted that employees are typically
evaluated by their employer at least annually, and this provides ample
opportunity to ensure that there have been no changes negatively
affecting security concerns. One commenter noted that Sec. 37.25(c)
suggests that only a criminal history records check and credit history
check are needed, and this implies that trustworthiness and reliability
is not sufficiently demonstrated by 10 years' worth of access without
an incident to revoke the individual's unescorted access. The commenter
stated that the reinvestigation requirement seemed overly draconian,
given that the federal Office of Personnel Management (OPM) standard
for background investigations only requires a reinvestigation for a
security level higher than even an NACIC--and the OPM reinvestigation
is required only every 15 years. The commenter also asked for
clarification on whether the relief provided by Sec. 37.29 applies to
the reinvestigation. The commenter also requested clarification on when
the 10-year reinvestigation is triggered. One commenter stated that
reinvestigation requirement does not make sense as there would be
insufficient information on whether the criminal history will really be
the criminal history or just an arrest record.
Response: The NRC believes that periodic reevaluation of an
individual's trustworthiness and reliability is important. The
reinvestigation is not a complete check. The reinvestigation is limited
to the FBI criminal history records check. The relief provided by Sec.
37.29 does apply to the reinvestigation. The licensee would need to
check that the individual still meets the relief category.
Comment B68: One commenter questioned whether the reviewing
official was subject to the reinvestigation requirement.
Response: The reviewing official is subject to the reinvestigation.
The rule text has been revised.
Comment B69: One commenter stated that Sec. Sec. 37.25 and 35.27
have some duplication of information and that sections should be
reviewed to avoid duplication.
Response: There is some overlap in the requirements. However, the
provisions of Sec. 35.27 apply solely to the fingerprints and FBI
criminal history records checks. The provisions of Sec. 37.25 apply to
the complete background investigation.
Comment B70: One commenter noted that there is potential for
discrepancy between different licensees' basis determination for
unescorted access and questioned the wisdom of allowing transfer of an
individual's trustworthiness and reliability determination under Sec.
37.27(a)(4).
Response: The commenter is correct that there may be differences
between licensees' determination bases for unescorted access. The NRC
still believes that there is merit in allowing licensees to transfer
information and accept another licensee's determination on an
individual. The individual has undergone a background investigation (or
met one of the categories for relief) and been determined to be
trustworthy and reliable. If the second licensee has reason to doubt
the determination or does not feel comfortable relying on the first
licensee's determination, the licensee is not obligated to allow the
individual unescorted access. The licensee could also decide to conduct
its own background investigation before allowing the individual
unescorted access.
Comment B71: One commenter questioned the language in Sec.
37.27(a)(6) that limits use of information obtained as part of the
criminal history records check (from the FBI) to determining an
individual's suitability for unescorted access to the material or SGI.
The commenter felt that if the information indicated that an employee
lied on an employment application, the licensee should be able to fire
the individual based on this information.
Response: The NRC disagrees with the commenter's suggestion that
Sec. 37.27(a)(6) be deleted. The language in Sec. 37.27(a)(6) of the
proposed rule implements the statutory requirement set forth in section
149c.(2)(B) of the AEA, 42 U.S.C. 2169(c)(2)(B). Information obtained
from an FBI criminal history check shall be used by licensees solely to
make suitability determinations for unescorted access to category 1 or
category 2 quantities of radioactive material, or access to SGI.
Information which pertains to the trustworthiness of an employee
obviously is pertinent to a suitability determination. With that said,
the NRC does not make employment decisions for the regulated community.
Comment B72: One commenter stated that the requirement in Sec.
37.27(b)(1) prohibiting a licensee from basing a final determination to
deny an individual unescorted access solely on information received
from the FBI is inconsistent with the intent of the rule to protect the
public from category 1 and category 2 radioactive sources. The
commenter questioned how a responsible licensee could not use
information provided by the FBI to restrict a terrorist from access to
these sources.
Response: The prohibition on using information received from the
FBI only involves information on an arrest more than a year old for
which there is no information on the disposition of the case or an
arrest that resulted in the dismissal of a case or an acquittal. The
licensee may still consider the information, but it cannot base its
decision solely on the information. If there is no disposition of the
case in the file, the individual may have been acquitted of the charge,
and an acquittal is information that would be pertinent to the decision
to grant unescorted access.
Comment B73: One commenter stated that a licensee would need to
have in-depth knowledge of constitutional law to understand the
requirement in Sec. 37.27(b)(2) that prohibits a licensee from using
the information from a criminal history records check obtained under 10
CFR part 37 in a manner that would infringe upon the rights of any
individual under the first amendment of the Constitution. The commenter
noted that NRC should not be proposing any regulation that will be
unconstitutional or be apt to be used to infringe on the rights of
workers.
[[Page 16966]]
Response: The NRC disagrees with the commenter's suggestion that
Sec. 37.27(b)(2) be deleted. The NRC is not proposing a regulation
that is unconstitutional or that infringes on the rights of any
individual. This provision implements section 149c.(2)(D) of the AEA,
42 U.S.C. 2169c.(2)(D), which provides that the NRC is to protect
individuals subject to fingerprinting from misuse of criminal history
records. The onus is on the licensee, not the NRC, to ensure that the
information it obtains as a result of an FBI criminal history records
check will have limited use, and be used in accordance with all
applicable Federal and State laws.
Comment B74: One commenter stated that the licensee should be
allowed to submit fingerprint cards to the FBI. The commenter noted
that submittal of fingerprint cards to the NRC is cumbersome, time-
consuming, and apparently done only to provide an additional revenue
source to the NRC. The commenter noted that it had experienced NRC
losing one set of fingerprint cards. Another commenter noted that the
rule does not allow licensees with a fully-accredited program to do
their own collection and transmission of fingerprints to the FBI. The
commenter requested an exemption to this restriction for licensees who
possess a fully-accredited program.
Response: The NRC cannot exempt a licensee from the statutory
requirement to submit fingerprint cards to the Attorney General of the
United States through the Commission, even if that licensee possesses a
fully-accredited program to collect and transmit fingerprint cards to
the FBI. Section 149 of the AEA states that fingerprints obtained by an
individual or entity must be submitted to the Attorney General of the
United States through the Commission for identification and a criminal
history records check. Consistent with the statutory requirements, a
licensee is required to submit fingerprint cards to the NRC. The NRC
will then submit the fingerprint cards to the FBI for processing and
transmit the results received back from the FBI to the licensee.
Comment B75: One commenter stated that the fees for fingerprint
processing should be placed in the regulations instead of a reference
to the Web site.
Response: The NRC disagrees with the comment. The fees change based
on what the FBI charges. If the fee was placed in the regulations, it
would require the NRC to conduct a rulemaking every time the fee
changed. By placing the current fee information on the Web site, it can
be changed quickly when necessary.
Comment B76: Two commenters stated that Sec. 37.29 should be
deleted and that there should not be any categories of individuals that
are provided relief from the background investigation elements. One of
the commenters noted that any person entering a facility and having
unescorted access to or transporting category 1 or category 2
quantities of radioactive material should be fingerprinted, without
exemption or relief. The commenter stated that given the significance
of theft of such material and the cost of dispersal of such radioactive
material outside a controlled area, the cost and very minor use of time
for fingerprinting is totally insignificant. The commenter noted that
there are many examples of Congress or other persons who have been
fingerprinted and who have broken criminal or other law and, therefore,
should not be exempted. The commenter noted that fingerprinting is
required in many situations not involving threats to national security
or dispersal of radioactive material in public places and that the
process is inexpensive, unobtrusive, and, if the person being
fingerprinted has no reason to fear the process, insignificant and
irrelevant. The commenter noted that most of the individuals covered by
the relieved categories would be escorted and that providing relief
causes confusion and makes the process more complicated. The commenter
further noted that there is no more guarantee that these persons are
more reliable than other workers; therefore, why proceed with
exemptions that weaken the regulation.
Response: The NRC disagrees with the comment. NRC continues to
believe that these categories of individuals should be provided relief.
Many of these individuals have undergone equivalent background
investigations or by the nature of their positions are considered to be
trustworthy and reliable as a matter of policy. Just because an
individual is relieved from the background investigation elements, a
licensee is not required to provide unescorted access to the material.
For example, if a member of Congress were to visit a facility, the
licensee would likely escort the individual and not allow him or her to
wander the facility unescorted. An individual would still need to
receive security and radiation protection training before being granted
unescorted access.
Comment B77: One commenter disagreed with providing relief from the
background investigation elements other than the fingerprints and
criminal history check. The commenter noted that the relief is
inappropriate for certain categories of individuals, in particular
those covered under Sec. 37.29(k). As an example, the commenter noted
that a favorably adjudicated Security Risk Assessment under the Select
Agent program does not assess the depth and breadth of information
required under the full background checks specified either by existing
orders or the proposed regulations. The commenter noted that the risk
assessment only includes those checks specified under the Patriot Act
and that character determination, credit history, verification of
education, verification of employment, and the gathering of
corroborating information are not explicitly included. The commenter
noted that the acceptance of a Security Risk Assessment in place of the
more extensive checks creates a double standard and introduces
potential vulnerability into the personnel reliability process. The
commenter noted that the information that would be analyzed for
personnel under Sec. 37.29(k) does not provide sufficient basis to
assess whether an individual is trustworthy and reliable under the
requirements set forth under either the NRC orders or under the
proposed background check requirements.
Response: The NRC agrees with the comment and has revised the rule.
The relief provided for individuals that come under Sec. 37.29(b)
(formerly Sec. 37.39(k)) only applies to the fingerprints and FBI
criminal history records checks; the other elements of the background
investigation must still be completed. For the other categories of
individuals in Sec. 37.29(a), relief is provided from all the
background investigation elements.
Comment B78: One commenter objected to exempting commercial vehicle
drivers for road shipments of category 2 quantities of radioactive
material. The commenter felt that devices and sources are more
vulnerable during shipment by a nonlicensee carrier than under licensee
or manufacturer control and, therefore, carriers must require a
background investigation for their staff with unescorted access to
category 2.
Response: While understanding the commenter's concern, the NRC
believes that the relief is appropriate. The licensee does not control
the carrier or whom the carrier employs. However, the carriers are
subject to DOT. Title 49 CFR 172.800 requires that each person who
offers for transportation in commerce or transports in commerce
category 1 or category 2 quantities of
[[Page 16967]]
radioactive material to develop and adhere to a transportation security
plan. The components of the transportation security can be found in 49
CFR 172.802.
Comment B79: One commenter requested that information be provided
on what elements of the background investigation each category of
individual relieved from the background investigation under Sec. 37.29
go through.
Response: The NRC acknowledges that the background investigation
conducted for individuals in the relieved categories contained in Sec.
37.29 may not contain all of the aspects of the background
investigation required under part 37. In some cases, the background
investigation is more exhaustive, such as the Federal background
investigation for access to classified information, and some may
contain fewer elements. The licensee is not required to allow these
individuals unescorted access to radioactive material and can choose to
escort them. The licensee can also choose to conduct an investigation
that included some or all of the background investigation elements
before allowing such an individual unescorted access to the material.
Comment B80: Two commenters recommended that the relief from the
background investigation elements for individuals with a Federal
security clearance be extended to include other aspects of the
authorized individual process such as NRC approval of the reviewing
official. One commenter requested clarification as to whether the
relief granted by this regulation may be extended to individuals who
will serve as the licensee's reviewing official.
Response: The NRC agrees with the comment that if the potential
reviewing official meets one of the relief categories of Sec. 37.29,
the individual would not need to be fingerprinted and undergo a new
background investigation. The rule has been clarified.
Comment B81: One commenter requested that Sec. 37.29(g) be revised
to include master materials licensee employees conducting inspections
under their license authority. The commenter also requested that
subparagraph (k) be revised to contain an explicit statement about
whether persons approved under a government program have to be
reapproved after a specified time interval.
Response: The NRC disagrees with the comment. A licensee employee
conducting an inspection on the licensee's own program is not the same
thing as an NRC or Agreement State inspector. The NRC disagrees that
the individual should be relieved from the background investigation
elements as the individual is still a licensee employee. The
individuals who were granted relief would be subject to the 10-year
reinvestigation. If the individual still fell under one of the
categories, such as Sec. 37.29(l), he or she would continue to be
relieved. However, the licensee would need to document that the relief
category still applied.
Comment B82: One commenter requested that the relief provided by
Sec. 37.29(i), from background investigations for emergency personnel
responding to an emergency, be extended to emergency response personnel
who are not responding to an emergency. The commenter pointed out that
these individuals need frequent access for smoke detector checks,
safety inspections of fire walls, assessment of and response to false
alarms, etc.
Response: The NRC disagrees with the comment. Fire department
personnel who need to check smoke detectors and conduct safety
inspections can be escorted. The NRC does not see why these individuals
would need unescorted access to radioactive material. Someone
responding to an alarm would be considered responding to an emergency,
even if the alarm turned out to be false.
Comment B83: One commenter suggested expanding Sec. 37.29(j) to
include handlers at the transportation facilities, i.e., the people who
physically handle the package at the freight terminals and move the
packages from one location to another. The commenter noted that
licensees cannot perform checks for these nonemployees.
Response: The NRC agrees with the comment and has added a new
category to include handlers at transportation facilities such as
freight terminals and rail yards.
Comment B84: One commenter noted that there is a gap whereby Sec.
37.29(m) does not cover self-employed service provider licensees who
are small business owners, for example, independent service technicians
who are licensed to perform maintenance and repairs on sealed source
irradiators. The commenter noted that these individuals are qualified
in a similar way for the applicability of Sec. 37.29, yet the wording
of this regulation does not appear to extend to them.
Response: The NRC believes that Sec. 37.29(a)(13) (formerly Sec.
37.29(m)) does cover a self-employed service provider. The access
authorization program would not be required of a service provider that
does not possess material; however, there is nothing in the regulation
that would prevent the service provider from conducting background
investigations that meet the requirements of Sec. 37.25. The service
provider would need to provide written verification that the individual
has been determined to be trustworthy and reliable under a subpart B
program. Additional information has been added to the implementation
guidance to address this situation.
Comment B85: One commenter indicated that Sec. 37.29 should
include exemption provisions for reputable security system vendors. The
commenter noted that these vendors perform extensive background checks
as part of their hiring process and it seems reasonable to consider the
service providers, software engineers, etc. who work at or with a
licensee's institution to be authorized to access the controlled areas.
The commenter noted that it is unreasonable to expect the licensee to
conduct its own background checks on all employees of the company who
may be involved in the security system at the particular institution.
The commenter noted that by not allowing this exemption, the licensee
may be less inclined to use the state-of-the-art security systems
available and this may be detrimental to the overall security of the
material. The commenter noted that although security service providers
are addressed in the ``protection of information'' section (Sec.
37.43(d)), they should be included here as well, since they not only
have knowledge of the security program but may also have the ability to
grant access.
Response: The NRC disagrees with the comment. It is not clear why
security system vendors, particularly software engineers, would need to
have unescorted access to the radioactive material. These individuals
would need to have access to some of the licensee's security
information, which is why they were included in Sec. 37.43(d).
Security system vendors may or may not conduct fingerprinting and an
FBI criminal history records check as part of their investigation
during the hiring process. Licensees may accept documentation from
vendors that vendor employees have undergone a background check meeting
the requirements of this part, but in the absence of evidence that all
vendors' employment checks meet part 37 requirements; vendor employees
should not be exempted by rule. Licensees also retain the prerogative
to escort such employees when they are onsite.
Comment B86: One commenter, while noting that several State
employees listed by job duties are listed as being relieved from the
background investigation requirements, suggested that State licensing
staff, information
[[Page 16968]]
technology staff, and legal staff be included. The commenter noted that
these individuals may also have access to such information.
Response: The NRC believes that the provisions in Sec. 37.29 are
broad enough to include other State employees that may require access.
Comment B87: The Nebraska Emergency Management Agency stated that
it believes that it is exempt from the fingerprinting, identification,
and criminal history records check requirements and only needs to
provide physical security for its one category 2 quantity source until
such time as the source is collected under the DOE source recovery
program.
Response: No licensee is exempt from the provision of 10 CFR part
37. Section 37.29 does provide relief from the fingerprinting and
background investigations for individuals that fall under one of the
categories. State employees would likely come under the provision of
Sec. 37.29(a)(4) or (6) and would be relieved from the background
investigation elements.
Comment B88: One commenter asked what ``other property'' refers to
in Sec. 37.29.
Response: The term ``other property'' comes from the AEA. The NRC
has removed the term as it has no meaning in the context of 10 CFR part
37.
Comment B89: One commenter suggested that the regulation itself
makes it clear that a licensee has the option of escorting the category
of individuals provided relief from the background investigation (Sec.
37.29), and that granting unescorted access to these individuals is not
required. The commenter also noted that it should be made clear that
the security training must be provided before granting unescorted
access.
Response: The NRC does not believe that the regulation needs to
specify that the licensee has the option of escorting the individuals.
It is always up to the licensee to decide whom it allows to have
unescorted access. The provision in Sec. 37.29 only provides relief
from the background investigation elements and does not require
granting unescorted access to designated categories of individuals. Any
individual allowed unescorted access to the material must meet all of
the licensee's applicable training requirements before having
unescorted access to the material.
Comment B90: One commenter requested that each subsection in Sec.
37.25, ``Background investigations,'' be revised to explicitly state if
the subsection is applicable and must be followed for those who are
relieved from elements of the background investigation under Sec.
37.29.
Response: The NRC does not believe that it is necessary to make the
requested revisions. Section 37.29(a) relieves the licensee from
conducting the fingerprinting and all other elements of the background
investigation. However, the licensee can still choose to conduct all or
some of the elements before providing unescorted access to an
individual who is covered by one of the categories listed in Sec.
37.29. The licensee will still need to verify identification.
Comment B91: One commenter, while supporting the transfer of
background information to outside entities allowed by Sec. 37.31(c)
felt that it would create additional legal issues and burdens on the HR
department that they would not be able to meet. The commenter was
concerned about the ability to authenticate the documentation presented
and avoid fraudulent documentation. The commenter is concerned that
there is no legally proper way to transfer such private information in
a secure manner that would not create legal failure points and possible
violations, as such, they would neither request nor offer such
information.
Response: The language in the rulemaking under Sec. 37.31(c)
states that the personal information obtained on an individual from a
background investigation may be provided to another licensee. While an
individual may request that this information be transferred or shared,
the licensee is not required by these regulations to do so, thereby
minimizing or eliminating additional legal issues or burdens on the HR
department that could arise from such requests. Any decision to request
or provide such information should be made at the licensee's
discretion. The rule merely states that NRC considers it an acceptable
practice, provided that the stipulations in Sec. 37.31(c) are met.
Per the language provided in Sec. 37.31(c)(2), the recipient
licensee must verify information such as name, date of birth, social
security number, gender, and other applicable physical characteristics,
which should aid in authentication and the avoidance of utilizing
fraudulent documentation.
Comment B92: Two commenters noted that the proposed rule has no
mention of safeguards of the privacy of this background information, or
of the method of review. One commenter requested clarification on
whether the licensee needed to retain the fingerprints or just the
records returned from the FBI.
Response: Information protection provisions for the background
investigation are located in Sec. 37.31. The licensee is only required
to retain the records returned from the FBI and not the actual
fingerprints. The NRC is not sure what the commenter meant by method of
review.
Comment B93: Two commenters suggested revising the language for the
timing of the program review to ``periodically (at least annually)
review'' similar to what is contained in Sec. 20.1101. The commenters
stated that the proposed wording is onerous and unnecessary. Another
commenter suggested adding the access authorization program review to
the security program review. Several commenters suggested a 36-month
timeframe or after changes to the program. The commenter noted that the
program should see little revision once it is put in place and that an
annual review seems excessive. One commenter indicated that NRC should
specify those essential program elements for inclusion in the program
review noting that placing such information in the guidance would not
be enforceable and would be a disservice to licensees. Another
commenter stated that there were too many criteria and it could lead
someone to think that the annual security review was more important
than the safety review. Another commenter suggested every 3 to 5 years
for the program review. One commenter noted that the program review
could take from 1 to 3 man days.
Response: The NRC agrees with the comment in part and has revised
the language for the program review to be consistent with Sec.
20.1101. The use of consistent terminology between the safety and
security programs should enhance the licensee's understanding of the
requirement. The content of the program review has not been revised.
Comment B94: Two commenters recommend that facilities utilizing
Federal security clearances should be exempted from the program review.
Response: The NRC disagrees with the comment. While the actual
background investigations and protection of information would be
covered by the Federal program, other aspects of the access
authorization program would not necessarily be included in the Federal
program. For example, the licensee would still need to have a program
in place to document the information on who has access.
Comment B95: One commenter stated that the reviewing official and
the individual with overall responsibility for the security program
should be required to review the access authorization program review
findings. The commenter felt that it was logical for the individual
with overall security
[[Page 16969]]
responsibility to be involved in the review; otherwise, the program
could result in split responsibility for the security program.
Response: The NRC disagrees that a rule change is warranted. The
rule provides the licensee with flexibility as to who should be
designated to review the program review findings. The NRC does agree
that it would be appropriate for both the reviewing official and the
individual with overall responsibility to conduct the review.
Comment B96: One commenter questioned whether licensees should be
obligated to provide unescorted access to any inspectors. The commenter
asked whether Agreement State inspectors are required to present
credentials indicating that they are in compliance with the background
investigation.
Response: Licensees are not obligated to provide unescorted access
to an inspector. A licensee always has the option of accompanying the
inspector. The regulations only require that the licensee ``shall
afford to the Commission at all reasonable times opportunity to inspect
category 1 or category 2 quantities of radioactive material and the
premises and facilities wherein the nuclear material is used, produced,
or stored.'' This means that the licensee must allow the inspector to
go anywhere in the facility but can choose to accompany the inspector.
A licensee has the right to request that an inspector present his or
her credentials (e.g., an agency issued badge) and to confirm with the
inspector's home office that the individual is indeed an employee of
the agency. However, the inspector is relieved from the background
investigation elements and does not need to present any documentation
of compliance with the background investigation.
Comment B97: One commenter recommended adding language that states
that the licensee is not prohibited from revoking previously granted
authorizations at any time.
Response: The rule contains language in Sec. 37.23(e)(4) that
allows the reviewing official to terminate or administratively withdraw
an individual's unescorted access authorization based on information
obtained after the individual has obtained unescorted access.
Comment B98: One commenter noted that language needs to be included
to allow access to SGI-M and other security related information
identified in the part in addition to unescorted access privileges for
category 1 and category 2 materials.
Response: The NRC disagrees with the comment. Provisions for the
protection of SGI, including access restrictions, are located in
Sec. Sec. 73.21 and 73.23. The requirements do not need to be repeated
in 10 CFR part 37. Part 37 contains appropriate references to the 10
CFR part 73 SGI requirements.
Comment B99: One commenter noted that language is necessary to
include the phrase `unless otherwise suspended or revoked' to address
those situations where such restrictive actions became necessary in
regard to access to information or the material.
Response: The NRC disagrees with the comment. Section 37.23(e)(4)
contains language that permits the reviewing official to terminate or
revoke an individual's unescorted access authorization. The NRC does
not believe that additional language is necessary.
Comment B100: One commenter indicated that the rule should include
a limitation on escorted access to only those needing such access to
perform a job function or assist in educational activities.
Response: The NRC disagrees with the comment. The licensee should
be allowed to determine who should be provided escorted access to the
facility and materials. While there should be a need for the escorted
access, there could be reasons other than to perform a job function or
for educational activities.
C. Security During Use
Comment C1: One commenter stated that Sec. 37.41(a) did not allow
for the concept of co-location of sources, only addressing aggregated
sources. The commenter noted that it was not cost effective to require
increased controls on fixed gauges that are scattered throughout a
facility.
Response: The concept of co-location is built into the definition
for aggregated. Fixed gauges that did not fall under the orders do not
fall under 10 CFR part 37.
Comment C2: Several commenters stated that the provisions in Sec.
37.41(a)(2), providing for a 90-day notice before aggregation of
material, were confusing and unnecessary and that aggregation would be
detected during routine inspections. The commenters felt that the
provisions would lead to unintentional noncompliance. Another commenter
questioned how the agency would know when a licensee aggregated the
material, indicating that it would be time consuming and costly to
coordinate and track. Another commenter suggested adding language to
address the permittee system under master materials licenses. One
commenter noted that Sec. 37.41(a)(4) required implementation before
possession. One commenter noted that it should be assumed that
licensees are implementing the measures if they aggregate. One
commenter disagreed with the notification for activation of the
security plans.
Response: The NRC agrees in part and disagrees in part. The
provision was added to help licensees that do not routinely possess an
aggregated category 2 quantity, but may on occasion. The provision was
intended to provide some relief from the need to always meet the
requirements. However, since the wording has caused confusion, the NRC
has revised the provision to simplify and clarify the requirement. A
licensee only needs to provide a 90-day notice before aggregating the
material if the licensee has never implemented either the orders or the
10 CFR part 37 provisions.
Comment C3: One commenter suggested adding a provision in Sec.
37.41(2) to note that the NRC or Agreement State may prohibit the
transfer of radioactive material in quantities of concern should an
evaluation of the security plan be found lacking until corrective
measures are taken and verified.
Response: The NRC disagrees with the comment. The NRC or State may
take action to prohibit the transfer of material in such a situation;
however, a provision in the regulations is not necessary. NRC would
typically issue an order to the licensee or issue a confirmatory action
letter documenting the licensee's agreement not to ship material until
the issues have been resolved.
Comment C4: One commenter recommended that the general performance
objective in Sec. 37.41(b) be revised to remove the phrases ``without
delay'' and ``an actual or attempted.'' Two commenters noted that this
objective is unrealistic during normal business hours as unauthorized
access, whether actual or attempted, would only be detected ``without
delay'' if individuals were in the vicinity and could witness the
access or attempt to access. One of the commenters stated that
``without delay'' is unrealistic during normal business hours as a
business' security system will not be set to alarm. One of the
commenters noted that areas that may contain category 1 or category 2
quantities may be locked and unoccupied but not monitored. The
commenters further noted that, after business hours, an armed security
system could detect (without delay) unauthorized access to an area that
contained a category 1 or category 2 quantity of material but may not
be able to detect an ``attempt'' to access the area
[[Page 16970]]
as the attempt may have failed without compromising a security measure
or triggering an alarm. One commenter suggested revising the
performance objective in Sec. 37.41(b) as follows: ``Each licensee
shall establish, implement, and maintain a security program that is
designed to monitor, detect, assess, and respond to unauthorized access
to category 1 or category 2 quantities of radioactive material.'' One
commenter recommended defining ``without delay'' in Sec. 37.41(b),
particularly with regard to the assessment of an access incident. One
commenter suggested the following language for Sec. 37.41(b): ``Each
licensee shall establish, implement, and maintain a security program
that is designed to monitor, and without undue delay detect, assess,
and respond to an actual or attempted unauthorized access to category 1
or category 2 quantities of radioactive material as outlined in their
security plan.''
Response: The NRC disagrees with the comment. The purpose of the
security program is to prevent unauthorized access and to detect
unauthorized removal of the material. The sooner material is discovered
to be missing, the more quickly a response can be started that includes
trying to apprehend those who stole the material and to recover the
material before it can be used for malevolent purposes. The NRC agrees
that the licensee is not expected to respond to events that do not
trigger the security system. The threshold for the security systems
should not be set so high that actual attempts, such as someone trying
to pry open the door, are not detected or so low such as someone
casually brushing a doorknob sets off the alarm. The NRC does not see
any benefit to adding ``as outlined in their security plan'' to the
rule text. The security plan must meet the requirements, and the
licensee must follow the security plan.
Comment C5: One commenter recommended that a provision be added to
require the licensee to appoint an individual with overall
responsibility for the security program. The commenter noted examples
where no one individual had responsibility to implement the security
measures and noted that a default person such as the RSO may not have
the necessary authority or ability to ensure that the program is
working. The commenter noted that having the licensee specifically
designate an individual will clarify responsibility and provide some
authority. Another commenter noted that the individual should be placed
on the license as is done for the RSO.
Response: The NRC, while agreeing that it is good practice to have
an individual with overall responsibility for the security program,
does not believe that the requirement needs to be in the regulations.
If there were a requirement most licensees would likely name the
individual on the license and then it would take a license amendment to
change the named individual.
Comment C6: Several commenters objected to the requirement to
develop a security plan if they are authorized but never possess a
category 2 quantity or never aggregate the material above a category 2
threshold. Commenters felt that the exercise to develop a plan was a
waste of time and manpower and questioned the value of preparing for an
eventuality that will never occur. Some commenters noted that the
material was in different buildings or scattered throughout a facility.
One commenter stated that physical protection requirements during use
have already been met and there isn't any evidence that requiring
licensees to try and track locations of small amounts of source
material so as not to aggregate to a threshold quantity is unnecessary
to protect the security of the general public. One commenter asked what
the security plan should contain if a licensee doesn't possess category
2 quantities of material. Two commenters stated that a licensee must
implement a full security program based on authorization and not
possession and that this is inconsistent and places an undue burden on
licensees. One commenter requested clarification on whether the
security plan would need to be implemented if the licensee was
authorized for sources above the category 2 threshold but the sources
were located at different sites.
Response: The NRC agrees with the comment and has revised the rule.
Licensees will only be required to develop and implement a security
plan if it aggregates the material to a category 1 or category 2
quantity of radioactive material at a specific location.
Comment C7: Several commenters felt that the specified contents for
the security plan were too prescriptive. Commenters felt that each
facility needs to have the flexibility necessary to develop a security
plan that works best for them and that every security plan may not need
all the prescriptive requirements specified in the proposed rule.
Commenters noted that licensees have already developed their programs
to implement the orders and that the programs have already been
inspected and compliance verified. Commenters felt that the specificity
of the rule was in conflict with the concept of a performance-based
regulation. One commenter noted that the blind ``broad brush''
application of arbitrary requirements is not how to increase security;
it should be based on each licensee's unique requirements. One
commenter noted that there should be an exemption for licensees that
already have a security plan in place.
Response: The NRC does not agree with the comment that the security
program is too prescriptive. The licensee is free to choose the methods
that work best for its facility; the exact security measures to be used
are not prescribed. The content of the security plan is based on the
measures that the licensee chooses to use. The NRC has made changes to
Sec. 37.43(a) to clarify that the security plan is specific to a
facility and its operation and to remove the requirement to address
site-specific conditions that affect implementation. The NRC has
determined that the site-specific aspects would be addressed by the
measures used by the licensee and could not be addressed for temporary
jobsites without creating a security plan for each site. It was not the
NRC's intent to require a unique security plan for each temporary
jobsite. The NRC has also removed the requirement to include a
description of the training program. There is a separate requirement
that addresses training, and it is not necessary to describe the
program in the security plan.
Comment C8: One commenter noted that the original security plan
must be reviewed and approved by the individual with overall security
responsibility but that any revisions to the plan must also be reviewed
by licensee management. The commenter questioned the different review
and approval requirements. The commenter further noted that licensee
management may not have a need-to-know and may not wish to go through
the background investigation process just to review a plan,
particularly if the authority and responsibility have been delegated.
Another commenter noted that this also contradicts the requirement to
limit access to the security plan.
Response: The NRC agrees with the comment and has removed the
requirement for licensee management to review the revised plan.
Comment C9: One commenter stated that the phrase ``measures and
strategies'' in Sec. 37.43(a)(1)(i) is meaningless and unenforceable
even as a performance-based goal. The commenter stated that the phrase
should either be removed or the intent made clear by measurable,
quantifiable, or otherwise objective expectations.
Response: The NRC disagrees with the comment. The licensee is
required to describe the overall approach, methods,
[[Page 16971]]
and equipment that it uses to meet the security requirements.
Additional information has been added to the guidance.
Comment C10: One commenter indicated that the present security plan
(from the orders) is sufficient and that a more stringent security plan
is unnecessary.
Response: The NRC disagrees with the comment. The orders did not
require licensees to even develop a security plan. The NRC does not
believe that the requirements for the security plan are overly
stringent. In fact, the licensee has the flexibility to include in the
plan the site-specific measures that the licensee employs.
Comment C11: One commenter requested clarification in the situation
where there is a high-level corporate security plan in place. The
commenter's interpretation is that the security plan is not required to
apply exclusively to the security of category 1 and 2 radioactive
materials but can be an adaptation of a preexisting site or corporate-
wide plan as long as the required elements are met.
Response: The NRC agrees with the comment. As long as a preexisting
site or corporate-wide plan meets the requirements of subpart C as to
the content of the security plan, the plan would be acceptable and a
new plan would not need to be developed.
Comment C12: One commenter asked whether the written security plan
must be a separate document in addition to the Standard Operating
Procedures (SOPs) that pertain to security. The commenter felt that it
is acceptable for a set of written SOPs to constitute a ``written
security plan'' and would like the regulation to confirm that. Another
commenter requested that a subsection be added to Sec. 37.43 to allow
the security plan and procedures to be the same document or a group of
documents.
Response: Each licensee must determine what information is
applicable to its facility and must be included and documented in its
security plan. If a licensee already has a security plan developed to
meet the requirements of an order or for other purposes, and this plan
meets all the requirements in 10 CFR part 37, there is no need to
develop a new plan. However, it is unlikely that many licensees will
already have all the required information in place in existing
procedures.
If a licensee has existing written procedures and policies in place
that will be incorporated as part of its security plan under 10 CFR
part 37, these may be referenced in the security plan as such; however,
if these existing procedures contain information which would require
marking and handling as SGI-M, then the licensee must ensure that all
copies of the existing documents are appropriately marked and handled.
Comment C13: One commenter proposed that for mobile licensees the
rule be modified to allow the preparation and submittal of a generic
security plan that would be supplemented by a project-specific security
plan prior to initiating work on any given project. The commenter
proposed that the submittal of the generic security plan be required
within 30 days of publication of the final rule as proposed by NRC;
however, the 90-day requirement would not apply.
Response: It was not the intent of the NRC to require the
development of a site-specific security plan for each temporary
jobsite. Development of a general security plan that addresses how
security will be applied at temporary jobsites will meet the
requirement for having a security plan. The security plan is not
submitted to the NRC for approval but would be available at a facility
or temporary jobsite during inspection. The NRC has removed the
requirement that the security plan address site-specific conditions.
Comment C14: One commenter noted that, since the security plan is
to include a description of the environment, buildings, or facility
where the material is used or stored, this would require companies that
work at temporary jobsites to develop a separate plan for each jobsite.
The commenter noted that this would be extremely costly and would
require at least one additional employee per crew to follow the workers
around, assess the surrounding environment, write a security plan, and
train the crew in the new security plan prior to any work being
performed each day. The commenter stated that this would cause undue
burden on the licensee with no evidence that it would in any way stop
an attack or protect the general public.
Response: The NRC agrees with the comment and has removed the
requirement for the security plan to address site-specific conditions.
It was not the intent of the NRC to require the development of a site-
specific plan for each temporary jobsite. Development of a general
security plan that addresses how security will be applied at temporary
jobsites will meet the requirement for having a security plan. For
those temporary jobsites that may be considered permanent (i.e., pipe
yards), the licensee should develop a more specific security plan.
Comment C15: One commenter noted that references to the security
plan should be more specific to avoid security plans required by other
parts.
Response: The NRC disagrees with the comment. The term, as used in
10 CFR part 37, refers to the security plan required by 10 CFR part 37,
and there should be no confusion. Anywhere in this Federal Register
notice or in the guidance for the rule where a different security plan
is being referred to, language has been added to make clear that it is
a 10 CFR part 73 security plan.
Comment C16: One commenter stated that the security program is too
prescriptive and suggested using language similar to Sec. 20.1101 to
implement a program commensurate with the scope and extent of licensing
activities and sufficient to ensure compliance with the provision of
this Part. The commenter stated that this would allow the licensee the
necessary flexibility in documenting its specific program but would not
be prescriptive.
Response: The NRC disagrees with the comment. The NRC believes that
the 10 CFR part 37 requirements provide the licensee flexibility. The
rule does not specify what specific measures that a licensee must use;
a licensee can choose those methods that fit its facility. The security
plan, procedures, and training would address the measures that the
licensee has chosen to use to protect the material.
Comment C17: One commenter suggested deleting Sec. 37.43(b) on
implementing procedures because separate procedures for the
implementation of the security program are unnecessary since they
should be incorporated into the security procedures. Another commenter
stated that many implementing procedures will be developed that do not
include specific security measures designed to protect the sources and
that do not need to be protected under this section. As examples the
commenter offered procedures and forms on how to apply for unescorted
access, how to add people to Radiation Use Authorizations involving
irradiators, or procedures on record destruction.
Response: The NRC disagrees with the comment in part and agrees in
part. Implementing procedures are a necessary component of both safety
and security programs. If a licensee already has security procedures,
it is acceptable to continue using those procedures and update the
procedures to reflect any changes to the program. The licensee is not
required to protect all of its procedures under this provision. The
only procedures that require protection are procedures that document
how the security program is implemented. This would include procedures
on alarm
[[Page 16972]]
response, security guard checks, and procedures that describe actual
security measures. It would not include the types of procedures
mentioned by the commenter. Examples have been added to the guidance
document.
Comment C18: One commenter noted that Sec. 37.43 does not mention
that the requirements apply to individuals who have access to SGI.
Response: Section 37.43(d)(8) does contain a reference to the
protection of SGI. The requirements for access to and protection and
handling of SGI are contained in 10 CFR part 73.
Comment C19: Several commenters stated that there was no need for
the refresher training unless something specific about the program
changes. Commenters felt that only those individuals with a need-to-
know should receive training on specific changes and that not everyone
should be trained on the security plan. One commenter noted that those
who just use the device do not need to be trained on the security of
the device. Two commenters felt that refresher training every 12 months
would be burdensome, particularly if you have many employees needing
the training. One commenter suggested that the periodicity of the
refresher training be based on licensee's expectations and assessments
for a need for refresher training. One commenter noted that the
inclusion of training on the security program just added to the
overhead. Another commenter expressed concern with the probable cost of
the training program and noted that it could require a staff member to
be assigned to the task full time to keep up with the training,
refresher training, and testing for large numbers of diverse
individuals with frequent turnover such as at a university. One
commenter requested cost estimates specific to the training
requirement.
Response: The NRC disagrees with the comment. The NRC believes that
training is an essential element of any program. If employees are not
trained, how will they know what to do if an alarm sounds or material
is determined to be missing? The training needs to be commensurate with
the individuals' responsibilities. The estimated cost for the training
is included in the regulatory analysis prepared to support the rule.
Comment C20: One commenter stated that the training program
requirements were too prescriptive and go well above what is in the
existing orders. One commenter wanted to know what the training entails
and requested a definition of the term ``adequate training.''
Response: The NRC disagrees with the comment that the training
program requirements are too prescriptive. The NRC believes that
training is an essential element of any program and should be required.
The orders did not require any training to be conducted. The training
must address the licensee's security program and procedures and the
security measures employed by the facility. Individuals do not need to
be trained on the complete security plan; the training should be
commensurate with their responsibilities. The provisions in Sec.
37.43(c)(1)(ii), (iii), and (iv) are also general and are similar to
the training provisions of Sec. 19.12.
The term ``adequate training'' is not used in the rule language.
However, the training must cover the information for an individual to
carry out his or her assigned duties and responsibilities.
Comment C21: One commenter stated that Sec. 37.23(a)(2) requires
users to be trained in all aspects of the security plan and that this
conflicts with Sec. 37.43(c)(2) which notes that the training should
be commensurate with the individual's responsibilities.
Response: The NRC disagrees that there is a conflict between the
sections. Section 37.23(a)(2) requires the training required by Sec.
37.43(c) to be completed before allowing the individual to have
unescorted access. It does not state that the individual must be
trained on all aspects of the security plan.
Comment C22: One commenter recommended defining ``relevant
results'' in Sec. 37.43(c)(3).
Response: The NRC disagrees with the comment. The term relevant is
a common term and in this case simply refers to items that are related
to security. Examples of some items that would be included are areas
where staff has had trouble following the security requirements,
violations of the security requirements that have been discussed in an
inspection report, and measures taken to fix any identified security
issues. Additional information has been added to the associated
implementation guidance.
Comment C23: Two commenters requested clarification on the timing
of the refresher training. The commenters noted that their
understanding was that refresher training could be taken more than 365
days after the previous training, as long as it is taken within the
same month of the succeeding year.
Response: The commenter is correct in its understanding that the
training is to be provided at a 12-month frequency and be conducted
within the same month of each succeeding year. This allows licensees
greater scheduling flexibility to accommodate the needs of their
operations, instead of holding them to a strict 365-day time
constraint.
Comment C24: One commenter did not think that the licensee should
be training the LLEA on rules of engagement, such as the proper
response to an alarm. The commenter also asked whether it would be
considered self defense to shoot a perpetrator that holds a category 2
source up as to expose the responder. Another commenter noted that the
LLEA does not have the time or the inclination to undergo licensee
training. One commenter requested clarification on whether the training
program included LLEAs.
Response: The training is not for the LLEA but for the licensee's
staff that would be responding to the alarm. The licensee is not
required to conduct any training of the LLEA, although providing the
LLEA an overview of the facility is a good practice. The rule does not
authorize lethal force or arming of licensee personnel.
Comment C25: In the proposed rule, the NRC specifically invited
comment on the requirement to protect security-related information.
Commenters were requested to provide information on: (1) Whether the
Agreement States have adequate authority to impose the information
protection requirements in this proposed rule; (2) whether the
Agreement States can protect the information from disclosure in the
event of a request under a State's Freedom of Information Act or
comparable State law; (3) whether the proposed rule is adequate to
protect the licensee's security plan and implementing procedures from
unauthorized disclosure, whether additional or different provisions are
necessary, or whether the proposed requirements are unnecessarily
strict; (4) whether other information beyond the security plan and
implementing procedures should be protected under this proposed
requirement; and (5) whether the background investigation elements for
determining if an individual is trustworthy and reliable for access to
the security information should be the same as for determining access
to category 1 and category 2 quantities of radioactive material.
Nineteen commenters provided responses to the specific questions on
this subject.
Of those that provided responses to the questions on the protection
of information, the commenters were divided in their views. Some felt
that the proposed provisions were sufficient, some felt that they were
unnecessarily strict, and some felt that the current provisions from
the Increased Control Orders were sufficient. One commenter stated that
with the proposed provisions, there was no continued need
[[Page 16973]]
for any of the security information to be considered SGI or SGI-M. One
commenter stated that the requirements should be clarified to indicate
that only written copies of the plan and procedures will be protected.
One commenter stated that the rule was unnecessarily strict by
requiring that persons with access to the security plan and procedures
also be permitted unescorted access to the sources. Two commenters
suggested that the list of individuals granted unescorted access to the
security zone should also be protected. Most of the commenters agreed
that the background investigation elements for determining whether an
individual has access to the information and radioactive material
should be the same. Two individuals stated that a criminal history
records check should be part of the background investigation for access
to the information. Two commenters stated that the elements should be
different but did not indicate what should be different. On the
question of whether the States have adequate authority to impose the
information requirements, many commenters indicated that the States do
have the authority or that they thought the States did. On the question
of whether the States can protect the information from disclosure in
the event of a request under a State's Freedom of Information Act, most
of the responses were not definitive. Several commenters indicated that
an opinion from the State Attorney General's Office would be necessary;
four States indicated that they did have the necessary authority.
In addition to those that provided responses to the specific
questions, 8 commenters addressed the information protection
provisions. One State noted that it did have authority to impose the
information protection requirements and could protect the information
from disclosure. One commenter noted that there are already processes
in place under SGI and/or official use only (OUO) to protect security
information.
One commenter recommended adding the list of individuals approved
for unescorted access authorization to the information that must be
protected from unauthorized disclosure, noting that if the names become
public, the individuals could potentially be targeted to gain unabated
access to sources. One commenter requested that Sec. 37.43(d)(1) be
revised to clarify that the protection of information refers to the
written security plan or procedures only, so as to preclude unwarranted
interpretations during a regulatory inspection about what information
or discussions to restrict. The commenter offered suggested language as
follows: ``(1) Except as provided in paragraph (d)(8) of this section,
licensees authorized to possess category 1 or category 2 quantities of
radioactive material shall limit access to copies of their written
security plan and implementing procedures and unauthorized disclosure
of substantive details of the plan or procedures that facilitate
unauthorized access.''
Commenters noted that the fingerprinting element was not included
in the background investigation elements for access to security
information, and several commenters stated that it should be included.
Other commenters requested clarification whether fingerprints were
prohibited for this purpose. Commenters requested that the NRC make the
requirements for background checks consistent throughout the rule. One
of the commenters noted that a licensee is left either to perform
incomplete checks on individuals with whom information is shared, or to
grant unrestricted access to individuals who truly do not need the
access, just to allow the licensee to conduct the main element of the
background check (i.e., the FBI identification and criminal history
records check). One commenter stated that the response discussion for
C6 in the Statements of Consideration should be modified to include the
requirement that anyone seeking information on category 1 quantities of
radioactive material must also have undergone the access authorization
process, including the FBI criminal history review and fingerprint
identification verification. The commenter stated that this would be a
practical threshold for States to have equivalent rules in place that
mimic the NRC's SGI-M requirements in 10 CFR part 73.
One commenter stated that the phrase ``security service provider
employees'' as used in paragraph Sec. 37.43(d)(4)(ii) is too general.
The commenter indicated that it didn't appear that the intent of the
NRC was to require background checks on individuals who do not access
the facility and simply monitor the facility's security system from an
offsite location, such as alarm service providers. The commenter
further asked if the requirement is intended to address security guard
service employees who work on the licensee's premises that contain
category 1 and category 2 quantities of materials. Another commenter
requested clarification and suggested revised language. One commenter
noted that the exemption to performing background investigations for
employees of security service providers requires written verification
from the provider for each employee. The commenter stated that it may
be more appropriate to approve the security service provider as a whole
since it may be difficult for the licensee to maintain a current list
of all employees of the vendor who may have intimate knowledge of the
security system at the licensee's location(s). The commenter noted that
it would be burdensome for the licensee to track individual employees
of these companies. The commenter stated that a letter documenting the
background investigation procedures of the security vendor could be
provided to the licensee to allow it to forego the access authorization
procedures for the security vendor employees. One commenter stated that
each subsection on the protection of information (background
investigation information) should be revised to state explicitly which
subsections are applicable and must be followed for individuals
provided relief in Sec. 37.29.
One commenter stated that there should be no need to have another
documented basis for an individual to have access to the security plan
if it has already been documented that the individual has unescorted
access to material as it is redundant and create additional burden. One
commenter also requested that a table or flow diagram be added to the
guidance document to show when the background investigation elements
apply.
Response: All aspects of the information protection requirements
apply to all of the background investigation information possessed by
the licensee whether the information is the full background
investigation or information on how the individual met a category in
Sec. 37.29 for relief from background investigation requirements. The
NRC agrees that the list of individuals that have been approved for
unescorted access should be protected and has added it to the list of
items for protection. Individuals do not need to have unescorted access
to the radioactive material in order to have access to the protected
information. An individual who has been granted unescorted access to
the radioactive material would not need to undergo another background
investigation to have access to the security information. The licensee
would need to document that the individual has a need-to-know the
information. The rule has been clarified that a second background
investigation is not necessary.
On the issue of protecting only written copies of sensitive
information, the NRC disagrees with the comment. The licensee must
protect against any form of unauthorized disclosure of the
[[Page 16974]]
protected information, including verbal or electronic disclosure.
On the issue of the security service provider, the NRC disagrees
with the suggested change as a security service provider may not be a
guard and could include other occupations. Language in Sec.
37.43(d)(4)(ii) allows the licensee to accept a security service
provider's determination of trustworthiness and reliability based on a
full background investigation. Additional information has been added to
the implementation guidance.
On the issue of requiring fingerprints and FBI criminal history
records for access to the information, the NRC does not have the
authority to require fingerprints for access to this type of security
information. The NRC can only require fingerprints for access to SGI
and unescorted access to radioactive material. The NRC has added a
table to the guidance document on the background investigation
elements.
Comment C26: One commenter requested clarification of Sec.
37.43(d)(3) as to whether individuals, who by nature of their job
position have knowledge of critical components of the security plan,
would be required to undergo a background investigation unless they
have access to the security plan document or any of its implementing
SOPs. Examples include a security guard with access to an alarm-
response schematic or an IT specialist who supports an IT system
responsible for alerting security personnel of adverse indicators in
the area of category 1 or category 2 radioactive sources. In each case
the individual has knowledge of security plan components but would not
have access to the plan itself or implementing SOPs.
Response: Employees or service providers with limited knowledge of
the security plan but without access to the plan or the implementing
procedures would not necessarily need to undergo a background
investigation. The licensee would have to decide in some cases how much
knowledge of the plan the employee has; if the employee is familiar
with the plan and procedures, even if he does not have access to the
document, it may be necessary to conduct a background investigation and
make a determination of trustworthiness and reliability. Note that new
language in Sec. 37.43(d)(4)(ii) allows the licensee to accept a
security service provider's determination of trustworthiness and
reliability based on a full background investigation.
Comment C27: One commenter requested that the language in Sec.
37.43(d)(5) requiring that ``* * * the licensee shall immediately
remove the person * * *'' be revised to remove the word ``immediately''
and to substitute ``as soon as practical.'' The commenter noted that
the person won't immediately forget the information in the plan and
that there is no need for immediate removal.
Response: The NRC agrees with the comment. An immediate removal
from the list is probably not necessary. The NRC has revised the
language to reflect that the removal should occur as soon as possible
but no later than 7 working days.
Comment C28: One commenter objected to the phrase ``in a manner to
prevent removal'' in Sec. 37.43(d)(6). The commenter felt that the
phrase was exceedingly vague. The commenter suggested a change to
``secure the plan to prevent unauthorized access.''
Response: The NRC agrees with the comment and has revised the rule
text to read: ``When not in use, the licensee shall store its security
plan and implementing procedures in a manner to prevent unauthorized
access.''
Comment C29: One commenter requested clarification on whether a
reinvestigation is required for individuals who have access to
sensitive information only, and if so, the procedure that should be
followed.
Response: Yes, the reinvestigation applies to individuals who have
access to sensitive information. The rule has been clarified to make
the requirement clear.
Comment C30: One commenter requested that language from the orders
addressing marking and transmission of security related documents be
added to the rule.
Response: The NRC disagrees with the comment and does not believe
that the marking and transmission measures need to be added to the
rule. Licensees are not required to submit either the security plan or
implementing procedures to the NRC. The NRC reviews these documents
during inspections at the site. The transmission portion is therefore
not necessary. The necessary elements from the orders on access to and
protection of the information are in the rule. The other elements are
good practice, but the NRC does not believe that they are essential for
the adequate protection of the information. However, if a licensee
believes that information submitted to the NRC should be withheld from
public disclosure, the licensee should follow the requirements in Sec.
2.390.
Comment C31: One commenter suggested that the terms ``Safeguards
information'' and ``Safeguards information modified handling'' be
defined in 10 CFR part 37.
Response: The NRC disagrees with the comment. Safeguards
information and safeguards information modified handling are defined in
10 CFR part 73 where the requirements for handling such material are
located. The reference in 10 CFR part 37 is merely a pointer to the
requirements and does not establish any new requirements; therefore,
the NRC does not believe that a definition for these terms is necessary
in 10 CFR part 37.
Comment C32: One commenter asked that the NRC define ``to the
extent practicable'' for coordination with LLEAs.
Response: This provision was added to the rule to provide the
licensee with some flexibility. Some LLEAs may be reluctant to engage
in coordination activities with a licensee. The provision ``to the
extent practicable'' allows the licensee to remain in compliance with
the rule when an LLEA will not participate in any coordination
activities. The NRC does not believe that phrase needs to be defined.
Guidance is available on this topic and other aspects of the rule in
the associated implementation guidance.
Comment C33: Two commenters recommended deleting paragraph Sec.
37.45(a)(1)(ii) as this information would be classified as SGI or SGI-M
for some licensees and would require handling and control in accordance
with Sec. 73.21. The commenter indicated that there appears to be
little if any benefit in providing this information to the LLEA that
would warrant the dissemination of SGI or SGI-M. Another commenter felt
it was unnecessary to describe specific security measures such as alarm
types and locations unless the LLEA is actually monitoring these
alarms. The commenter asserted that a generic description would be
adequate for the purpose of LLEA situational awareness.
Response: The NRC disagrees with the comments. The NRC believes
that the information on the facility can be useful to the LLEA. In an
event where someone is trying to steal the material, the LLEA can mount
a more informed response if information about the facility is available
to the responders. When NRC staff has met with LLEA representatives,
the representatives have indicated interest in the coordination
activities. LLEAs are deemed trustworthy and reliable for access to
sensitive security information as well as SGI.
Comment C34: One commenter noted that an LLEA is not going to tell
every licensee whether the initial response to an emergency involving
radioactive materials must be provided by other than armed LLEA
personnel and
[[Page 16975]]
questioned how a licensee would know this information. The commenter
suggested removing the provision as it was a nonsense requirement. One
commenter stated that the NRC should coordinate with the States to be
notified instead of requiring the licensee to notify the NRC after the
licensee becomes aware of any State or local requirements that an
initial response to an emergency involving radioactive material must be
provided by other than armed LLEA personnel. Another commenter
recommended removing the requirement. One commenter asked what the NRC
would do after such notification.
Response: The NRC agrees that there may be some reluctance on the
part of the LLEA to provide the information. The provision is not
included in the final rule.
Comment C35: One commenter questioned the need for a specific
written agreement for response. The commenter also requested
clarification on what must be included in the agreement. Some
commenters questioned the benefit of requiring coordination with the
LLEAs and questioned whether this was the best use of LLEA resources
given the low probability of an actual threat to sabotage or steal a
category 2 source. Commenters indicated that, based on their experience
to date with the orders, the LLEA coordination was not beneficial,
noting that at best the LLEAs would acknowledge the coordination
attempts with no commitments, other than to respond in the manner they
believed was proper, and that most LLEAs were completely disinterested
and did not acknowledge any information provided by the licensee. They
noted that in their discussions with those LLEAs where feedback was
provided, the LLEAs were unwilling to discuss the manner in which they
planned to respond and unwilling to commit to any specific action as
each decision to respond must be based on their judgment of the
circumstance. One commenter indicated that LLEAs would not want to
disclose their capabilities. One commenter noted that the LLEA is not
required to comply with the request. At least one commenter questioned
whether it would be more efficient to inform/train only the LLEA
involved when the billions we spend on intelligence indicate a credible
threat. Commenters felt that adding a requirement does not address the
root cause. One commenter expressed concern that security could be
reduced if the LLEA failed to protect the information or had to release
the information under a FOIA request. The commenter suggested a
reevaluation of the information provided to the LLEA such that release
of information would not cause a breach in security. Two commenters
noted that they had successfully coordinated with their LLEA under the
orders and do not believe that any additional requirements are needed.
One commenter indicated that the coordination process should be a
clearly defined process. One commenter stated that LLEA coordination
requirements were overly prescriptive and difficult to implement. The
commenter stated that, if NRC feels this is necessary, NRC should take
the lead and identify contacts and provide training. A commenter noted
that the use of 911 is effective for all kinds of emergencies and
should be used by licensees. One commenter agreed that there is value
in a coordinated response from an LLEA and that such a response should
include the capability of bringing armed force; however, the commenter
stated that it was inappropriate to place the requirement on the
licensee. The commenter stated that the extent of the response should
be left to the discretion of the LLEA. The commenter noted that the
requirement for a written agreement with the LLEA was unenforceable and
outside the State's jurisdiction. Two commenters noted that the LLEA
coordination was one of the most difficult areas to implement from the
orders and places responsibility on licensees for activities they
cannot control.
Response: While the orders contained a requirement for a
prearranged plan with the LLEA, the proposed rule only contained a
provision to request that the LLEA enter into a written agreement.
After evaluation of all of the comments on the LLEA coordination, the
NRC has simplified the requirement. The NRC continues to believe that
coordination with the LLEA is important, and the rule contains a
requirement for coordination. However, the decision was made that
several of the items, while good ideas, were better addressed in the
guidance document and not in the rule itself. A written agreement and
several of the coordination activities are not included in the final
rule. Even if a written agreement had been reached, an LLEA will
respond as it feels is appropriate to the particular situation.
Comment C36: One commenter objected to requesting the LLEA to
provide updated contact information as it places a burden on the LLEA.
Two commenters suggested that this only be a requirement if a facility
is not served by a 911 system.
Response: The NRC agrees that it is not necessary to request
contact information or updated contact information. Most licensees in
the case of an actual threat would call 911 and not the contact.
Additionally, no contact would be available 24/7. The provision is not
included in the final rule.
Comment C37: Many commenters objected to the requirement that a
licensee request the LLEA to notify it of degraded capabilities as
unrealistic, unnecessary, unenforceable, and would probably violate
LLEA ``need-to-know'' procedures. Some commenters felt that the
requirement that the LLEA notify licensees of a degradation of their
response capabilities was clearly outside the purview of the regulating
agencies. Others noted that licensees have no authority over
nonlicensed entities such as LLEAs. Commenters felt that the LLEA is
better equipped to arrange for alternative response capabilities than
would the licensee and that this would be an inherent part of LLEA
organizational framework; some commenters asked what the direction was
if a licensee was notified of a degraded LLEA response capability.
Another commenter asked what the State was to do if notified that the
LLEA was not cooperating in providing the degraded capability
information. Commenters noted that it is inconceivable to believe that
the LLEA would notify a licensee that their response capabilities have
become degraded, not only because that would appear to be an open
invitation to the criminal sector, but also, if capabilities are
degraded, logically the LLEA would not have the capability to notify
licensees. Commenters asked what they would do with the information if
provided. One commenter suggested as an alternative that the licensee
request the LLEA to confirm that it has a contingency plan in case of
compromised response capabilities. Another commenter noted that it was
more important for the licensee to discuss this issue with the LLEA
during the coordination meetings. Another commenter noted that there is
not prescribed action for the licensee to take if notified and
questioned the purpose of the notification.
Response: The NRC agrees that many LLEAs may not want to provide
information on degraded capabilities. The provision is not included in
the final rule.
Comment C38: One commenter stated that the participation of
licensees and LLEAs in drills and exercises was an unfunded mandate and
should not be required. The commenter also questioned whether drills
and exercises contribute to the security of the sources or the public
health and safety. Two
[[Page 16976]]
commenters suggested removing this requirement as there is no
requirement to conduct such drills.
Response: The NRC agrees in part and disagrees in part. The
proposed rule did not require that drills and exercises be conducted.
The rule did contain a provision that required the licensee to ask
whether the LLEA would be willing to participate in drills and
exercises. As there is no requirement to conduct drills and exercises,
the NRC has removed this provision as suggested by the commenters. The
NRC does note that drills and exercises can contribute to the public
health and safety and the security of the material.
Comment C39: Several commenters felt that the requirement for a
licensee to notify the regulatory agency if an LLEA declines to
participate in coordination activities creates an unnecessary burden
for the regulatory agencies that will now be required to notify the
Department of Homeland Security or contact the LLEA directly to explain
the importance of cooperating. Some commenters suggested that if NRC
believes this is truly a critical issue, NRC should coordinate with the
Federal Department of Homeland Security's Nuclear Sector Government
Coordination Council to engage law enforcement from a broader
perspective. One commenter asked what actions the NRC would take when
notified and what the NRC would do if the NRC did not gain confidence
that the LLEA would respond in an actual emergency.
Response: The NRC disagrees with the comment. The NRC believes it
is vitally important for the licensee to coordinate with the LLEA, and
the agency wants to know if the LLEA won't participate. There were
instances during implementation of the orders where the NRC met with
the LLEA to explain the importance of LLEA cooperation with the
licensee. The State is not required to contact DHS or the LLEA if the
LLEA does not want to participate in coordination activities. DHS does
have training programs to educate LLEAs.
Comment C40: Two commenters objected to the requirement to
coordinate with the LLEA every 12 months, noting that it took several
months to set up a meeting for the coordination required by the orders.
The commenter felt that, as there had been no events requiring contact
with the LLEA and no changes to the security program, there was no need
to meet annually. The commenter noted that both parties have plenty of
work and are not just sitting around and focusing on this one agenda
item. The commenters asked whether the licensee would be cited if the
LLEA refused to meet on an annual basis.
Response: The NRC disagrees with the comment. The NRC believes that
it is important to maintain contact with the LLEA. Turnover at both the
LLEA and the licensee occurs over time and if contacts are not
maintained, the knowledge obtained during the initial coordination is
lost. The annual follow up does not need to be extensive. If the LLEA
refuses to participate, the licensee should document the attempt. The
licensee would not be cited as long as it had documented the
attempt(s).
Comment C41: One commenter noted that the requirement to document
coordination activities with the LLEA would now require regulatory
agency inspectors to visit LLEAs to determine licensee compliance,
resulting in longer inspection times and possibly creating a situation
that may be interpreted by the LLEA as intrusive.
Response: It is not clear why the commenter feels that an inspector
would be required to visit the LLEA to determine a licensee's
compliance with the rule's coordination requirements under Sec. 37.45.
The licensee is required to document the coordination activities, and
an inspector would be expected to review the documentation. An
inspector may choose to contact the LLEA to gain a greater
understanding of the nature of the coordination efforts. However, this
rule does not require that an inspector contact the LLEA to determine
licensee compliance with Sec. 37.45.
Comment C42: Two commenters noted that the goals and objectives for
coordination activities with LLEAs are admirable, but the commenters
stated that this is an area where the NRC should consider taking
concerted efforts to engage law enforcement communities to improve
situational awareness now, rather than waiting for feedback from
licensees regarding potential LLEAs refusing to cooperate. The
commenters suggested that the NRC consider an outreach campaign aimed
at direct communications with LLEAs to better understand their
perspectives regarding these issues. Another commenter suggested a
Federal outreach training program to LLEAs for radioactive materials
incident response. The commenter noted that DOT has an outreach program
for transportation incident response.
Response: During the security inspection process, the NRC
inspectors have been contacting the LLEAs to both ensure that licensees
have been coordinating and to improve the LLEAs understanding of the
importance of providing a timely response. At this time, the NRC is not
planning any additional outreach to LLEAs. However, the DOE has a
program to provide LLEAs with additional training for responding to the
attempted or actual theft of category 1 or category 2 quantities of
radioactive material. The Global Threat Reduction Initiative (GTRI)
program provides security personnel and local law enforcement with
tools (e.g. radios, repeaters, and personal detection devices) and
additional training to respond to a security incident. To ensure that
both onsite and offsite responders understand how to respond to
enhanced security system alarms, GTRI developed an alarm response
training course, which is held at the Y-12 National Security Complex in
Oak Ridge, Tennessee. This alarm response training also prepares
responders to protect themselves and the public when responding to
events involving radiological materials. The participants conduct
hands-on training in a realistic setting using actual protection
equipment and real radioactive sources. The courses include operational
exercise scenarios that build on classroom instruction and allow
response forces to exercise their own procedures during realistic alarm
scenarios.
Comment C43: One commenter noted that not all events that occur are
of a nature that an LLEA would have to be involved and questioned why
it should be mandatory that an LLEA respond to events that could be
handled by internal security.
Response: It is not mandatory that the LLEA respond to all events.
The licensee is suppose to assess the event and contact the LLEA only
if there has been an actual or attempted theft, diversion, or sabotage
attempt. The language has been clarified.
Comment C44: One commenter questioned how the failure of the LLEA
to coordinate fully with the licensee would impact the status of a
license. The commenter noted that licensees should not be held
accountable for noncooperation or lack of resources on the part of the
LLEA. The commenter stated that it should be under the purview of the
NRC or Agreement State to ensure that the LLEA works with the licensee
in the requested manner.
Response: Failure of the LLEA to coordinate does not affect the
status of the license, and licensees will not be held responsible if
the LLEAs do not coordinate. Under Sec. 37.45(b) and (c), licensees
are only required to document their coordination efforts and notify
their appropriate NRC regional office if the LLEA does not wish to
coordinate. The NRC will contact the LLEA to
[[Page 16977]]
explain the potential consequences of the theft of category 1 or
category 2 quantities of radioactive material and encourage the LLEA to
participate in coordination activities with the licensee.
Comment C45: One commenter requested that the NRC add a subsection
to clarify requirements for coordination by a licensee or permittee
under a master materials license that has an onsite LLEA that would
preclude unwarranted interpretations during a regulatory inspection
about the extent that coordination must be documented. The commenter
offered suggested language as follows: ``For a licensee or permittee
under a master materials license with an on-site LLEA, coordination
requirements in this subsection are considered to have been completed
if the security plan and implementing procedures establish methods for
LLEA response at the facility.'' Another commenter raised the issue of
unnecessary documentation of coordination activities when the LLEA is
part of the same organization that owns the radioactive material. The
commenter noted that the lack of documentation activities should be
seen as good news unless the LLEA refuses to respond to appropriate
requests for assistance. The commenter also notes that burdening the
police with detailed paperwork is an ``insult to their understanding of
the risks inherent to their mission.'' This commenter also suggested
adding a new subparagraph as follows: ``When the LLEA is part of the
organization that owns and controls the Category sources, the
documentation in Sec. 37.45(a)(2)'' {was (a)(1){time} ``is not
required provided all the elements of good willful coordination are
clear.''
Response: Even when the LLEA is on site, the licensee should
conduct coordination activities. The coordination would likely be
simplified but still needs to occur. The coordination activities to
meet the requirements of Sec. 37.45 need to be documented even if the
LLEA is part of the same organization. The licensee would not need to
document all interactions with the LLEA, only those necessary to meet
the requirements. Note that it is not the LLEA that is required to
document the coordination activities.
Comment C46: One licensee asked whether a written agreement with a
third party service that provides off-duty local law enforcement agents
on site at all times would be acceptable to demonstrate compliance with
the LLEA coordination requirement. The commenter stated that the agents
have full response and arrest capabilities while working at the
facility.
Response: If the third-party service provides individuals that meet
the definition of LLEA and the third-party service can provide a timely
armed response 24 hours per day, then the third party service providers
meet the requirement for LLEA coordination.
Comment C47: One commenter questioned what would be expected of the
State if the LLEA did not respond to an event?
Response: The expected response would depend on the circumstances
and would be up to the State. The NRC believes that it would be highly
unlikely that the LLEA would not respond to an actual or attempted
theft of radioactive material.
Comment C48: In the proposed rule, the NRC specifically invited
comment on the requirement to contact the LLEA for work at a temporary
jobsite. Commenters were requested to provide information on: (1)
Whether there is any benefit in requiring that the LLEA be notified of
work at a temporary jobsite; (2) whether notifications should be made
by licensees for work at every temporary jobsite or only those where
the licensee will be working for longer periods, such as the 7 day
timeframe proposed in the rule; (3) whether 7 days is the appropriate
threshold for notification of the LLEA or should there be a different
threshold; (4) whether licensees can easily identify the LLEA with
jurisdiction for temporary jobsites or whether this imposes an undue
burden; and (5) whether LLEAs are interested in receiving these
notifications. Eighteen commenters provided responses to the specific
questions on this subject.
Of those that provided responses to the questions on LLEA
notification at temporary jobsites, the majority indicated that there
was no benefit to notifying the LLEA of temporary jobsites. Only one
commenter indicated that there is some benefit for notification of work
using category 1 materials and one noting some benefit for a temporary
jobsite lasting longer than 30 days. Commenters indicated that
temporary jobsites are unpredictable in nature and therefore unlikely
to be a primary target. Commenters noted that in most cases the
licensee does not know 3 days in advance where work might occur and
that due to the nature of the job it is often not possible to determine
the length of the job in advance. Commenters noted that the
notifications may cause confusion for the LLEA and would likely be
intrusive. Commenters indicated that the emergency 911 system is
adequate in the case of a security event. One commenter noted that the
LLEA would also need to be notified when the job ended. One commenter
suggested that notifications go to a central location, such as the NRC
or Agreement State, and then the central organization could coordinate
with State and local police. The commenter indicated that this would
reduce the confusion and workload on both the licensees and the LLEA
and help to maintain a healthy working relationship and be more
effective. Some commenters noted that clarification would be needed to
address cumulative time where 7 days are not consecutive and to better
define the boundary of a temporary jobsite for jobs along pipelines.
Commenters indicated that it would be difficult to identify LLEA with
jurisdiction over temporary jobsites, noting issues with overlapping
jurisdictions, moving jobsites, offshore locations, etc. Commenters
stated that this would impose a huge burden without meaningful benefit.
Most commenters indicated that the LLEA would not be interested in
receiving temporary jobsite notifications. Commenters indicated that
LLEAs would respond in the case of an emergency whether there was an
advance notification or not. No LLEAs provided comments.
In addition to those commenters that provided responses to the
questions, 32 commenters provided comment on the issue of LLEA
notification for temporary jobsites. Most of the commenters objected to
the requirement to notify LLEA for work at temporary jobsites.
Commenters thought that the requirement was unrealistic and created an
unnecessary burden, both in personnel and operations. One licensee
noted that its company had over 5,000 jobs a year that would meet the
requirement and that in addition many jobs, that were to be less than 7
days, experience delays that are beyond the control of the company.
Commenters noted that the paperwork for the notifications will be time
consuming to produce and, if it is to be valuable, time consuming for
LLEAs to read and comprehend. Many noted that there is no practical
means to identify the appropriate LLEA, particularly in areas that the
licensee is not familiar with, and in some cases a temporary jobsite
might cover a very large area with several overlapping jurisdictions,
and it can be difficult to determine which agency is the first
responder. Commenters noted that many times licensees are notified of
the necessity of work on the same day the work is
[[Page 16978]]
required and don't know 3 days in advance, with one commenter noting
that only about 3 percent of its jobs are known 3 days in advance.
Commenters noted that these jobs often involve repair of critical oil
and gas infrastructure which could be delayed while attempting to
determine which LLEA has jurisdiction and coordinating with them,
creating significant cost to the industries with no benefit. One
commenter suggested that, if the provision was retained, it be modified
to require the notification be made within three business days
subsequent to beginning work as this would alleviate some of the
problems created by advance notifications.
Some commenters noted that the LLEAs do not want to receive these
notifications and would be unprepared to receive the notifications.
Some commenters thought that the contacts with the LLEA without
possible response from the LLEA may accomplish nothing but aggravation
and frustration for the LLEA. One commenter (a State) indicated that,
based on a survey of LLEAs, the LLEAs want to know about a temporary
jobsite, no matter how long the site will be used, so they can plan for
emergencies. The commenter indicated that the LLEA would like a
standardized form to be used by States that clearly indicates the high
priority of the information. Many commenters noted that the 911 system
is the best tool if there was an attempted theft and that responders
would quickly respond once they realized that radioactive material was
involved. Commenters noted that it is expected that the LLEA will
respond to a security event in fulfillment of their responsibility to
protect life and property and that in many jurisdictions LLEA resources
are somewhat limited. Commenters felt that the NRC lacked a true
understanding of the nature of the temporary jobsite work that is done
or the concept of using the 911 system when law enforcement is needed.
At least one commenter felt that the NRC was placing the licensee in a
position that would likely result in unintentional violations to the
rule. Commenters felt that due to the itinerant nature of temporary
jobsites and being constantly on the move, it would be very difficult
to plan a theft in the field setting. One commenter noted that
licensees are already required to negotiate and pay for reciprocity, as
well as inform the applicable State agency as to when and where
operations are planned and the duration of the project and that
expansion of this requirement to include local authorities was asking a
lot.
One commenter suggested an alternative of requiring daily contact
with the home office and noted that failure to contact would prompt an
investigation by the home office which would lead to LLEA notification
as appropriate. Commenters asked who will offer training to every
jurisdiction and who will subsidize those jurisdictions, current local
budgets being what they are.
Response: After reviewing the comments received on this issue, the
NRC has decided not to include the LLEA notification for work at
temporary jobsites in the final rule. While there is some limited
benefit in receiving the notifications, the benefit does not outweigh
the burden that the requirement would impose. Identification of the
appropriate LLEA would not be easy. The notifications could also cause
confusion among the LLEAs as to what they should do with the
information. In the event of a theft, the licensees will likely call
911, and the LLEA will respond as appropriate to the call. Also, as
pointed out by the commenters, companies often don't know where they
will be working in advance. Locations, particularly along pipelines,
shift consistently making it difficult to know who to contact.
Comment C49: One commenter suggested that instead of mandating the
licensees to take on this burden, the Commission's approach should be
to encourage licensees to offer LLEAs their expertise and offer some
form of training to the local departments. The commenter noted that the
Increased Control Orders require the licensees to establish their
presence with LLEAs as the facilities clearly are a much more
attractive target to an attack than the mobile fleets. The commenter
suggested that an adjustment in the rule encouraging a closer
relationship in this area would be more accepted by all parties
involved and would not overly impact said parties financially or on a
personnel basis. Creating a program that encourages and supports
licensees and LLEAs working together would or could create close
relationships that will have far more impacting and lasting results
than calls to the departments advising them of work that is proposed to
last more than 7 days.
Response: The NRC has not included the notification provision for
work at temporary jobsites in the final rule, and there are no
requirements for training affected LLEAs. See the response to comment
C48. The NRC recognizes the benefits to licensees of having a close
working relationship with the LLEA for the security of any jobsite,
permanent or temporary. Licensees are free to take whatever actions
they feel are appropriate to develop this type of working relationship.
Comment C50: One commenter noted that the temporary jobsite
notification could be via email and that email is generally unsecured
unless it is encrypted or sent as password protected attachments. The
commenter noted that the rule does not contain any restrictions as
outlined in Regulatory Issue Summary 2005-31.
Response: The provision for LLEA notification for temporary
jobsites is not included in the final rule. See the response to comment
C48.
Comment C51: Some commenters objected to the concept of a security
zone because they believe it is abstract, nebulous, and unworkable in
actual work environments of the types of licensees who must comply with
the regulation, and unnecessary and burdensome with no benefit.
Commenters felt that the concept would cause confusion. Commenters
stated that it would add an unneeded term and concept that would likely
lead to confusion and would add burden with little intrinsic benefit.
The commenters noted that the licensees' procedures that have been put
into place to meet the current orders create security and have been
verified through inspections and that no change is necessary. Two of
the commenters stated that the security zone concept was discussed
during the orders working group process and that the concept was not
incorporated in the orders. The two commenters indicated that this had
the appearance of an attempt to incorporate in rule a concept that did
not have consensus and was not incorporated after going through the
orders working group process. One commenter noted that the industrial
use of radioactive materials when used at its facility is essentially a
security zone because facility access is restricted due to ITAR
requirements. This commenter said it should be sufficiently secure to
set up restricted areas based on the radiation level and monitor the
material until it is secured in storage. One commenter noted that the
increased controls are in place, and it was not aware of any situations
that have occurred that now warrant the inclusion of a security zone
designation.
Response: While working groups for the orders may not have been
able to reach a consensus on an issue, this does not mean that the
working group for the rule was unable to reach consensus. The 10 CFR
part 37 rule working group had information available that was not
available to the orders working group.
[[Page 16979]]
The 10 CFR part 37 working group considered the orders, lessons
learned, implementation issues, inspection issues, recommendations from
other reviews, as well as the comments on the preliminary rule language
and proposed rule. The purpose of security zones is to isolate and
control access to category 1 and category 2 quantities of radioactive
material to protect them more effectively and deter theft or diversion.
A security zone effectively defines where the licensee will apply these
isolation and access control measures. It is thus a logical extension
of the requirement in the Increased Control Orders that licensees
``control access at all times to [category 1 and category 2]
radioactive material quantities * * * and limit access to such
radioactive material and devices to only approved individuals who
require access to perform their duties.''
Because the purpose of security zones is different from the
radiation safety purposes of the restricted areas and controlled areas
defined in 10 CFR part 20, the security zone does not have to be the
same as either of these areas. Because measures to control access are
required for both radiation protection and security, however, a
licensee does have the flexibility to use an area required for
radiation protection purposes to fulfill the required functions of a
security zone.
Comment C52: One commenter noted that the security zone concept
potentially has serious operational and financial repercussions and is
expensive overkill. The commenter noted that adding continuous barriers
could be extremely expensive and may introduce scattered radiation into
labs that have very specific operational requirements. The commenter
noted that isolating and controlling access does not appear to comply
with the requirements for the physical barriers and that locks, cables,
etc. would not isolate the same radioactive material in a security zone
as required. The commenter noted that individuals could frequent the
security zones but still be separated from the radioactive material due
to the lock but that the rule requires that only authorized individuals
have access to the security zones. The commenter stated that these two
concepts seem to conflict with each other and if the common physical
barrier concept is not acceptable, then many more licensees will fall
under these requirements due to the aggregation of radioactive
material. The commenter noted that it would cost over $200,000 to
develop continuous barriers and redo calibrations, procedures, etc., if
it can be done at all. The commenter suggested allowing the licensee to
propose measures to compensate for the lack of a continuous barrier
when that barrier would obstruct the use of the radioactive material
for its intended purpose and when there is no available alternative.
Response: A continuous barrier is not the only method that a
licensee can use to meet the requirement. Direct observation is also
allowed, as is a combination of barrier and direct observation. A
continuous barrier does not have to be expensive; it can be a metal
cage or walls. The commenter seems to believe that unauthorized
individuals cannot be in a security zone. This was not the intent of
the rule. Unauthorized individuals can have access to the security zone
as long as they are escorted by an approved individual. The rule
language has been clarified, and additional information has been added
to the implementation guidance. The licensee can establish the
boundaries of the security zone as appropriate for a particular
facility; the rule does not dictate where the security zone is located.
In most cases, whatever a licensee used to meet the orders will also
meet the 10 CFR part 37 requirements. The Increased Control Orders did
not use the term ``security zones'' but the concept was a factor.
Comment C53: One commenter expressed concern with the security zone
concept at temporary jobsites. The commenter noted that implementation
would require additional personnel and expense, and the security zone
will require areas that will be larger than the radiation areas.
Another commenter noted that the concept could cause confusion in
certain types of jobsites where aggregation of multiple low level
sources would constitute a security zone. The commenter provided the
example of petrochemical plants that use low level sources to monitor
product levels, noting that aggregation of these sources will
constitute a security zone which would require direct control by
approved individuals at all times and\or intrusion detection systems
and physical barriers. The commenter felt that this could mean that the
entire plant would be a security zone, and only trustworthy and
reliable employees could enter.
Response: The NRC disagrees with the comment. It is not clear why
the security zone concept would result in additional personnel and
expense, or why it will require security zones larger than the
radiation areas at either temporary or permanent jobsites. A security
zone effectively defines where the licensee will apply the isolation
and access control measures required under the Increased Control
Orders. The NRC is unaware of any operating conditions that would
require more space for compliance with any of the additional measures
required by this rule. The licensee establishes the security zone, and
because measures to control access are required for both radiation
protection and security, a licensee has the flexibility to use an area
required for radiation protection purposes to fulfill the required
functions of a security zone. The NRC is unaware of any petrochemical
or other industrial plants that have designated the entire plant as a
radiation safety area for their radiography or other sources, and the
NRC sees no reason why such licensees or licensed service providers
would need to designate the entire plant a security zone for the
purposes of this rule. A licensee could of course choose to do so.
Because the concept of aggregation is no different from the concept
of aggregation and co-location under the orders, it is not clear why
the application of security zone requirements would result in confusion
at jobsites where multiple low-level radiation sources are aggregated.
Comment C54: Several commenters requested clarification on what
constitutes a physical barrier and recommended that physical barrier be
either defined or guidance provided. Another commenter suggested
changing the term to physical security barrier to avoid confusion with
the definition of physical barrier in 10 CFR part 73. One commenter
suggested the physical barrier is where the security zone has been
established.
Response: The NRC has revised Sec. 37.47(c)(1) to provide
additional clarity. This provision now notes that a physical barrier is
``a natural or man-made structure or formation sufficient for the
isolation of the category 1 or category 2 quantities of radioactive
material within a security zone.'' Additional information has also been
added to the implementation guidance.
Comment C55: One commenter asked how many security zones needed to
be designated and noted that the rule is unclear for those licensees
within fixed facilities.
Response: The licensee is responsible for establishing security
zones. The number of security zones established by a licensee is
dependent on the needs of the licensee. A licensee may have only one
security zone or may have several.
Comment C56: One commenter recommended including a provision in
Sec. 37.47 that exempts the security zone requirements for category 1
or category 2 quantities of material stored in casks
[[Page 16980]]
or packages that require specialized equipment to move, open, or
access, if the equipment needed to access the material is unavailable.
One commenter noted that the continuous monitoring of security zones
and detection capability is a significant additional cost without any
benefit for category 1 and category 2 materials that may be stored at a
nuclear facility in a concrete mausoleum or within individual concrete
vaults that require heavy equipment, such as a crane, to access. One
commenter stated that clear criteria for applicability would be needed
to implement security zones. The commenter offered the example of
multiple high integrity containers with lids weighing 10 tons, each
inside a shield, stored inside a fenced common area which contains, in
the aggregate, a category 1 or category 2 quantity of radioactive
material and no crane in the area to lift the shield container lid. The
commenter stated that establishing a security zone for the common
storage area is required and that this is excessive.
Response: A licensee can always request an exemption for material
or items that it believes should be exempt from all or some of the 10
CFR part 37 requirements. Exemptions are handled on a case-by-case
basis. Some of the material addressed by this comment is covered by the
partial exemption in Sec. 37.11(c). See also response to comment A20.
Comment C57: One commenter noted that large manufacturing and
distribution facilities will have several security zones with
significant quantities of category 2 sources in storage and that it
would be impossible to perform an effective physical check on a weekly
basis. The commenter also noted that a weekly check is not consistent
with the ALARA principle. The commenter noted that putting tamper
indicators on each source/device would be cost prohibitive and require
a significant amount of time and personnel dose to install, monitor,
and subsequently remove. The commenter noted that sources are
constantly transferred from one container to another in the course of
manufacturing, storage, and preparing for shipment and receiving. The
commenter requested clarification as what ``other means'' would cover
and/or be acceptable in Sec. 37.49(a)(3)(ii). The commenter noted that
under the orders it has a method approved by the Regulatory Authority
to ensure that the category 2 radioactive material is present and that
the process is considered SGI-M information. The commenter wanted to
know how such pre-existing compliance agreements would be handled under
the rule. The commenter also requested clarification on the situation
where there are individual sources that are each less than category 2
but when they are collocated/aggregated the total quantity exceeds
category 2, whether the individual sources need to have this physical
check performed. The commenter noted that depending on the answer, the
quantity of sources affected at a large facility could be more than a
thousand and that this would affect many smaller facilities including
medical institutions, universities, and gauging. The commenter noted
that the requirement has significant implication and needs to be
carefully considered to avoid unintended adverse consequences.
Response: The licensee is not required to conduct a weekly physical
inventory of the category 2 quantities of radioactive material; other
methods can be used. The other means allowed by the rule are intended
to provide the licensee with the flexibility to use the method that
works best for its facility. A licensee could use methods to detect
removal of the material from the security zone. If a licensee is
currently using an agreed on method, the method should continue to meet
the intent of the requirement. Any of the methods deployed for category
1 materials could also be used for category 2 materials. Additional
information is available in the implementation guidance.
Comment C58: One commenter requested clarification on where an NRC
security zone at a licensee site and a DOT security zone for transport
take effect for shipments leaving a facility. One commenter noted that
the NRC should clarify at what point the shipment is under DOT rules
and not under 10 CFR part 37. The commenter asked if this occurs once a
shipment of category 1 or category 2 radioactive material is prepared
(DOT paperwork in possession of the driver) but still on a licensee's
site. The commenter noted that a temporary security zone cannot
accompany the shipment until it physically exits the licensee's
property or jobsite.
Response: It is the licensee's responsibility to implement the
requirements of 10 CFR part 37 throughout the shipment regardless of
the location.
Comment C59: One commenter noted that Sec. 37.47(d) is not clear
whether the regulation requires a physical presence for maintaining
continuous surveillance, or whether the continuous surveillance may be
by remote monitoring. The commenter also noted that the wording implies
that the licensee must provide an approved individual and questioned
whether the service provider approved under Sec. 37.29(m) is permitted
to provide the continuous surveillance while working.
Response: The continuous surveillance may be by remote monitoring.
If a service provider has been approved for unescorted access, then the
individual can provide the surveillance. It is noted that if that
individual is conducting work of some sort, it may be difficult for
that individual to also maintain continuous surveillance.
Comment C60: One commenter noted that Sec. 37.47(d) requires
additional measures for security zones for category 1 radioactive
material during maintenance, source receipt, etc. when security zones
are compromised and that permanent security zones are required in Sec.
37.47(c) for both category 1 and 2 radioactive material. The commenter
questioned why the additional measures are required only for category 1
radioactive material if the security zones are compromised during
certain times. The commenter noted that it appears that the isolation
requirements for radiation protection under restricted, radiation, high
radiation and very high radiation areas provide the same or better
levels of security than those described (i.e., continuous physical
barriers that allow access to the security zone only through
established access control points; or licensees could exercise direct
control of the security zone by approved individuals at all times). The
commenter noted that you do not need to have duplicate regulations that
apply to category 1 and category 2 quantities of radioactive material.
Response: The additional measures are only required for the
category 1 material because these materials are considered higher risk
than the category 2 materials. A security zone can be the same as the
area used for radiation protection if it meets the requirements of part
37. The measures in part 37 are intended to prevent/detect theft of the
material and not to protect an individual from radiation exposure.
Comment C61: One commenter noted that Sec. 37.47(d) indicates that
during those identified periods an approved individual must be provided
to maintain continuous surveillance of the sources. The commenter noted
that ``approved individual'' is not defined. The commenter also noted
that depending on the design of the facility, multiple approved
individuals may be necessary to adequately monitor activities
throughout a site, which does
[[Page 16981]]
not appear to be clearly required by the rule.
Response: The NRC agrees with the comment and has revised the rule
to clarify that an approved individual is someone approved for
unescorted access and to reflect that more than one individual may be
necessary.
Comment C62: One commenter recommend deleting the phrase ``without
delay'' from Sec. 37.49(a)(1) as the phrase is unrealistic during
normal business hours. The commenter noted that unauthorized access
whether actual or attempted would only be detected ``without delay'' if
individuals were in the vicinity and could witness the access or
attempt to access. One commenter stated that the monitoring, detection
and assessment requirements in Sec. 37.49 are unduly onerous. The
commenter indicated that the requirement to maintain the capability to
detect without delay attempted unauthorized entry into the security
zone should be eliminated or defined in a more concrete manner for the
sake of clarity in enforcement. One commenter asked how much time is
allowed for response when an unauthorized entry into the security zone
is discovered. The commenter also asked for clarification on the
meaning of without delay. One commenter requested clarification on what
is meant by detect without delay all unauthorized entries into a
security zone. The commenter asked if the licensee was to respond
immediately and also asked how this could be accomplished when using an
alarm monitoring service. The commenter recommended removing ``without
delay'' from Sec. 37.49(a)(1). The commenter stated that ``without
delay'' is unrealistic during normal business hours as a business'
security system will not be set to alarm. The commenter noted that
areas that may contain category 1 or category 2 quantities may be
locked and unoccupied but not monitored. The commenter noted that
unauthorized access whether actual or attempted would only be detected
``without delay'' if individuals were in the vicinity and could witness
the access or attempt to access.
Response: The NRC disagrees with the comment. The NRC notes that
the orders contain a similar provision to immediately detect, assess,
and respond to unauthorized access. ``Without delay'' means promptly or
immediately. The purpose of security provisions is to quickly detect
and respond to any potential theft of the material. The NRC further
notes that, if a licensee is merely locking the material in a room and
not implementing any other security provisions, they would not be in
compliance with the orders or the rule. No change has been made to the
rule.
Comment C63: One commenter noted that the intent of Sec.
37.49(a)(1), in the event of a power failure or tampering that affects
the monitoring and detection system, should be to provide (1) a
reliable power back up or (2) prompt notification of the power failure/
tampering such that the licensee will take immediate corrective action
to restore the power and provide for alternate monitoring and detection
that meets the requirements of the part until the system is repaired.
One commenter asked what the NRC's expectations were for implementation
of the security requirements in an emergency, including the expectation
as to how long backup systems were required to operate. The commenter
asked how a licensee is supposed to implement these requirements when
there are no provisions for individuals to even reenter a disaster
area.
Response: The backup power for the monitoring and detection system
needs to be available until power is restored or other measures need to
be used such as direct surveillance. Disaster situations such as
flooding or earthquakes that prevent entry to the facility would be
addressed on a case-by-case basis.
Comment C64: One commenter stated that Sec. 37.49(a)(2)(ii) should
contain a more accurate description such as ``* * * alert personnel
within audible range of the alarm.'' Another commenter noted that
``nearby'' needed to be clarified as NNSA representatives recommended
only silent alarms in the area immediately surrounding category 2
sources.
Response: The NRC believes that the language is appropriate and has
not revised the rule. Additional information is provided in the
implementation guidance document.
Comment C65: Two commenters recommended adding a 4th method to
Sec. 37.49(a)(3)(i) to allow security zone intrusion detection alarms.
The commenter explained that when the intrusion detection system is
monitoring the security zone, an attempt to gain unauthorized access
into the security zone results in an alarm that is equated to an
attempt to remove or sabotage the material. The commenter noted that
during normal business hours when an intrusion detection alarm to a
security zone is disabled the licensee prevents unauthorized access
into security zones with locks, physical barriers, and surveillance or
some combination of each. The commenter stated that it is during these
periods that a tamper-indicating alarm or radiation detection alarm or
video surveillance could alert the licensee of an unauthorized attempt
to remove radioactive material from the security zone. The commenter
stated that, if the method is not added, revision is needed in the
implementation guide that allows the licensee to rely on its main site
wide intrusion detection system when the intrusion detection system is
activated, the facility is not occupied by the licensee, AND the
intrusion detection system can detect access to the security zone.
Response: The NRC disagrees with the comment that a 4th method
needs to be added to the rule. Although this is not the preferred
method, the situation described in the comment is not prohibited under
the rule. Additional information has been added to the implementation
guidance.
Comment C66: One commenter asked whether a tamper device was
sufficient to verify the presence of material or would a weekly check
still be necessary. One commenter noted that a weekly verification
should only be performed for sources/devices that do not have tamper-
indicating devices. Another commenter stated that the weekly check was
too prescriptive and asked about the basis for the timeframe. Another
commenter stated that a weekly check was not adequate. The commenter
noted that the orders require the licensee to respond immediately to
any actual or attempted theft, sabotage, or diversion and that a weekly
check would allow the material to be missing for up to a week before it
is discovered. The commenter suggested that Sec. 37.49(a)(3)(ii) be
revised to read: ``For category 2 quantities of radioactive material,
the licensee must maintain control of licensed material, secure it from
unauthorized removal or access, and without delay, detect and recover
all stolen, missing or lost licensed material.'' One commenter stated
that verification of the radioactive material may not be appropriate
for sources housed in devices. The commenter suggested requiring
verification ``to ensure that the source/device is present'' and
suggested that this verification could be made by means of a camera in
the room housing the device/source.
Response: Category 2 quantities of radioactive material are
considered risk-significant and if not in use, the material needs to be
checked to make sure it is still present. Contrary to the comment, the
rule is not prescriptive. The rule does not require that a licensee
conduct a physical check. The rule allows the licensee to pick a method
that best fits its needs; a physical check is one of the methods that
could be used. There are
[[Page 16982]]
many other methods that could be used to conduct the verification.
Tamper indicating devices are considered adequate to meet the
requirement. The licensee can also use methods to detect removal of the
material.
Comment C67: One commenter suggested deleting the weekly
verification for category 2 quantities in Sec. 37.49(a)(3)(ii) and
include the category 2 material in the category 1 material requirement
for continuous surveillance. The commenter noted that the provision
implies that it may be acceptable for a missing category 2 quantity of
material to go undetected for up to a week when this is clearly not the
case.
Response: Category 1 quantities of radioactive material are
considered higher risk than category 2 quantities of radioactive
material. Therefore, there are more requirements on the category 1
material. The commenter is correct, however, that the NRC does not mean
to imply that it is acceptable for missing category 2 materials to go
undetected for a week. A weekly verification is just one of several
acceptable methods to make sure that unauthorized removal of the
material has not occurred. Each licensee must determine its own
compliance strategy to meet the security requirements of this rule, but
the rule provides significant latitude for each licensee to comply in a
way that optimizes its individual operating requirements.
Comment C68: Two commenters stated that the monitoring and
detection requirements of the security program need to be more
prescriptive, with a minimum requirement for electronic sensors and a
detection system linked to an onsite or offsite monitoring facility.
The commenters did not believe that allowing monitoring and detection
to be performed only by visual inspection or direct visual surveillance
was adequate. The commenters noted that the concepts of detection,
delay, and deterrence are best implemented through multiple tiers of
security. The commenters stated that in the scenario of armed
terrorists with explosives attacking a facility, reliance on
individuals to be the sentinels would allow the security program to be
defeated rather easily.
Response: While the NRC agrees that defense in depth is always a
good practice, the NRC believes that allowing direct visual
surveillance is appropriate. The NRC attempts to balance the burden of
imposing additional requirements against the risk of the material and
the added protection a measure provides.
Comment C69: One commenter stated that the requirement to have a
means to detect unauthorized removal of the radioactive material from
the security zone was unnecessary and would create a huge burden to
establish. The commenter also noted that the requirement does not even
account for the fact that the alarm has to be monitored or by whom.
Response: The purpose of the security program is to detect and
prevent unauthorized removal of the category 1 and category 2
quantities of radioactive material. The provision in question does not
require an alarm. If alarms are used, the licensee has flexibility in
determining who conducts the monitoring and who responds.
Comment C70: One commenter asked what the NRC's expectation was for
implementation of the requirement to immediately detect any attempted
unauthorized removal through the use of electronic sensors linked to an
alarm. The commenter wanted to know if the electronic sensors are to be
mounted to the actual source, hot cell, or storage area. The commenter
noted that there are numerous ways to shield radioactive material,
therefore, the method has to be able to detect an unauthorized removal
of a shielded container, and using a building or area alarm is
specifically not allowed.
Response: The NRC assumes the commenter is referring to the
requirements in Sec. 37.49(a)(3). This requirement is in addition to
the requirements in Sec. Sec. 37.49(a)(1) and 37.49(a)(2). Licensees
must be able to detect the unauthorized removal of a category 1 source.
Licensees can choose any method to detect unauthorized removal. Some
methods that the licensee may use to meet this requirement include, but
are not limited to, the following:
Alarming electronic tamper-indicating device;
Alarming radiation detector; or
Visual surveillance by an approved individual.
If a licensee uses electronic tamper-indicating alarms, the alarm
should be capable of alarming either when an attempt is made to remove
a category 1 quantity of radioactive material from a device, or when an
attempt is made to remove the device itself. The tamper-indicating
alarms should be armed at all times, except during periods of
maintenance.
Comment C71: One commenter stated that it is an unreal expectation
that licensees can assess an attempted unauthorized entry and that the
requirement should be removed as there is no resulting gain in
security. The commenter noted that this increases the surveillance
burden on licensees to monitor not just access but attempted access. As
an example the commenter noted the situation where someone walking by
tries to open the door and the licensee would be required to be able to
detect that and assess. For the same reasons, the commenter stated that
the requirement to respond to attempted unauthorized access should also
be removed. Another commenter felt that the requirement was too broad.
This commenter also noted the situation where someone (including an
inspector) tries a locked doorknob of a secured area. The commenter
noted that there is no point in responding to this sort of challenge to
the system as long as the door remains locked as there is no security
benefit gained by responding to this type of situation. The commenter
stated that to prevent and reduce unnecessary responses to this sort of
trivial challenge, a continuous watchman would be needed or a locked
door outside the security zone to prevent access to the boundary of the
security zone to keep individuals away from the security zone. The
commenter suggested the following change to the rule text: ``The
licensee shall immediately respond to any action that breaches the
perimeter of the Security Zone.'' One commenter noted that Sec.
37.49(d) requires the licensee to immediately respond to any actual or
attempted unauthorized access in addition to requesting an armed LLEA
response. The commenter noted that presumably this means the alarm
service will notify the LLEA on behalf of the licensee as requiring the
licensee to physically respond could put them in harm's way should the
intruder be armed. The commenter also asked what other actions the
licensee should take (i.e., do surveys, inventory material, etc.).
Response: The NRC disagrees with the comment. The NRC believes that
it is important to assess the attempts to gain unauthorized entry. An
individual could test the system before an actual break-in to steal the
material.
Comment C72: One commenter pointed out that the NRC supported and
recommended that licensee's volunteer to participate in the NNSA GTRI
program. The commenter noted that the rule does not acknowledge or
differentiate its requirements for fixed facilities which have
completed or are in the process of completing participation in the GTRI
and that the NRC should acknowledge the differences between facilities
that merely meet the NRC requirements and those that have the robust
security provided by the GTRI. The commenter stated that licensees will
be unable to
[[Page 16983]]
meet specific requirements prescribed in proposed part 37.
Response: The NRC does support the GTRI program that provides
security upgrades to licensee facilities. However, all licensees are
required to meet all of the requirements of 10 CFR part 37 regardless
of participation in the GTRI program. Licensees that participate in the
GTRI program may take credit for those upgrades that meet the 10 CFR
part 37 requirements.
Comment C73: One commenter asked how long the continuous (primary
or alternative) communication capability must continue to be operable.
The commenter asked what arrangements need to be made to maintain the
capability in any emergency. The commenter noted that there is no
practicable means to implement this requirement as no communications
systems work reliably for many hours or days, particularly if there is
no power available, nor personnel allowed in the area to start a
generator.
Response: During most emergencies, the licensee would be expected
to maintain operability of either the primary or alternative system
throughout the emergency. Disaster situations such as flooding or
earthquakes that prevent entry to the facility would be addressed on a
case-by-case basis.
Comment C74: One commenter noted that guidance on allowable dose
limits should be added to Sec. 37.49(d) for LLEA first responders. The
commenter noted that most licensees are probably following the EPA's
Protective Action Guidance of 25 rem whole body dose for life-saving
actions and protection of large populations and that it would be
helpful to have guidance on what to plan for, as part of LLEA training.
Response: The NRC disagrees with the comment and notes that
guidance does not belong in the regulations. First responders are
subject to the dose restrictions in State or Federal occupational
safety regulations.
Comment C75: Several commenters suggested revising the frequency of
the testing, maintenance, and calibration requirement. One commenter
questioned the technical basis to require operability and performance
testing of intrusion alarms and communication systems every 3 months
and asked if the frequency was supported by industry data or a
probabilistic risk analysis from the nuclear power industry. Another
commenter stated that the test frequency for a device should have a
relationship to the device's known failure rate. Another commenter
stated that the requirement was extremely vague, questioned what
standard things are to be tested and calibrated, what performance
standard should be used, and noted that the timeframe was arbitrary.
The commenter suggested that annual testing would be more consistent
with other requirements. One commenter suggested every quarter at
intervals not to exceed 5 months. The same commenter also suggested
adding ``Equipment without a known failure mechanism shall be tested
after initial installation and at a frequency not to exceed 10 years.''
One commenter suggested a monthly frequency, another suggested an
annual frequency. One commenter stated that testing should be more
frequent than quarterly but did not specify a timeframe. One commenter
suggested testing every 6 months and noted that testing required 40
man-hours to complete. One commenter stated that any testing should
include verification of the notification process to the responding
individuals, including the LLEA, on at least an annual basis. One
commenter recommended an annual requirement to exercise the assessment
and response portions of the physical protection systems including an
invitation to the LLEA to participate if reasonable to do so. One
commenter stated that an annual requirement should be included that
exercises the assessment and response portions of the physical
protection systems.
Response: The NRC reevaluated the testing frequency. The
requirement has been changed to allow the licensee to conduct the
maintenance and testing at the manufacturer's suggested frequency. The
manufacturer's suggested frequency would presumably account for known
failure rates. If the manufacturer does not suggest a frequency, the
testing must not exceed 1 year.
The NRC agrees that exercising the response portion of the security
plan is a good practice, and we encourage licensees to exercise their
plans with the LLEA. However, requiring licensees to exercise their
response plans may be too burdensome for small licensees with less
complex security plans.
Comment C76: One commenter stated that the rule and guidance should
allow licensees to limit testing of alarms, associated communication
systems, and other physical components of the security system to those
alarms, systems, and components necessary to meet the requirements. The
commenter pointed out that testing all alarms, systems, and components
quarterly is a long-term financial burden and could result in licensees
removing all unnecessary alarms, systems, and components. The commenter
noted that requiring only testing of necessary equipment leaves the
requirement open for interpretation but that performance-based
regulations should allow for a risk-based analysis. The commenter
stated that testing of all alarms places an unnecessary burden on
licensees and will encourage licensees to minimize the number of alarm
points in a system which is counter to the intent of this regulation.
Testing of necessary alarms will show that the system is functioning
appropriately. Another commenter noted that some devices may require
partial disassembly of the equipment for testing and that repeated
disassembly and reassembly for testing purposes could lead to premature
failure or wear on components. The commenter suggested that internally
installed detection devices be allowed to be tested on an annual basis,
which could coincide with an annual preventive maintenance of the
equipment. One commenter noted that the rule needs to be modified to
indicate what testing is required. One commenter requested that the
following be addressed in the discussion when the final rule is
published. If an alarm system/device is removed/de-energized from
service because the ``individual with overall responsibility for the
security program'' deemed the device unnecessary, obviously there are
no testing/maintenance requirements; however, if the device is deemed
unnecessary, but remains energized, must testing/maintenance be
performed and documented?
Response: The NRC agrees with the comment. The licensee is only
required to maintain and test those components that it relies on to
meet the security requirements of 10 CFR part 37. See also the response
to C75.
Comment C77: Three commenters recommended removing the requirement
for calibration from Sec. 37.51. One commenter noted that there are
procedures to test and maintain these systems, but the term calibration
seems out of place. Another commenter questioned how you calibrate an
intrusion detection system. Several commenters requested clarification
on what is expected beyond maintenance and testing. One commenter
suggested changing calibration to appropriate operational checks. The
commenter noted that true calibration of radiation monitors would
expose staff to unnecessary radiation dose.
Response: The NRC agrees with the comment and has removed the
calibration requirement. Testing the operability of a system is
sufficient to ensure that the equipment is operational and able to
serve its function. Some of the equipment, such as meters, relied on
for safety may be calibrated, but some
[[Page 16984]]
equipment would not be calibrated as the term is typically considered.
Comment C78: One commenter stated that it was not clear what is
expected for compliance for the maintenance, testing, and calibration
requirement. Another commenter asked what was considered acceptable
maintenance, testing, and calibration.
Response: The licensee must ensure that the intrusion detection
system (IDS) is operational and capable of performing its required
function. To maintain functionality, licensees must periodically test
the IDS and perform maintenance on malfunctioning components. The
testing program is considered acceptable if the IDS operates in a
manner consistent with the licensees' physical security plan. Licensees
will be required to test the entire IDS or components of the IDS at the
frequency specified by the manufacturer or at least annually. The
licensee may choose to test the entire IDS or components of the IDS
throughout the 12 months.
Comment C79: In the proposed rule, the NRC specifically requested
comment on whether an exemption for disabling vehicles should be
provided in certain hazardous situations. Commenters were requested to
provide information on: (1) Whether relief from the vehicle disabling
provisions should be provided; (2) any problems experienced in
implementing this aspect of the Increased Controls; (3) whether there
should be an exemption written into the regulations or should licensees
with overriding safety concerns be required to request an exemption
from the regulations to obtain relief from the provision; (4) whether
any exemption should be a blanket exemption or a specific exemption for
the oil and gas industry; and (5) whether the disabling provision
conflicts with any Occupational Safety and Health Administration (OSHA)
requirements or any State requirements. Fourteen commenters provided
responses to the specific questions on this subject.
Of those that provided responses to the questions on the exemption
for disabling vehicles when a mobile source is in or on the vehicle,
the majority supported providing some sort of relief from the vehicle
disabling provisions where there is a potential threat due to the work
environment, such as a refinery or oil field. Only one commenter
opposed providing relief. A couple of commenters did indicate that they
had had problems in implementing the vehicle disabling requirement
under the Increased Controls, some commenters noted that the provision
was in opposition to the facility safety rules. A couple of commenters
noted that the requirement was in conflict with OSHA and/or State
requirements. On the question of whether an exemption should be written
into the regulations or handled on a case-by-case basis, the commenters
were split, but a slight majority favored writing the exemption into
the regulations. Those supporting the exemption being written into the
regulations noted that providing an exemption on a case-by-case basis
creates a burden on the licensee to prepare the request and on the
regulatory agency to review the request. One of the commenters
supporting the regulatory exemption still felt that the licensee should
provide adequate justification for claiming the exemption. Those not
supporting the regulatory exemption felt that the case-by-case review
would allow the regulator to review whether the exemption was actually
warranted. Two of the commenters stated that the requirement should be
removed as the requirement to remove the ignition key is not warranted
and unnecessary. On the question of whether an exemption should be
specific for the oil and gas industry or be broader, most commenters
supported a blanket or broader exemption. One commenter suggested a
blanket exemption for all category 2 sources. On the question of
whether the disabling provision was in conflict with OSHA or any State
requirements, three commenters indicated a possible conflict but did
not provide any specifics.
In addition to those that responded to the specific questions, five
commenters provided comments on this topic. One commenter noted that
the requirement for disabling mobile sources presents safety concerns
within a refinery or petrochemical plant. The commenter noted that
individuals must be able to quickly evacuate the site in the event of
an emergency and that unoccupied vehicles must be able to be moved by
other evacuees or emergency responders. The commenter noted that
requiring a secondary securing device other than the key from a vehicle
prevents the easy movement of the vehicle and compromises safety in the
event of an emergency. One commenter indicated that relief should be
provided on an as-needed basis. Another commenter noted that there is a
possibility that an individual using a mobile device needs to evacuate
an area quickly and that using a disabling device could jeopardize the
health and safety of the individual. The commenter suggested the
following language: ``For devices in or on a vehicle or trailer, the
licensee shall secure the vehicle or trailer containing the device from
theft when not under the direct control of the licensee. This may be
accomplished by removing the ignition key and arming a vehicle alarm
system, or through the use of disabling device or by the removal of
component that would result in the inability to operate the vehicle or
trailer.'' One commenter stated that further guidance was necessary on
what was meant by disable and that the commenter assumed that the
disabling was temporary. One commenter indicated that any exemption
should be broader than just for the oil and gas industry. One commenter
recommend revising Sec. 37.53(b) to allow credit for removing the key
from the ignition and maintaining the key with the individual. The
commenter noted that a disabling device could add additional risks to
the worker; for instance, if the device fails, the individual may
become stranded, or it may slow emergency egress.
Response: After consideration of the comments on this issue, the
NRC has decided that an exemption should be added to the regulations
instead of doing reviews on a case-by-case basis. Requiring licensees
to submit an application for an exemption that would in most cases be
approved imposes unnecessary burden on both the licensee and the agency
staff. The NRC has also decided that the exemption should be broader
than for just the oil and gas industry as there are other situations
where a similar health and safety issue may arise. The NRC has revised
Sec. 37.53(b) to provide flexibility for situations where the health
and safety requirements for a site prohibit the disabling of the
vehicle.
Comment C80: One commenter indicated that the terms ``mobile'' and
``portable devices'' are used differently in 10 CFR part 37 than
elsewhere in the regulations. The commenter stated that the NRC should
change the terminology or the requirements be changed to be applicable
to already defined mobile and portable devices.
Response: The NRC disagrees with the interpretation that the terms
``mobile'' and ``portable devices'' are used differently in 10 CFR part
37 than elsewhere in the regulations. The usage of the terms in 10 CFR
part 37 is in agreement with previously issued NRC guidance.
Specifically, the Increased Controls Question and Answer 159,
provides guidance for definitions for ``portable'' and ``mobile'' as
provided by the American National Standard for Gamma Radiography.
Comment C81: A few commenters suggested a change to the timing of
the program reviews. Commenters
[[Page 16985]]
suggested an annual frequency not to exceed 14 months between the dates
of the reviews, a timeframe of 15 months, a timeframe of 8 to 15
months, and language similar to Sec. 20.1101 of periodically (at least
annually). The commenters noted that this would provide some
flexibility to allow for circumstances beyond the control of the
workforce. One commenter noted that the program review could be
eliminated and included under Sec. 20.1101(c). One commenter stated
that the review should include a requirement for the licensee to
summarize those occasions where an unauthorized access resulted in
activation of the monitoring and detection systems, but the licensee's
assessment showed no actual or attempted theft or diversion of
radioactive material as such alarms could be indicative of a `probe' to
test or evaluate a licensee's response by a potential intruder.
Response: The NRC agrees with the comment and has revised the
language for the program review to be consistent with Sec. 20.1101.
The use of consistent terminology between the safety and security
programs should enhance the licensee's understanding of the
requirement. The NRC does not believe that it is necessary to add
additional detail on what must be included in the program review.
Comment C82: One commenter noted that Sec. 37.55 introduces the
term ``radioactive material security program'' which should be
clarified and consistently used in the regulations.
Response: The concept of the security program is introduced in
Sec. 37.41. The NRC believes that the term has been used consistently
in the regulations and that the concept is clear. The implementation
guidance contains information on the security program.
Comment C83: One commenter requested clarification on what
radioactive materials should be included in the security program
review.
Response: Part 37 only applies to category 1 and category 2
quantities of radioactive material. The security program review would
only address the security of the category 1 and category 2 quantities
of radioactive material.
Comment C84: One commenter indicated that the LLEA required it to
file Non-Residential Burglary Alarm Registrations for each room in
which an irradiator is housed (and to which they are expected to
respond in the event of an alarm). The commenter noted that the LLEA
has indicated that an LLEA response is deemed false if no evidence of
criminal activity is found, in which case a ``False Alarm Notice'' will
be served, including penalties escalating up to $4000 for requested
LLEA responses that are judged to be false. The commenter noted that
this places the licensee in a very bad position to attempt compliance
with this regulation and risk fines from the LLEA. The commenter noted
that there does not need to be evidence of criminal activity for the
licensee to perceive a threat to its facility, and appropriately
request LLEA response. The commenter requested that NRC conduct
outreach to the LLEA community with the intent of clarifying NRC's
expectations on this topic.
Response: Section 37.57 states that the licensee shall immediately
notify the LLEA after determining that an unauthorized entry was an
actual or attempted theft, sabotage, or diversion of a category 1 or
category 2 quantity of radioactive material. The NRC believes that such
an unauthorized entry would likely constitute criminal activity.
Furthermore, suspicious activity related to possible theft, sabotage,
or diversion of category 1 or category 2 quantities of radioactive
material would also constitute suspicion of criminal activity. When
coordinating with the LLEA, the licensee must explain that it will
request a timely armed response to any actual or attempted theft,
sabotage, or diversion of category 1 or category 2 quantities of
material.
Comment C85: One commenter requested that Sec. Sec. 37.41 and
37.49 be revised to reflect that a licensee is restricted in detection
and assessment by available technology and resources.
Response: The NRC does not believe the change is necessary. The
requirements do not specify a technology, and the licensee can change
the method used to meet the requirements whenever it wants, as long as
the plan is updated and training conducted on the revised plan.
Comment C86: One commenter expressed concern that the vocabulary
was not consistent with part 73 and that it was unclear exactly what
the rule required from a security standpoint in Sec. Sec. 37.41(b) and
37.49.
Response: The commenter is correct that the terminology between 10
CFR parts 73 and 37 may not be consistent. Part 37 does not have any
requirement for a design basis accident and pertains to less risky
materials. Part 37 applies to a different type of material and licensee
in most cases. The terminology used in 10 CFR part 37 is geared for a
materials licensee and not a reactor or fuel cycle facility. Guidance
for implementing 10 CFR part 37 is contained in the implementation
guidance.
Comment C87: One commenter stated that the proposed regulations, as
applied to Gamma Knife radiosurgery units, do not give sufficient
weight to engineered controls. The commenter felt that the greatest
risk was during source exchange, which only occurs every 5 to 7 years,
and not from someone obtaining access to the equipment overnight or on
a weekend. The commenter further stated the opinion that there is
almost no danger during the ordinary operation of the equipment to
treat patients.
Response: The NRC acknowledges that accessibility of a category 2
source(s) depends on the design of the device containing the source(s)
and the means used to gain access to and possibly remove the source(s).
However it is anticipated that an adversary will use whatever means is
available to gain access to and possibly remove a source. The category
2 designation has no basis in regard to the time it would take to
remove a source from the device in which it is contained. The security
program is designed to deny an adversary the opportunity to gain access
to a category 2 source. It is reasonable to expect that overnight and
weekend periods would provide an opportunity to an adversary.
Comment C88: One commenter stated that the requirement limiting
unescorted access to approved individuals would appear to preclude the
treatment of patients with a Gamma Knife radiosurgery unit since the
patient is required to be unescorted in the treatment room due to the
high radiation levels, and the treatment room would normally be
considered to be the security zone. The commenter noted that closed
circuit television is used to monitor the patient rather than line-of-
sight observation, and that this could be used in place of human escort
for those individuals needing entry to the treatment room.
Response: A patient undergoing treatment is considered to be an
escorted individual. Closed circuit television used to monitor the
patient meets the requirements of Sec. Sec. 37.45 and 37.47.
Comment C89: One commenter stated that for a Gamma Knife
radiosurgery unit, individuals subject to background investigations
should be defined as those who have the key or pass code for the
treatment room door and the ability to turn off the security system and
not the personnel who may need access to a patient on treatment day.
The commenter stated that individuals with the keys or pass code are
the ones that can enter a room and have access to the unit for a long
enough time, such as outside of normal treatment days, to
[[Page 16986]]
remove any or all of the radioactive sources.
Response: Gamma Knife radiosurgery is typically performed by a team
of individuals. The licensee has the option of escorting those team
members not authorized for unescorted access. For example, the licensee
may decide to grant unescorted access to authorized medical physicists
and have them provide escorted access for physicians, nurses,
technologists, etc.
Comment C90: One commenter noted that it is important that Gamma
Knife units secured behind electronically locked doors have a backup
door alarm which operates during a fire alarm. The commenter noted that
hospitals are increasingly adopting electronic locks for securing rooms
and that the fire code requires electronic locks to be disabled during
a fire alarm. The commenter noted that frequently the door alarm and
motion detector are tied into the same system.
Response: The licensee must meet the requirements of the rule. Any
additional alarms or other systems beyond those used to meet the
requirements are at the discretion of the licensee.
Comment C91: One commenter noted that since a Gamma Knife treatment
room has a single entrance that could be controlled by an assailant,
one or more panic alarm buttons, unobtrusively placed, should be
installed so that the staff could summon security without being
noticed. The commenter also suggested requiring use of a portal
radiation monitor tied into security at the exit.
Response: The use of duress/panic alarms could be used to enhance
the licensee's response plans and a radiation monitor can be used to
detect a situation where a source has been removed from a device. The
licensee can determine which methods it will use to comply with the
rule. Any additional alarms or other systems beyond those used to meet
the requirements are at the discretion of the licensee.
Comment C92: One commenter stated that additional security measures
addressing radioactive materials are not necessary in the refining or
petrochemicals industry due to the location, lack of accessibility,
source holder design, and currently applicable security requirements.
The commenter noted that the sources are continually monitored by
process control systems and there would be an immediate response, due
to process safety concerns, if they were to go off-line. The commenter
noted that most sources are contained within source holders bolted
individually to a process column or equipment and the source holders
are typically very large, heavy, cumbersome metal containers. The
commenter noted that to remove the source holders requires tools,
cranes, hoist or scaffold support because of their weight and position
on the process equipment. The commenter also noted that the sources are
not aggregated but are located within the various operating unit
locations scattered over several acres.
Response: Part 37 only applies if the material is aggregated such
that the total equals or exceeds the category 2 threshold. As with the
orders, the licensee can take measures such that the provisions do not
apply. For example, if a source holder is welded to the column and has
a cage around it, the NRC has determined that this is sufficient and
the sources would not need to be considered in aggregating the
material. Additional information has been added to the implementation
guidance to clarify what types of barriers would be sufficient.
Comment C93: One commenter noted that the type and configuration of
irradiators would render the probability of their use in an act of
terrorism as extremely unlikely. The commenter noted that they are
stationary, weigh in excess of 1000 pounds, and are secured within
segregated and separately locked facilities on a secure campus
requiring separate authorized keycard access to both the buildings
themselves and the irradiator rooms 365 days per year. The commenter
recommended that the NRC exempt irradiators from 10 CFR part 37.
Response: The NRC disagrees that irradiators should be exempt from
the requirements of 10 CFR part 37. The requirements are designed to
control access both to the radioactive material and to the irradiator
by controlling access to the security zone. The NRC has engaged the
expertise of national laboratories that have shown that these devices
may be vulnerable to theft, sabotage, or diversion under certain
scenarios. For this reason, and the possibility that the necessary
trained individual could be a malevolent insider, the NRC has
determined that certain additional security measures are necessary in
the current threat environment. Part 37 uses a layered, defense-in-
depth approach to enhance the security of radioactive material in
category 1 and category 2 quantities. No single measure can provide the
required security for this material. Therefore, a licensee must
implement all applicable 10 CFR part 37 requirements.
D. Transportation Security
Comment D1: In the proposed rule, the NRC specifically invited
public comment on several aspects of license and address verification.
Commenters were requested to provide information on: (1) Whether there
should be a requirement for verification of the license for transfers
of category 2 quantities of radioactive material or whether it would be
acceptable to wait for the system being developed before requiring
license verification for transfers of category 2 quantities of
radioactive material; (2) how the address verification might work for
shipments to temporary job sites and the ability of both licensees and
the Agreement States to comply with such a requirement; (3) the
frequency of the license verification, and (4) how the transferring
licensee would know if a license has been modified since the last check
and that the licensee is still authorized to receive the material.
Seventeen commenters provided responses to the specific questions on
this subject.
Of those that provided responses to the questions on license
verification, most commenters indicated that the current system for
license verification for category 2 quantities of radioactive material
is acceptable until the license verification is developed and ready for
implementation. A few commenters indicated that phone verification for
category 2 would be acceptable before the new system is available;
others indicated that the NRC should wait for the new system. One
commenter suggested that verification not be required for shipments
that result in a change of jurisdiction but not a change of licensee.
Most commenters did not support a requirement for address verification
for temporary jobsites, noting that in most cases the regulatory
authority will not know the address for a temporary site and that in
some cases there is no address. One State indicated that it did not
allow shipments to temporary jobsites. On the issue of frequency of
license verification (every transfer, annual, etc.), the response was
mixed; some noted that annual verification was adequate, some noted
that every transfer should be verified, some noted that every transfer
would be ok once the new system is available, some suggested
semiannual, and some felt that use of the National Source Tracking
System was sufficient. One commenter noted that amendments and
enforcement actions typically take a long time so the likelihood of a
license being modified after a copy is obtained by the transferor is
very small. The commenter indicated that there was no compelling reason
to take extra measures to verify that the license has
[[Page 16987]]
not been modified since that last check. Most commenters noted the
current practice was acceptable until the new license verification
system is up and running. One commenter suggested obtaining a written
statement from the receiving licensee RSO attesting to the current
amendment number.
In addition to those that responded to the specific questions, 18
commenters provided comments on this topic. One commenter noted that it
was unclear why additional work over and beyond the current
requirements in Sec. 30.41 is needed. Some commenters objected to the
need to verify a licensee's validity prior to shipment as it creates a
large burden on the licensee and the regulatory agency. At least one
commenter felt that the current method of obtaining a copy of the
receiving licensee's license via either fax or email was adequate to
verify the validity of a licensee. Commenters felt that, for companies
with which they do frequent business, verification was not necessary
and that having a copy of the license on file or verification within
the last year was adequate. Some commenters noted that verifying for
every shipment would take time and personnel and increase the cost of
doing business. One commenter indicated that they felt that it would
take half a day to process 30 orders using the system which is 4 times
the current time. Other commenters felt that that an annual check would
not be acceptable and the verification should occur close to the
shipping date. One commenter stated that a company should not be
required to verify a same company license in another State prior to
transfer between the same company but at different locations. Two
commenters requested clarification on the need to report shipments
within the same company but within different jurisdictions, such as
temporary jobsites in another State.
One commenter suggested that the verification requirement be
revised to allow for verification of the delivery address through the
receiving licensee's RSO or another individual specifically identified
on the license. The commenter pointed out that some licenses may list
the primary address but not individual buildings and that the delivery
(or dock) address may be different than the official building address
that is listed on the license. Commenters were opposed to including a
requirement to validate the address for transfers of category 2
quantities of radioactive material.
Commenters noted that it can be difficult to reach the regulator
and once reached that it may take the individual some time to look up
the license and verify the information. Commenters indicated that this
could result in delays and/or stopped shipments. As an alternative, one
commenter suggested that the regulatory agency could send a copy of an
amended license to ensure up to date and valid copies are on file.
One commenter recommended removing reference to the License
Verification System as it does not exist yet and another commenter
noted that the system would unlikely be operational when the final rule
is published. Several commenters expressed some concern over how well
the license verification system will work; some asked for clarification
on possible access to the system. One commenter recommended that the
verification provision should not be implemented until the system is
fully operational and demonstrated to be effective.
One commenter asked if the verification of license provisions
applied to exports. One commenter asked if these requirements would
replace the National Source Tracking System requirements.
One commenter noted that there is no need to document that a check
has been done as it can be covered under a procedure that the licensee
has in place for license checks and that adding additional
documentation just adds time and effort without value. One commenter
questioned what documentation was required for the transfer
verification.
Response: One of the recommendations from the Independent Review
Panel was that licenses be confirmed for all transfers of radioactive
material in risk-significant quantities. The NRC agrees with the
recommendation and believes that verification of the license before
transfer is an important component that enhances the security of the
material by validating the licensee's legitimacy. Use of the License
Verification System is a key component to allow 100 percent validation
of licenses before transfer of category 1 or category 2 quantities of
radioactive material. While some commenters felt that a fax or email
was adequate to verify the validity of a license, the NRC disagrees. An
individual can alter or tamper with a license to change the possession
limits or location of use, or even the person that received the
license. Currently, many licensees obtain copies of the license and
keep the copy on file. The problem with this method is that the license
could be amended or terminated and the licensee would not know that the
license was no longer valid. The License Verification System is being
developed to prevent these scenarios from occurring. Licensees are
required to use either the License Verification System or contact the
regulatory agency (NRC or Agreement State) to verify that a license is
valid before shipping category 1 or category 2 quantities of
radioactive material to a domestic company. For category 1 shipments,
the licensee must also verify that the shipping address is valid.
Transfers within the same company in a different State do not need to
be verified as the company knows what it is authorized to possess. The
rule language has been clarified to make this clear. Verification is
not required for imports and exports; the requirements of part 110
apply. The NRC agrees that the License Verification System (LVS) needs
to be fully functional before this provision of the regulations is
implemented. Although the NRC expects a timely startup of the LVS, this
provision of 10 CFR part 37 permits a separate compliance date that can
be changed if this startup is delayed.
The NRC does understand that it can be difficult to reach regulator
personnel and that there may be times when the system is down.
Therefore, the NRC has added a new provision that provides an
alternative so that licensees can still ship. If the licensee cannot
reach the regulator and the system is nonfunctional, the licensee will
be able to use certification from the receiving licensee that the
licensee is authorized to receive the requested radioactive material.
The licensee must follow-up by the end of the next business day to
confirm the license was valid.
The NRC has also changed the documentation requirement. The final
rule only requires documentation if the licensee conducts the
verification by contacting the license issuing authority (NRC or
Agreement State). The documentation can simply be a note to file or a
copy of an email response from the NRC or Agreement State. The license
verification system will keep the record of any verification conducted
using the system, therefore, the licensee is not required to keep
separate documentation. Documentation is important from an inspection
and enforcement aspect.
Comment D2: One commenter noted that the verification requirement
appears to duplicate the transfer requirements under Sec. 30.41. The
commenter noted that licensees should be exempted from Sec. 30.41 if
they have category 1 or category 2 quantities and follow 10 CFR part
37. The commenter noted that this is an example of an area where
industry and the NRC could constructively work together through
[[Page 16988]]
public meetings to find the most efficient and effective solution to
address NRC's concern. One commenter noted that the proposed
regulations should be consistent with existing NRC regulations related
to radioactive materials, should not duplicate any existing
requirements, and should not rely on the general statements of ``not
withstanding the requirements of any other regulations in this
chapter.''
Response: The verification requirements in Sec. 37.71 are in place
of the requirements in Sec. 30.41(d). The language has been revised to
make this clear. In addition, the NRC has added a provision to address
emergency situations where the License Verification System is down and
the licensee cannot reach the licensing authority.
Comment D3: One commenter objected to the preplanning and
coordination requirements in Sec. 37.75 stating that it would be
impossible to implement for category 2 sources for facilities that make
numerous shipments a day. The commenter noted that it would require a
dedicated individual to constantly communicate with customers and
carriers throughout the day for the 40-60 shipments and receipts that
occur during the day. The commenter noted that currently the customer
is told of the shipment date and method of shipment and that the
preplanning system takes advantage of the already understood arrival
times if using FedEx or similar. The commenter noted that the shipper
can review the FedEx confirmed deliveries each day (one central
location) which verifies receipt by the customer. The commenter noted
that this has been working very effectively, so there is no reason to
change to a much more burdensome method.
Response: It is not clear why the commenter believes that it will
need to constantly communicate with customers and carriers throughout
the day. The basic requirements are similar to the orders, with the
exception of establishing a no-later-than arrival time. The licensee
could easily establish the no-later-than arrival time as the close of
the business day on the expected arrival date. If the licensee is
already telling the customer the shipping information, the addition of
one additional piece of information does not present a large burden and
does not require the shipping licensee to conduct its business in a
different manner than it currently does. The NRC has revised the
language to clarify the coordination activities and has removed the
requirement that specified methods of sharing information to provide
licensees more flexibility. Information has been added to the
implementation guidance.
Comment D4: One commenter stated that in Sec. 37.75(a)(2)
alternate requirements should be added for those States who will not be
providing law enforcement escorts for the licensee to identify the
intended LLEA contacts it will use to summon an armed response should
there be an actual or attempted theft or diversion of the shipment.
Response: The NRC disagrees with the comment. Part 37 does not
require the use of escorts for shipments of category 1 or category 2
quantities of radioactive material; therefore, an alternate requirement
is not necessary.
Comment D5: Two commenters noted that in Sec. 37.75(a)(2)(i) the
term ``minimal delay'' is ambiguous and subject to interpretation. The
commenter recommended that the term be clarified or deleted.
Response: The NRC agrees with the comment and has removed the
requirement. While the purpose of the preplanning and coordination with
the State is to ensure minimal delays, the language is not necessary in
the rule itself.
Comment D6: Several commenters recommended removing the provisions
for preplanning and coordination activities with the Governors of each
State that the category 1 shipment will pass through. The commenters
noted that the advanced notification provided to the State by the
licensee provides sufficient time for the State to contact the licensee
if a revision to the route or additional State imposed controls, such
as escorts, are to be implemented. The commenters noted that Appendix A
of the regulatory analysis indicates that there had been zero event
notifications in the past 10 years regarding missing or lost material,
suspicious activities, theft, or diversion of category 1 materials and
questioned how additional coordination efforts that are not currently
required by the orders can be justified. The commenters noted that the
licensee would be unable to comply with the requirement to arrange for
positional information sharing when required by the State because, as
written, States would be authorized to dictate which position tracking
provider a carrier must utilize, or the State could request that the
carrier authorize the State to log into the carrier's tracking system.
This would result in additional costs as there are licensing and data
communication fees associated with tracking systems. One commenter
asked if the NRC has determined whether carriers are willing to share
their positional information real time. One commenter noted that this
requirement could provide a mechanism for a State to block the
transport of category 1 material through the State if the requesting
state official cannot log onto the tracking system. Another commenter
expressed concern over possible denial of a shipment through a State
due to tracking system incompatibility. The commenter noted that denial
of shipment could result in noncompliance with Federal interstate
transportation laws. The commenter noted that the licensee and carrier
are capable of determining safe havens along the route and that past
experience has shown that requesting a State to identify safe havens
has been fruitless. One commenter strongly agreed with the preplanning
and coordination requirements as both necessary and desirable. The
commenter urged the NRC to encourage States to coordinate with the
LLEAs and affected Tribes, including route and schedule information in
the shipment verification system, as it can help States monitor
shipments and the no-later-than arrival times. One commenter noted that
the coordination with the States is typically conducted by email and
that there is no discussion unless the State initiates one in response
to the licensee's notification. One commenter stated that there
shouldn't be any additional requirements for category 1 quantities that
might serve to dilute attention paid to highway route control
quantities (HRCQ). One commenter suggested including the Agreement
State program on the list for notification and preplanning coordination
for category 1 shipments. The commenter noted that the Governor's
designee is not always the Agreement State program director. One
commenter noted that the need to coordinate with all States for
transport will be very burdensome unless there is a tool to assist with
implementation.
Response: The NRC has determined that the requirement for
preplanning and coordination with each State for category 1 shipments
is necessary, but has removed several of the proposed elements.
The NRC believes that it is necessary to coordinate with the State
to determine whether the State plans to provide escorts. If the
licensee doesn't find out about the need for an escort until after the
advance notification is provided to the State, the licensee would
likely need to adjust the schedule and reissue the advance
notifications. Knowing upfront about the need for escorts is likely to
reduce the overall burden on the licensee and allow the licensee to
better plan the route for any shipment. The licensee is responsible for
identifying safe havens along the route. The licensee would provide
that
[[Page 16989]]
information to the State. If the licensee has difficulty identifying
safe havens, it may want to discuss this with the NRC, State police, or
other State contact. (See also response to Comment A11.)
The NRC agrees that the other elements of preplanning and
coordination are not necessary. It was not the intent that the State be
given direct access to the position monitoring system, only that the
state be provided information about the shipment's location upon
request. This provision is not included in the final rule. The NRC has
only retained what it believes are the minimum requirements for the
preplanning and coordination. The rule does not specify the method for
conducting the preplanning and coordination. The licensee can conduct
the preplanning and coordination by email.
The NRC will maintain the list of State contacts as it does for 10
CFR part 73 shipments. The list will be available on the NRC's Web site
at http://nrc-stp.ornl.gov/special/designee.pdf. The list will also be
published in the Federal Register on an annual basis, typically in
early July.
Comment D7: Some commenters objected to the requirement to
establish a no-later-than arrival time. One commenter pointed out that
the shipping licensee has no control over when a common carrier
delivers the material, noting that typically they know the day but not
an exact hour. The commenter felt that the requirement would result in
many unnecessary reports or an exaggeration of the time in order to
avoid making reports and noted that licensees are responsible enough
not to need a regulation that will burden them and ultimately be
subverted. Another commenter felt that the rule would be extremely
costly and time consuming to implement and impractical. The commenter
stated that the NRC should place the requirement on the carrier and not
the licensee, as the licensee has no control. Another commenter
suggested waiting until the end of the day, which was previously agreed
to, and send a report (NRC 748) into NSTS and hope that it gets put
into the system, maybe receiving confirmation that the reports were
received. Two commenters recommended allowing licensees to use the NSTS
as method to fulfill the notification requirement in Sec. 37.75(b) and
(c). One commenter supported the concept and suggested timeframes. One
commenter noted that a loss of material is an immediate notification
and that the rule as proposed places the licensee in a burdensome
position of devoting additional time, effort, and concern over movement
of material that is not completely in their control. The commenter did
agree that notification between the shipper and consignee is important
but felt no need for further restrictions or regulations in this area.
Another commenter noted that the shipper currently sends an email
notification that has a receiving document attached to the message
noting when the shipment was received. The commenters believe that
licensees already effectively track the movement of sources without the
need to impose additional regulation. One commenter noted that category
1 shipments are often held up in States for inspection. Commenters
noted that common carrier delivery guarantees are not accurate to
within 4 hours. Commenters noted that the 2- and 4-hour timeframes
would result in numerous modifications to the time or ultra
conservative estimates. Several commenters suggested 24 hours as the
timeframe. One commenter noted that licensees routinely monitor the
status of shipments and notify the carrier and regulatory agency when
the shipment does not arrive within a reasonable timeframe. The
commenter stated that the regulations should specify what is required
and not how to achieve it. One commenter noted that the time of a
shipment will not be known for material that is transported by common
carrier as shippers like FedEx simply verify that a shipment will
arrive by a certain date, and often the only notice that a shipment
will be late is that it doesn't arrive by the end of the business day.
One commenter requested clarification that the no-later-than arrival
time applies only to domestic transfers, either within the definition
or in the guidance. One commenter noted that Sec. 37.75(b) requires
licensees to email or fax arrival times for shipments of category 2
material and that licensees must be made aware that the email must be
encrypted and faxes be made to an awaiting, known entity as was noted
in Regulatory Issue Summary 2005-31.
Response: The NRC continues to believe that the establishment of a
no-later-than arrival time is beneficial. The NRC notes that the orders
currently require the licensee to coordinate the expected arrival time
of the shipment and to initiate an investigation if the shipment has
not arrived by the expected arrival time. The provision for the no-
later-than arrival time actually provides the licensee with more
flexibility. The no-later-than arrival time allows for traffic delays
due to weather and other circumstances before an investigation is
initiated. The no-later-than arrival time for category 1 shipments has
been removed as the licensee is required to maintain continuous
communication capability. The no-later-than arrival time provision only
applies to domestic shipments. There is no requirement that email be
encrypted and faxes be made to an awaiting, known entity.
Comment D8: One commenter stated that Sec. 37.75(c) is a redundant
requirement as licensees are already required to input data into the
NSTS when shipping or receiving radioactive material. The commenter
noted that licensees are already required to initiate an investigation
if a shipment does not arrive and that there is no reason to require a
licensee to notify the shipper when the shipment occurs as it is
scheduled. The commenter noted that this would require a tremendous
amount of resources and is unnecessary as a licensee is already
required to notify the shipper if the shipment does not arrive. One
commenter requested clarification on whether Sec. 37.75(c) applied to
notify international shippers of receipt within 4 hours. One commenter
noted that the transferee licensee should notify the NRC (and the
License Verification System) and the host State when a shipment
arrives. The commenter indicated that the notification should
reasonably occur within 2 hours after arrival instead of the 4 hours
proposed in the rule. Another commenter objected to the need to confirm
a shipment with the shipper and noted that it was redundant to current
requirements for the NSTS. A commenter noted that if a notification
must be made when a shipment does not arrive that it doesn't make sense
to also require that a notification be made when and if it does arrive
and therefore it just adds burden without benefit. One commenter
recommended that the licensee should notify the NRC (and the License
Verification System) as well as the States affected when a shipment is
revised or cancelled. The commenter noted that the change should be
reported by the carrier company after communication/coordination with
the driver. One commenter objected to the requirement for the receiving
licensee to notify the shipping licensee within 4 hours of a package
arrival and recommended that the requirement be removed from the rule.
The commenter indicated that this would result in an undue cost and
would require licensees to have personnel on evenings, weekends, and
holidays to receive/send the information. One commenter asked why using
NSTS wasn't sufficient.
Response: The requirement in Sec. 37.75(c) to notify that a
shipment has
[[Page 16990]]
been received and the requirement to report to NSTS are not redundant.
The reporting to NSTS is a report to a system and does not notify the
shipping licensee that a source has been received. The shipping
licensee would need to access the system to see if the status of the
source has changed in order to determine if a shipment has been
received. The reporting to NSTS is by the close of the next business
day which means information on the receipt of the shipment might not be
available for several days and this would be too long for a shipment to
go missing without starting an investigation. Additionally, not all
shipments are reported to NSTS. When shipments don't arrive on time,
the shipping licensee needs to start an investigation to determine if
the material is missing or just delayed in shipment. The requirement to
confirm shipment is not new as it is a current requirement from the
orders. The notification provisions do not apply to international
shipments.
Comment D9: One commenter noted an inconsistency in the timeframes
for the receiving licensee to notify the shipping licensee no later
than 4 hours after the package arrives but that the shipping licensee
is to begin an investigation within 2 hours of a category 1 shipment
not arriving by the no-later-than arrival time.
Response: The NRC has removed the no-later-than arrival
requirements for shipments of category 1 quantities of radioactive
material because they are not needed with the communication and
monitoring requirements associated with these shipments. The provision
for no-later-than arrival time remains for category 2 shipments. The
arrival time and the no-later-than arrival time are not the same times.
The arrival time is the time the shipment actually arrives at the
facility. The no-later-than arrival time is the time established that
when a shipment has not arrived and an investigation will be started to
determine the whereabouts of the shipment.
Comment D10: Two commenters pointed out an editorial error in Sec.
37.75(d), noting that the reference to Sec. 37.75(a)(1) should be
Sec. 37.75(b).
Response: The NRC agrees with the comment and has made the
correction.
Comment D11: One commenter noted that it may not be possible to
provide the information for an advance notification before the
shipment. The commenter stated that the information is not available to
most licensees because carriers are not willing and may not be able to
provide the detailed information to licensees. The commenter noted that
for an import, a licensee may not have this information until the
shipment is in progress, or even when it is received. The commenter
noted that if it is assumed that this requirement is only applicable
from the point of customs clearance, then it may be practicable. The
commenter indicated that the regulation should specifically state that
it is applicable to the portion of the movement of shipments after
customs clearance. One commenter asked if NRC has coordinated with DOT
to determine if the advance notification is practicable. One commenter
noted that the activity levels are not available with much degree of
accuracy as the activity is often not measured until the shipment
arrives. One commenter noted that the shipper may not know when a
shipment will commence, cross State lines, and arrive. The commenter
also noted that the shipper may not know of schedule changes ahead of
time.
Response: The NRC understands that all of the information may not
be available at the time of the initial advance notification. Section
37.77(b) specifically states that the licensee must provide the
required information if available at the time of the notification. In
addition, Sec. 37.77(c) provides for revised notifications for
information that was not available at the time of the initial
notification and for instances where information changes. The commenter
is correct that the provisions only apply to the domestic portion of
the transport for both imports and exports. The requirements would
begin at the point of customs clearance for imports and end at the
border for exports. Section 37.73(d) and (e) notes that the provisions
only apply to the domestic portion of the shipment. Both sections have
been revised to address exports.
Although the NRC coordinates with DOT on a number of safety and
security matters of mutual interest, licensees have implemented advance
notification requirements for many years, and the practicability of
these notifications is no longer in serious question.
Comment D12: Two commenters recommended that the advanced
notifications to the Governor be made through the NRC's Operations
Center. The commenters noted that the licensee could simply provide the
advanced notification to the NRC's Operations Center with a list of
States affected and the NRC's Operations Center would then transmit the
advanced notification to the affected States. The commenters noted that
this would reduce the record retention and notification burden on the
licensee and would ensure consistency in how the States receive
notifications.
Response: The NRC disagrees with the comment. It is the licensee's
responsibility to notify the affected States. The need for the NRC's
Operations Center to notify affected States could interfere with its
primary responsibility to be available for response to events.
Additionally, for those shipments that are made by an Agreement State
licensee, the NRC would not be notified as the notification would go to
the Agreement State. The Agreement State will need to provide the
information to the NRC so that the NRC can share the information with
its Federal partners.
Comment D13: Two commenters recommended including an email address
and fax number for the NRC point of contact receiving the notification
in Sec. 37.77(a)(1). The commenters noted that the email address and
fax numbers should be readily available as most notifications are made
by email or fax.
Response: The NRC agrees with the comment and has included the
secure fax number and email address to submit the notifications to the
NRC.
Comment D14: Two commenters recommended removing the option in
Sec. 37.77(a)(2) to mail in notifications or require that
notifications not submitted by fax or email be sent via certified mail
or delivery service. The commenters noted that 7 days prior to the
shipment date may not be sufficient time to allow a notification
transmitted through the regular mail to reach the intended recipient.
Response: The NRC disagrees with the comment. The 7 days prior
notice requirement is consistent with the similar provision for advance
notifications for spent fuel shipments. Transmittal of the SGI-M
information must meet the requirements of Sec. 73.23. The licensee
always has the option of sending the notification earlier than
required. The NRC has revised Sec. 37.77(a) to clarify the procedures
for submitting the notifications.
Comment D15: Two commenters recommended increasing the notification
requirement in Sec. 37.77(a)(3) from 4 days to 7 days. The commenters
noted that the additional time would provide States enough time to
review and evaluate the details regarding the shipment and would
preclude the need to conduct the required preplanning and coordination.
The commenters noted that this advance notification process has been in
place and proven effective for the past 6 years. One commenter
recommended that ``other means'' in Sec. 37.77(a)(3) be defined or
clarified. The commenter assumed it meant by email or fax.
[[Page 16991]]
Response: The NRC disagrees with the comment. The NRC believes that
4 days provide sufficient time for the States to review and evaluate,
particularly since the licensee is required to conduct preplanning and
coordination with the States in addition to the advance notifications.
The timeframe is also consistent with the similar provision for advance
notifications for spent fuel shipments. No State that commented on the
rule indicated that additional time was necessary. Other means could
include fax or email, or delivery by messenger. Additional information
has been added to the implementation guidance.
Comment D16: Two commenters indicated that it was unclear what
information the point of contact, requested in Sec. 37.77(b)(7) for
the advance notifications, should be able to provide. The commenter
noted that ``current shipping information'' could imply that the point
of contact should be a person accompanying the shipment, or did it mean
someone who has information regarding the details of the notification.
Response: The point of contact would be someone that has
information regarding the details of the notification. It is not
intended to be a person accompanying the shipment. Additional
information has been added to the implementation guidance.
Comment D17: One commenter noted that the NRC should provide for
advance notification to Tribes for shipments that cross their
reservation. The commenter noted that this rule should be consistent
with the rule that the NRC promulgates for Tribal notifications.
Response: The NRC may consider providing advance notification of
these materials to Tribes in the future but does not currently plan to
include the provision.
Comment D18: Three commenters suggested changing the phrase
``movement control center'' to ``communication control center'' in
Sec. 37.79 to maintain consistency with the orders.
Response: The NRC disagrees with the comment. Although the orders
called the centers communication control centers, these centers are
typically called movement control centers. The terms refer to the same
function. The NRC is retaining the term movement control center to be
consistent with the term in 10 CFR part 73 as the centers serve the
same function.
Comment D19: One commenter noted that in the definition of
``movement control center'' various functions are combined and that
there is no value in requiring that they all be accomplished by one
entity as the functions may be accomplished by separate departments or
personnel.
Response: The movement control center definition does not require
that all of the functions be carried out by the same department or
personnel. It does require an operations center or base from which all
of the functions are handled. The primary purpose of the movement
control center is to have staff available that can immediately respond
to an emergency and coordinate the required response.
Comment D20: One commenter requested clarification in Sec.
37.79(c)(1)(ii) on the use of authentication and duress codes. The
commenter noted that it wasn't clear if there were two codes or if
there needed to be a strategy for the ``use'' and ``authentication'' of
duress codes.
Response: The NRC has revised the rule language to clarify that
there are two types of codes.
Comment D21: One commenter noted that redundant communications
systems are required but it was not clear if redundant position
location or tracking systems are necessary.
Response: The rule does not contain a requirement for a redundant
position location or tracking system.
Comment D22: One commenter noted that although a licensee can make
arrangements to ensure that personnel are trained and can audit the
carrier for compliance, it cannot ensure that personnel are trained as
required. One commenter objected to the requirement for licensees
providing training to entities beyond its control such as railroad
personnel. The commenter noted that the carriers already have training
and certification requirements under DOT. Two commenters recommended
allowing the licensee to provide current copies of normal and
contingency procedures in lieu of training as required by Sec.
37.79(c)(2). The commenter noted that it is not feasible to provide
``appropriate training'' to a group of individuals that the licensee
has no control over.
Response: The NRC agrees with the comment. The NRC agrees that it
is acceptable to provide copies of the normal and contingency
procedures in lieu of a formal training program. If this mechanism is
used, the licensee should have a signoff sheet associated with the
procedure that the individual would sign indicating that he or she has
read and understands the procedure. The NRC also agrees that the
licensee would be unable to dictate that railroad personnel undergo
training and follow the licensee's procedures. Railroads have their own
processes and procedures in place and would be required to follow them.
The NRC has removed the requirement for railroad shipments.
Comment D23: One commenter stated that the regulation must make it
clear that the requirements in Sec. 37.79 are only applicable from the
point of customs clearance.
Response: Section 37.73(d) and (e) makes it clear that the
provisions only apply during the domestic portion of the shipment. For
imports, the provisions begin at the point of customs clearance.
Comment D24: One commenter noted that Sec. 37.79 requires
licensees to use companies who use package tracking systems (for
category 2) and that it should be clarified that the package itself
should be accounted for and not simply the paperwork.
Response: The NRC believes that the regulations are clear that it
is the package that is being tracked and not the paperwork. No change
to the regulations is needed.
Comment D25: One commenter objected to the requirement to start an
investigation if a package does not arrive within 2 to 4 hours of its
designated arrival time. The commenter noted that weather, traffic,
etc. could affect delivery times and that starting an investigation
because a package did not arrive on time due to poor weather, etc is a
waste of time and resources with no foreseeable gains for security. The
commenter noted that the timeframe should allow some time for
investigation and suggested an 8- and 24-hour timeframes.
Response: The NRC agrees in part with the comment. The NRC has
clarified the text in Sec. 37.79(d) to remove reference to lost or
unaccounted for material. The requirement to establish a no-later-than-
arrival time for shipment of category 1 quantities has been removed as
the licensee is required to maintain constant communication capability.
The NRC has increased the timeframe for the no-later-than arrival time
for category 2 shipments to 6 hours.
Comment D26: One commenter stated that when shipping radioactive
material meeting the requirements of HRCQ and RAMQC the requirements
should include having two forms of communications available at all
times for reporting incidents and requesting assistance.
Response: The NRC agrees and included a requirement for redundant
communication capability for category 1 shipments (RAMQC) in the
proposed rule. The final rule in Sec. 37.79(a)(1)(ii) requires
licensees to ``Ensure that
[[Page 16992]]
redundant communications are established that allow the transport to
contact the escort vehicle (when used) and movement control center at
all times. Redundant communications may not be subject to the same
interference factors as the primary communication.'' Redundant
communications are required to mitigate an interruption, caused by
either natural events, such as storms, or deliberate actions, such as
signal jamming, that may cause communications to be lost on the primary
communication device. One or more additional communication devices must
be available to operate independently of the primary device, thereby
minimizing the possibility that whatever disabled the primary device
will impact the redundant devices. For category 2 shipments, the NRC is
not requiring a redundant means of communication.
The requirements for HRCQ shipments, other than the category 1
material, are beyond the scope of this rulemaking.
Comment D27: One commenter felt that the rule should be revised to
require the licensee to provide some level of armed security during
transport of HRCQ.
Response: The NRC disagrees and feels that the physical protection
measures in place are adequate without requiring the use of armed
security personnel. The licensees that ship category 1 quantities of
radioactive material by road would be required to have sufficient
protective measures which include: A movement control center that
maintains periodic position information from a location remote from the
activity of the transport vehicle or trailer and monitors shipments 24
hours a day, 7 days a week; redundant communications that would allow
the transport to contact an escort vehicle; and the ability to
communicate an emergency immediately to appropriate law enforcement
agencies that would provide an armed response. Since the appropriate
States are to be notified in advance of the shipment, the State may
decide to have armed escorts accompany the shipment within the State's
borders.
The requirements for HRCQ shipments, other than the category 1
material, are beyond the scope of this rulemaking.
Comment D28: One commenter suggested adding an exemption to Sec.
37.79 for shipments transported as Exclusive Use, in accordance with 49
CFR 173.441. The commenter noted that package tracking systems are
necessary when a carrier handles multiple consignments on single
vehicles and when packages traverse through delivery hubs. The
commenter noted that an exclusive use shipment removes the risk of lost
or misdirected packages and would provide the same level of control as
a package tracking system. The commenter noted that adding the
exemption would give the licensee the ability to transport their own
category 1 materials.
Response: The NRC disagrees with the comment and does not believe
that an exemption is appropriate for shipments transported as Exclusive
Use. The shipment should still have the same security measures applied
even if the shipment is in a dedicated truck. While it might remove the
risk of a misdirected package, it does not remove the possibility that
the material could be stolen during transport. The licensee is allowed
to transport its own category 1 or category 2 material under the rule.
Comment D29: One commenter was disappointed that the proposed rule
did not contain the requirement for GPS tracking for trucks carrying
category 2 quantities of radioactive material that was requested in
PRM-71-13 or, alternatively, for the rule to give Agreement States the
flexibility to be more stringent than NRC. The commenter was
disappointed that the NRC did not request comments on the issues raised
in the petition nor provided any further discussion or explanation for
not including the two recommendations in the proposed rule. The
commenter noted that NMED data shows that since the letter was sent,
another truck carrying radiography sources was stolen, and the
commenter further noted that it only takes one to become the terrorist
event. The commenter noted that GPS tracking is very inexpensive and an
easy way to help with rapid recovery should preventative measures fail
and that GPS tracking for category 2 sources should be required.
Response: The NRC reevaluated the need for requiring GPS tracking
for trucks carrying category 2 quantities of material. The NRC
continues to disagree with the comment. Tracking a truck can be
misleading as either the source or the device containing the source can
be removed and the GPS would provide no benefit. There is no easy
method of placing the GPS tracking mechanism on either the source or
device. While GPS could help with locating the truck, the source/device
may not still be on the truck. For devices in or on a vehicle, the
licensee is supposed to maintain control and have constant surveillance
of the material or use a method to disable the vehicle. The NRC
believes that these measures are adequate. As for the compatibility of
the provisions, the provisions need to remain compatibility B because
there are significant transboundary implications.
Comment D30: One commenter noted that the shipping requirements are
somewhat demanding with the authorized shippers having added
responsibilities. The commenter assumed that the Commission will
communicate with the shipping agencies accordingly. The commenter noted
that the addition of GPS capabilities combined with vehicle/trailer
alarms with remote features will be an added expense. Another commenter
asked how to find the approved carriers.
Response: The NRC is not sure what the commenter meant by
authorized shipper, but assumes that it refers to the licensee that is
shipping the material. The NRC is also uncertain what the commenter
meant by shipping agencies, but assumes that the term refers to common
carriers. Common carriers do not have any responsibilities under part
37 as the NRC does not regulate the carrier. It is each licensee's
responsibility to make sure that its shipments are compliant with the
regulations. The NRC believes that the requirements in subpart D are
necessary for the safe transport of category 1 and category 2
quantities of radioactive material. The regulations do not require the
licensee to use GPS or vehicle/trailer alarms during shipment of the
material. Alarms may be necessary, however, if the material is stored
in the vehicle or trailer while the vehicle is unoccupied. The NRC does
not approve the carriers.
Comment D31: One commenter stated that Sec. 73.35 is not clear on
what to include/exclude from the calculation for ``net weight.'' The
commenter indicated that if the ``net weight'' is intended to include
only the weight of the nuclear or radioactive material contained in the
irradiated fuel, then this should be clearly stated. The commenter
noted that calculation by ``exclusion'' may lead to wide variation in
interpretation.
Response: The rule addresses the irradiated reactor fuel weighing
100 g (0.22 lb) or less in net weight of irradiated fuel, exclusive of
cladding or other structural or packaging material, and that has a
total external radiation dose rate in excess of 1 Gray (100 rad) per
hour at a distance of 1 m (3.3 ft) from any accessible surface without
intervening shielding.
Comment D32: One commenter proposed an exemption for the
aggregation of packages that individually each contain less than a
category 2 quantity of material and were in a package with an external
volume
[[Page 16993]]
exceeding 1 cubic foot and with a mass exceeding 100 pounds. The
commenter noted that these parameters would present a practical,
individual barrier to theft. The commenter also suggested, as an
alternative, the addition of a specific activity threshold to the
category 2 table, and materials not exceeding the specified
concentration values (sum of fractions could be applied to packages
containing multiple radionuclides of interest) would be exempted from
the requirements.
Response: The NRC disagrees that the parameters described would
present a practical barrier to theft. The requirements do not allow an
individual licensee to aggregate less-than-category-2-quantity packages
of material to exceed category 2 limits for an individual shipment
unless the shipment complies with 10 CFR part 37 requirements. If two
or more packages, each containing less than a category 2 quantity, in
aggregate reach or exceed a category 2 quantity in a shipment from one
NRC licensee, the licensee would be required to meet applicable subpart
D requirements before shipping.
The NRC did consider specific activity and grants an exemption as
stated in Sec. 37.11(c), which states that licensees that possess
radioactive waste that contains category 1 or category 2 quantities of
radioactive material are exempt from the requirements of subpart B, C,
and D of 10 CFR part 37, unless the radioactive waste contains discrete
sources, ion-exchange resins, or activated material that weighs less
than 2,000 kg (4,409 lbs).
Comment D33: One commenter noted that category 1 rail shipments
should be by dedicated trains.
Response: The NRC disagrees with the comment. There is no security
or health and safety basis for requiring dedicated trains for rail
shipments of category 1 quantities of radioactive material.
Comment D34: The proposed rule contained a provision that would
require the licensee to have an NRC-approved monitoring plan to ensure
that no unauthorized access to the shipment takes place while the
shipment is in a railroad classification yard. The NRC specifically
sought comment on the feasibility of this requirement. Commenters were
requested to provide information on: (1) Whether surveillance of the
shipment could be accomplished while in the classification yard; (2)
whether the classification yard would allow an individual to accompany
a shipment while the shipment is held in the classification yard; and
(3) what precautions might be necessary from a personal safety
standpoint. Five commenters provided responses to the specific
questions on this subject.
Of the commenters that addressed the questions on the monitoring
plans for use in railroad classification yards, only one commenter gave
an answer other than unknown. The commenter noted that, due to
insurance and liability concerns, it was highly unlikely that the
classification yard would allow an individual to accompany a shipment.
The commenter noted that DOT regulations were sufficient for personal
safety from a radiological perspective.
In addition to those that addressed the specific questions, two
commenters provided comment in this area. One commenter indicated that
additional monitoring while the shipment is in a railroad
classification yard is an impractical and unenforceable requirement.
The commenter noted that the systems that are currently in place are
sufficient. One commenter stated that remote monitoring of the package
and not the railcar is necessary in a classification yard.
Response: The NRC has decided not to include the provision for an
NRC-approved monitoring plan for the time that a shipment is located in
a railroad classification yard. The NRC agrees that DOT regulations are
sufficient.
Comment D35: One commenter asked if the requirement for continuous
and active monitoring by licensees applies only to shipments carried by
the licensee. The commenter noted that real-time information is not
available to the licensee when a carrier is used.
Response: The continuous and active monitoring of category 1
shipments, whether by the licensee or by a carrier, is the
responsibility of the licensee. It is also the licensee's
responsibility to ensure that its carrier has the capabilities for
continuous and active monitoring. Any time a shipment is enroute, the
licensee must be knowledgeable of its whereabouts, which can be
verified by a phone call to the movement control center or other means
of communication. This provides licensees with flexibility to design
continuous and active monitoring systems that meet their unique
circumstances. A licensee may use a carrier or third-party
communications center in lieu of establishing one itself.
Comment D36: One commenter asked if FedEx's tracking system is
considered to be proven and reliable as they are the primary carrier of
radioactive material.
Response: The NRC does not prescribe a particular system for
tracking shipments. The NRC regulations describe the performance
characteristics for a method used for category 2 shipments and does not
endorse any particular company. The regulations require licensees to
use carriers that have an established package tracking system which is
a documented, proven, and reliable system routinely used to transport
objects of value. This gives licensees the flexibility to use tracking
systems that work within their organization. The package tracking
system must allow the shipper or transporter to identify when and where
the package was last located and when it should arrive at the next
point of control. The NRC does not object to the use of Federal
Express, as long as they continue to meet these requirements.
Comment D37: One commenter asked how the security provision must be
implemented when using a freight forwarder.
Response: Transportation security requirements will still apply to
shipments using a freight forwarder. The NRC expects licensees to
ensure that their shipments are received by the recipient in a timely
manner and that any suspicious, attempted, or actual acts against a
shipment would be quickly detected, assessed, and immediately reported
to law enforcement authorities.
Comment D38: One commenter questioned who would be responsible for
complying with the security requirements when a carrier aggregates the
material during transport or storage incidental to transport. The
commenter noted that it would be logical for the responsibility to be
with the carrier.
Response: Licensees are not responsible for packages that are
aggregated by the carrier as long as the individual licensee does not
exceed category 2 thresholds. The licensees are not responsible if the
carrier picks up radioactive material from multiple locations that, in
the aggregate, meet or exceed the category 2 threshold, since the
licensees have no knowledge of what the total quantity of material
might be in the shipment. The NRC does not regulate the carrier.
Comment D39: One commenter suggested using a table to denote
applicability for the different types of shipments in Sec. 37.73 as
the paragraph format was confusing.
Response: The NRC has added a table to denote applicability for
different types of shipments to the implementation guidance.
Comment D40: One commenter indicated that synchronization of the
NRC and DOT requirements should be addressed. The commenter noted that
the rulemaking does not discuss the connection between the NRC and DOT
requirements on security and physical protection. The commenter noted
that
[[Page 16994]]
the rulemaking appears to regulate carriers even if only for security
purposes. The commenter felt that this situation could violate the
separation of responsibilities that the two organizations have and
will, at a minimum, create confusion among carriers. One commenter felt
that the rule should more closely align with the DOT requirements for
HRCQ shipments for routes used. One commenter asked if there has been
coordination between DOT and NRC regarding security during transport,
particularly in light of HM232F.
Response: The NRC shares responsibility for the safe and secure
transport of radioactive material with DOT and DHS. The NRC has a
Memorandum of Understanding (MOU) with DOT for safety and is currently
in the process of developing an MOU with DOE, DHS, and DOT on
transportation security to ensure that the agencies work together. The
Commission believes that it is necessary and appropriate to require
licensees to implement the proposed requirements, believes that the
issuance of security requirements for the transport of the material is
not a significant regulatory impediment, and believes that licensees
and carriers can successfully implement the requirements of both Title
49 and Title 10.
Comment D41: One commenter noted that the NRC's intent for
shipments of category 2 quantities of radioactive material is not clear
for licensees that are consignee, shipper, and consignor, as is the
case for the movement of most industrial radiography sources used in
the field. The commenter noted that this common situation should be
addressed for clarity either by inclusion or exclusion in the rule.
Response: The situation where a licensee is transporting its own
material is covered by Sec. 37.79(a)(2).
Comment D42: One commenter stated that the requirements placed on
licensees to coordinate with and to notify the LLEA for transport of
category I and category 2 quantities cannot be achieved by the licensee
alone, and thus seem unreasonable.
Response: The NRC disagrees with the comment. The rule does not
contain any provisions to coordinate with the LLEA for transport of
material. Licensees are required to notify the LLEA if a shipment of
category 1 materials is lost or missing. The NRC continues to believe
that this is an appropriate notification and sees nothing unreasonable
in the requirement.
Comment D43: One commenter (a State) noted that a number of
shippers are routing around States that charge fees for transportation
of HRCQ shipments of radioactive material and that this results in
longer transportation times and greater risk for shipment incidents
because of the additional transit time and miles traveled. The
commenter noted that because shipments of radioactive material are
being routed around the fee States, they are now traveling through
areas where there is little training and coordination of response to
radioactive material incidents increasing the risk and vulnerability.
The commenter suggested that language be added to require the shortest,
most direct, approved route for all HRCQ shipments and to prohibit
avoidance of States with transportation fees. The commenter further
suggested that licensees and shippers of HRCQ materials be required to
meet and preplan shipment routes with States on an annual basis to
ensure the States are ready to respond to incidents as needed.
Response: Routing of HRCQ material lies within the jurisdiction of
DOT's regulations and is beyond the scope of this rulemaking. For
category 1 shipments, the licensee is required to preplan and
coordinate with the States along the shipment route.
Comment D44: One commenter questioned why spent fuel was not
addressed in the rule.
Response: The rule does address transportation security of small
quantities (less than 100 grams) of irradiated fuel. Transportation
security of spent fuel is being addressed in a separate rulemaking. The
proposed rule was published for public comment on October 13, 2010; 75
FR 62695. Most of the licensees impacted by 10 CFR part 37 do not
possess spent fuel and large quantities of special nuclear material.
Security of special nuclear material and spent fuel security is
addressed in 10 CFR part 73 and in orders that were issued to specific
licensees possessing the material. Security for independent spent fuel
storage installations will be addressed in a future rulemaking.
Comment D45: One commenter noted that the link for Agreement State
contacts did not appear to work.
Response: The NRC has tested the link for Agreement State contacts
provided in the response to Q4 and it does take you to the Web page on
the Agreement States. From that location, you can access the State
transportation contacts. Part 37 contacts will not be added until just
before the rule is implemented.
Comment D46: One commenter stated that it is imperative that the
requirements for the transshipment of radioactive material be identical
to those for domestic shipments, and urged the NRC to work with other
Federal agencies to harmonize the regulations so that licensees and
their regulators at the Federal and State level follow consistent rules
for all shipments. The commenter suggested general licensing of
carriers as one way to resolve this issue. One commenter asked why
transuranic shipments were not addressed in 10 CFR part 37 and whether
these shipments fell under other security program requirements. Another
commenter asked what security requirements covered transshipments and
noted that it does not make sense to impose additional security on
licensees, if transshipments are not covered. Another commenter
recommended consistent regulations for transshipments, air shipments,
and water shipments regardless of the Federal authority and that the
standards for transshipments must be consistent with domestic
shipments. The commenter urged the NRC to provide leadership in
promoting consistency, perhaps via interagency agreement. The commenter
also recommended that the license verification system (licensees and
shipments by and among licensees) incorporate all RAMQC shipments,
regardless of the Federal authority under which they are made and that
the relevant information in the License Verification System be
appropriately shared with the State and local authorities involved in
enforcement.
Response: The NRC does not have any authority over transshipments
and does not regulate common carriers. However, the NRC has provided
copies of transportation security orders to companies that transship
category 1 quantities of radioactive materials. These companies have
agreed to voluntarily implement the security requirements for
transshipments. DHS has the overall lead for harmonizing transshipment
security, and the NRC has and will continue to work with other Federal
agencies on the security requirements for transshipments. The License
Verification System will be available to Agreement State personnel.
Comment D47: One commenter recommended that NRC work with the
States and law enforcement groups to determine effective ways to
support transport of category 1 and category 2 quantities of
radioactive material.
Response: The NRC did coordinate with the States. The Agreement
States were involved in both the development of the orders and
development of 10 CFR part 37. Law enforcement is not involved in the
routine transport of category 1 and category 2 quantities of
radioactive material. If a shipment is
[[Page 16995]]
lost or stolen, law enforcement would be contacted to assist.
E. Miscellaneous
Comment E1: One commenter wanted a clear, concise statement that
the requirements in 10 CFR part 37 supersede the Increased Control
Orders. The commenter suggested adding a second paragraph to Sec.
37.1.
Response: The NRC disagrees with the comment. A provision in the
rule is not necessary to note that the rule supersedes the orders. The
orders will be formally rescinded (withdrawn) on the effective date of
the final rule in each jurisdiction (Agreement State or NRC).
Comment E2: One commenter noted that the rule does not contain any
punitive provisions regarding situations where employees or outside
persons compromise safety and/or security. The commenter noted that
there are no provisions that can be cited in the event that a licensee
or an unlicensed person attempts to or gains unauthorized access,
breaches security systems, or otherwise compromises the security of
radioactive material.
Response: The NRC does not agree with the commenter's statement.
The proposed rule does contain punitive provisions for situations where
employees or outside persons compromise safety and/or security.
Specifically, Sec. 37.109 provides for criminal penalties. Section
37.109 of subpart G states that section 223 of the AEA provides
criminal sanctions for violations of any regulation issued under 161b.,
161i., or 161o., of the AEA. As stated in Sec. 37.109, all relevant
portions of this final rule have been issued pursuant to one or more of
sections 161b., 161i., or 161o. of the AEA. Further, there are other
applicable statutory provisions that provide punitive sanctions for
trespass and sabotage of nuclear facilities or fuel that could be
imposed on employees or outside persons who compromise safety and/or
security.
Comment E3: One commenter noted that the proposed rule fails to
provide descriptions in most sections to outline how the regulations
are applicable to a master materials licensee or a Federal agency. The
commenter felt that this lack of descriptions follows the pattern of
the previously issued increased controls and will likely result in
confusion during NRC compliance inspections at master materials
licensee facilities.
Response: A master material licensee and a Federal agency are still
a licensee and are treated the same as any other licensee. While a
master material licensee can issue permits within its organization for
the use of material, the permittees must still meet the requirements of
the license and the regulations. The NRC is not aware of any
implementation or inspection issues that have resulted from a licensee
being a master material licensee or a Federal agency.
Comment E4: Some States expressed concern that the proposed rule
would result in a potential increase in workload for the Agreement
State programs and that many States, particularly smaller States, may
have trouble accommodating the additional workload. Some of the
Agreement States also noted that the radiation control programs within
the States do not have the necessary expertise to handle what are
essentially ``law enforcement'' activities, nor will they likely be
able to hire additional staff to undertake these responsibilities. They
also noted that many of the proposed changes would impose duties that
are beyond traditional radiation control agency functions, and it is
likely that they would need to seek amendments to enabling legislation
to undertake the activities. One commenter stated that since the
regulatory activities formerly carried out under the NRC's Common
Defense and Security authority are being shifted to the Agreement
States because the rule is being issued under the NRC's Health and
Safety authority, the NRC should provide the funds necessary to pay the
direct costs incurred by the Agreement State governments in
implementing the regulation. One commenter (a State) indicated that NRC
must determine if funding will be provided to the States to increase
staffing levels to implement the rule or if other health and safety
programs should be cut.
Response: The NRC acknowledges that the rule will result in a
potential increase in workload for the Agreement State programs.
However, this is not unique to 10 CFR part 37. Any time the NRC issues
a rule that is a matter of compatibility for the Agreement States,
there will be an increased workload for the States. The State must
expend some effort to adopt the regulations and to include the
provisions in its inspection programs. These costs are addressed in the
regulatory analysis. The Agreement States will now need to conduct the
security inspections for those facilities in their State that were
issued orders under common defense and security and budget for those
inspections instead of being reimbursed by the NRC for conducting the
inspections. The NRC disagrees that the rule contains provisions that
are essentially ``law enforcement'' activities. The NRC assumes that
the commenters are referring to the regulatory agency approval of the
reviewing official. The NRC does not believe that this is a law
enforcement function, but in any case, regulatory agency approval of
the reviewing official has been removed and is not in the final rule.
As for the NRC paying the direct costs of increased staffing levels,
the NRC is not authorized to pay the salary costs for Agreement State
staff. The NRC can and will continue to pay for the necessary training
for Agreement State staff.
Comment E5: One commenter agreed with the proposed provisions to
remove the concept of sensitive information as used in the orders and
address information security in relevant sections of the proposed rule.
One commenter noted that placing all of the security requirements in
one chapter significantly enhanced their clarity. One commenter
supported the NRC decision to forgo conventional significant figure
conventions and list the actual curie activity equivalents to three
figures as many licensees use curies in their activities instead of
Becquerels. One commenter supported the general objective of the
rulemaking. Two commenters supported the approach to terminate the
orders coincident with the effective date of the rule in each
jurisdiction to avoid potential confusion and noncompliance. One
commenter expressed general support for the overall rulemaking and
suggested enhancements in the transportation security area. Several
commenters supported placing the security requirements in a rule
instead of in orders as it allows for public input and shows the
American population steps that are being taken to ensure their
security.
Response: No response necessary. Suggested enhancements were
considered as separate comments.
Comment E6: One commenter suggested that the NRC develop programs
and information packets to all involved (regulatory personnel, shipping
agencies, law enforcement agencies, Governors) so that everyone can be
on the same page.
Response: The NRC does have information on its Web site.
Information on radioactive material security can be found at http://www.nrc.gov/security/byproduct.html and information on radioactive
material transportation at http://www.nrc.gov/materials/transportation.html. These sites provide links to a variety of source
documents and specific NRC security enhancement activities, including
those on a Web page on current NRC radioactive
[[Page 16996]]
material security orders and requirements (http://www.nrc.gov/security/byproduct/orders.html) and a Web page on material transportation
regulations, guidance, and communications (http://www.nrc.gov/materials/transportation/regs-guides-comm.html). The NRC also routinely
participates in interagency efforts, such as the Task Force on
Radiation Source Protection and Security, where subjects of common
interest are discussed.
Comment E7: One commenter (a State agency that possesses
radioactive material subject to the rule) stated that the State would
not provide the additional funding necessary to implement the
requirements in 10 CFR part 37.
Response: Licensees are responsible for implementing and complying
with relevant regulations. A licensee may always request an exemption
from specific aspects of the requirements for its regulator to
consider.
Comment E8: One commenter stated that the phrase `Background Check'
was used inconsistently and seemed to mean different things in
different places. The commenter recommended reviewing the rule text for
consistent use of all terminology.
Response: The term ``background check'' is only used in the rule in
the context of the Bureau of Alcohol, Tobacco, Firearms, and Explosives
background checks. The term is used consistently in the rule. The NRC
tries to be consistent within the document, and any inconsistencies
identified have been corrected.
Comment E9: Three commenters addressed plain language in the rule.
One commenter suggested using ``you'' instead of ``licensee,'' pointed
out some long sentences, and noted some use of passive instead of
active voice. One commenter suggested rewriting the rule to address
these concerns. Another commenter noted that a single standard, clearly
spelled out in living room language, would better meet the need of all
licensees. One commenter noted that the rule did not meet the goal or
the intent of the President's directive.
Response: The NRC has considered the editorial changes and made
changes as appropriate.
Comment E10: One commenter noted that 10 CFR part 37 does nothing
to improve the security of radioactive materials that could be
introduced into the United States from foreign origins.
Response: The NRC's regulations only apply once the radioactive
material is in the U.S. The NRC does not have authority over material
in foreign countries.
Comment E11: One commenter noted that while the rule will help
protect the United States from terrorists, we should be thinking of the
environmental consequences.
Response: The NRC prepared an environmental assessment to support
the rulemaking.
Comment E12: One commenter suggested that the concept of what
category 1 and category 2 quantities are should be introduced earlier
in the summary and background sections to ensure that the distinction
between radioactive materials and category 1 and 2 quantities of
radioactive material is clear and that each term is used appropriately.
Response: The NRC disagrees with the comment. The summary notes
that the rule establishes security requirements for category 1 and
category 2 quantities of radioactive material and that the category 1
and category 2 thresholds are based on the IAEA Code of Conduct. The
NRC believes that the Statements of Consideration adequately describe
the material and are clear on what radioactive material is covered by
the rule.
Comment E13: One commenter noted that since few changes were made
by NRC as a result of Agreement States comments on the predecisional
draft of the proposed regulations, the NRC should make available to the
Director of the Office of Management and Budget (OMB) any written
communications submitted to the agency by State officials, including
State comments on the pre-decisional draft of 10 CFR part 37.
Response: The NRC made a number of changes in response to Agreement
State comments on the predecisional draft of the proposed rule. The NRC
did not make changes to the major issues on the reviewing official,
background investigation, and temporary jobsites, but specifically
invited comment on these issues in the proposed rule. Major differences
with the States were identified to the Commission as is common
practice. The NRC does not provide any comments to OMB, other than
comments on the information collection associated with the rule.
Comment E14: One commenter stated that the title of the rule should
also include a reference to the protection of information (SGI-M and
SUNSI). The commenter also stated that references to the protection of
information need to be made more consistent throughout the rule as most
sections and subsections only require implementation if individuals
have access to category 1 and category 2 quantities of radioactive
material. The commenter stated that those having access to safeguarded
or sensitive information also need to be included in the majority of
the sections in the rule, and the NRC should consider the inclusion of
10 CFR part 73 among the list of provisions of parts affecting
licensees in Sec. 37.1.
Response: The NRC disagrees with the comment. Part 73 contains the
physical protection requirements for special nuclear material as well
as requirements for protection of SGI. Reference to the SGI provisions
in 10 CFR part 73 were added to parts 30, 35, etc., as part of the SGI
rule that was published in the Federal Register on October 24, 2008; 73
FR 63546. References to 10 CFR part 73 are included at appropriate
locations in 10 CFR part 37. Section 37.1 contains the purpose of 10
CFR part 37 and does not include a reference to any affected provisions
of other NRC rules.
Comment E15: One commenter stated that the rule (and orders) moves
the emphasis for security away from engineered controls toward
administrative controls and that this goes against decades of NRC
safety policy and generally-accepted safety philosophy.
Response: The NRC disagrees with the comment. Part 37 contains a
mix of engineered controls and administrative controls.
Comment E16: One Agreement State expressed disappointment in what
was viewed to be the overly prescriptive content of the proposed rule
and the resurgence of issues that were previously discussed and agreed
upon as resolved in the orders. One Agreement State indicated that the
operational and practical understanding of the orders, together with
the knowledge of the effectiveness of the orders that the collective
Agreement States have gained during this time, should be taken into
consideration by the NRC. Other Agreement States noted disappointment
and concern that many concepts that were discussed at length during the
development of the orders and rejected by the orders working groups/
steering committees now appear in this proposed rule. They further
noted that they disagree with the new provisions and do not believe
that the added benefit warrants the significant resource burden that
would be incurred. One Agreement State felt that the rule contained too
many prescriptive items and was not adequately performance based. One
commenter noted that the knowledge and understanding that the Agreement
States have obtained during implementation of the orders should be
helpful to the NRC in improving the rulemaking.
[[Page 16997]]
Response: The rulemaking process is a more deliberative process
than what is used to develop an order. The 10 CFR part 37 working group
also had additional information to consider that included information
from lessons learned, implementation issues, inspection issues,
recommendations from other reviews, as well as the comments on the
preliminary rule language. In some cases the 10 CFR part 37 working
group and steering committee came to a different resolution than that
for the orders. Agreement State experience was utilized. There were
Agreement State representatives on the 10 CFR part 37 working group and
on the steering committee that brought their experience to the
discussions. In some areas where agreement could not be reached, the
NRC sought public comment on the issue to better inform the final
decision.
Comment E17: One commenter suggested that the NRC reconsider its
decision to use the same software developers for the verification
system as were used for the National Source Tracking System based on
the multiple continuing problems with the system.
Response: The comment is beyond the scope of the rulemaking.
Comment E18: Two commenters suggested that NRC conduct one or more
additional public workshops prior to submitting the draft final rule
and implementation guidance to the Commission for approval. The
commenters noted that the NRC could explain at the meeting how it
addressed and resolved the more significant or controversial topics
addressed by the public comments. The commenters noted that the
September 2008 workshop that NRC conducted on the Security and
Continued Use of Cesium-137 Chloride sources could serve as an
excellent model for such workshops. One commenter suggested holding
public meetings to discuss the regulatory analysis document and receive
insights and perspectives on its content.
Response: The NRC does not plan to hold any public meetings or
workshops on the 10 CFR part 37 final rule. The public was provided
opportunity to provide input on the rule and regulatory analysis during
the public comment period. The NRC considered the comments received and
made changes to the rule and supporting documents as appropriate.
Comment E19: Two commenters stated that continued stakeholder input
and involvement in the security area are essential and requested that
the NRC allow substantive opportunities to engage industry over the
next 4 years on the myriad of issues that the Congressionally mandated
Radiation Source Protection and Security Task Force is addressing as
all stakeholders continue to work collectively toward mutual safety and
security objectives.
Response: Continued stakeholder involvement in the security area is
beyond the scope of this rulemaking.
Comment E20: Two commenters noted that the NRC does not routinely
share the technical basis for rulemakings with stakeholders and
recommended that this become routine practice. The commenters noted
that providing the technical basis may have proven helpful for this
rule.
Response: Stakeholder involvement in regulatory basis development
is beyond the scope of this rulemaking. The decision to solicit
stakeholder input during the development of the regulatory (technical)
basis for a potential rule is decided on a case-by-case basis. The NRC
does obtain stakeholder input more routinely than it did a few years
ago. The NRC did obtain stakeholder input during the development of the
technical basis for the transportation security portion of this
rulemaking.
Comment E21: One commenter stated that the NRC should conduct
inspections to ensure that licensees are following the requirements and
that the focus on compliance verified by inspection should receive
greater emphasis instead of imposing additional administrative burdens
based on authorized use. Another commenter noted that the NRC must
ensure compliance through periodic inspections as is currently done.
Several commenters recommended that the NRC perform compliance audit
based reviews similar to what was done after the orders were
implemented. The commenter noted that the reviews were done with a
level of discretion and without citation as long as the licensee made
significant efforts to address the orders. One commenter requested that
the inspection frequency be modified to more closely coincide with the
risk.
Response: The NRC will conduct inspections to ensure that licensees
are complying with 10 CFR part 37 requirements. The inspections will be
conducted as part of the normal inspection program. The comment on
inspection frequency is beyond the scope of the rulemaking as the
inspection frequency is not set by the rule.
Comment E22: One commenter noted that a new licensee must have the
physical protection measures in place prior to a license being issued
and that this would be part of any prelicensing inspection. The
commenter noted that the agency should ensure implementation before
issuing a license.
Response: The NRC agrees that licensees should have the majority of
the provisions in place before the license is issued; some measures
could not be implemented until material is actually at the facility.
The NRC conducts prelicensing inspections before granting a license to
anyone that would be authorized to possess category 1 or category 2
quantities of radioactive material.
Comment E23: One commenter noted that certain materials licensees
would remain subject to the SGI requirements. The commenter recommended
that conforming changes to 10 CFR part 73 be included as part of the
regulation development under 10 CFR part 37, to ensure efficiency,
clarity, and help ensure compliance. The commenter noted that SECY-09-
0181 was silent on the timing of the future rulemaking to revise 10 CFR
part 73 to remove the SGI handling requirements for licensees subject
to 10 CFR part 37.
Response: The changes to 10 CFR part 73 to revise the SGI
requirements are beyond the scope of this rulemaking. The timing of any
potential changes to 10 CFR part 73 is unknown at this time.
Comment E24: One commenter noted that the rule could result in
institutions choosing to store materials, including waste, in separate
locations. The commenter noted that this could cause logistical
problems to keep track of the material and could inadvertently increase
the risk to the security of these materials.
Response: A licensee may choose to store radioactive materials, in
any form, in separate locations to avoid being subject to the proposed
security requirements. Such action would not conflict with the intent
of the proposed rule, which is to limit access to an aggregated
category 2 quantity of radioactive material listed in Table 1.
Aggregated, for purposes of this rule, means accessible by breach of a
single physical barrier.
Comment E25: One commenter made several comments related to a
change in the annual occupational radiation dose to a lower range and
how it would impact the licensee.
Response: These comments are beyond the scope of the rulemaking as
the proposed rule did not include any changes to the annual
occupational radiation dose. These comments appeared to be filed under
the wrong docket and were provided to the NRC working group that is
looking at possible changes to 10 CFR part 20.
[[Page 16998]]
IV. Discussion of Final Amendments by Section
Section 20.2201(c) Reports of Theft or Loss of Licensed Material
This section is revised to include a reference to the reporting
requirements in 10 CFR part 37 so that a licensee is not required to
file duplicate reports for the same event.
Section 30.6 Communications
This section is revised to include a reference to the new 10 CFR
part 37.
Section 30.13 Carriers
This section is revised to include 10 CFR part 37 in the list of
regulations that exempt common carriers.
Section 30.33 General Requirements for Issuance of Specific Licenses
Paragraph (a)(4) is revised to include a reference to the new 10
CFR part 37.
Section 32.1 Purpose and Scope
10 CFR part 37 is added to the list of 10 CFR parts that apply to
applications and licenses subject to this part.
Section 33.1 Purpose and Scope
10 CFR part 37 is added to the list of 10 CFR parts that apply to
applications and licenses subject to this part.
Section 34.1 Purpose and Scope
10 CFR part 37 is added to the list of 10 CFR parts that apply to
applications and licensees subject to this part.
Section 35.1 Purpose and Scope
10 CFR part 37 is added to the list of 10 CFR parts that apply to
applications and licenses subject to this part.
Section 36.1 Purpose and Scope
10 CFR part 37 is added to the list of 10 CFR parts that apply to
applications and licenses subject to this part.
Section 37.1 Purpose
This section establishes the purpose for the new 10 CFR part 37.
Section 37.3 Scope
This section establishes the scope of the proposed new 10 CFR part
37. These regulations apply to any person licensed by the NRC, who
possesses, uses, or transports an aggregated category 1 or category 2
quantity of radioactive material. Paragraph (a) establishes the
applicability for subpart B and C. Paragraph (b) establishes the
applicability for subpart D.
Section 37.5 Definitions
Definitions of the following terms that are included in this part
are identical to the definition of the term in other parts of this
chapter: Act, Agreement State, Becquerel, Byproduct material, Carrier,
Commission, Curie, Government agency, License, Lost or missing
material, Person, State, and United States. In addition, definitions
for the following terms are included in this Part: Approved
individuals, Access control, Aggregated, Background investigation,
Category 1 quantity of radioactive material, Category 2 quantity of
radioactive material, Diversion, Escorted access, Fingerprint Orders,
License issuing authority, Local law enforcement agency, Mobile device,
Movement control center, No-later-than arrival time, Reviewing
official, Sabotage, Security zone, Telemetric position monitoring
system, Trustworthiness and reliability, and Unescorted access.
Section 37.7 Communications
This section specifies where all communications and reports
concerning 10 CFR part 37 are to be sent.
Section 37.9 Interpretations
This section establishes that no interpretations of the meaning of
the regulations in 10 CFR part 37 by any officer or employee of the
Commission other than a written interpretation by the General Counsel
will be recognized as binding upon the Commission, unless specifically
authorized by the Commission in writing.
Section 37.11 Specific Exemptions
This section establishes that the Commission may grant exemptions
from the requirements of the regulations in 10 CFR part 37 that it
determines are authorized by law and that will not endanger life or
property or the common defense and security, and are otherwise in the
public interest. Paragraph (b) exempts an NRC licensee's activities
from 10 CFR part 37 to the extent that the activities are covered under
the physical protection requirements of 10 CFR part 73. Paragraph (c)
provides security measures for certain radioactive waste that contains
category 1 or category 2 quantities of radioactive waste.
Section 37.13 Information Collection Requirements: OMB Approval
Paragraph (a) specifies that the NRC may not conduct or sponsor,
and a person is not required to respond to, a collection of information
unless it displays a currently valid OMB control number. Paragraph (b)
lists those sections in 10 CFR part 37 that have approved information
collection requirements.
Section 37.21 Personnel Access Authorization Requirements for Category
1 or Category 2 Quantities of Radioactive Material
Paragraph (a) of this section establishes which licensees need to
comply with the requirements of subpart B of 10 CFR part 37.
Paragraph (b) establishes the general performance objective to
ensure that the individuals subject to the access authorization program
are trustworthy and reliable.
Paragraph (c)(1) establishes the individuals that are subject to
the access authorization program. Paragraph (c)(2) allows licensees to
not subject those individuals listed in Sec. 37.29(a) to the
investigation elements of the access authorization program. Paragraph
(c)(3) requires that licensees only approve those individuals whose job
duties permit unescorted access to category 1 or category 2 quantities
of radioactive material.
Section 37.23 Access Authorization Program Requirements
This section establishes the general requirements for the access
authorization program, such as the use of reviewing officials, informed
consent, personal history disclosure, determination basis, procedures,
the right to correct and complete information, and record retention.
Section 37.25 Background Investigations
This section establishes the elements of the background
investigation that are necessary before granting an individual
unescorted access to category 1 or category 2 quantities of radioactive
material. The scope of the initial investigation is the past 7 years.
This section also addresses reinvestigation and grandfathering of
individuals.
Section 37.27 Requirements for Criminal History Records Checks of
Individuals Granted Unescorted Access to Category 1 or Category 2
Quantities of Radioactive Material
Paragraph (a) establishes the general requirements for criminal
history records checks of individuals to be granted unescorted access
to category 1 or category 2 quantities of radioactive material.
Paragraph (b) prohibits a licensee from basing a final
determination to deny an individual unescorted access authorization
solely on the basis of certain information received from the FBI.
Paragraph (c) establishes the procedure for submitting fingerprint
records to the NRC.
[[Page 16999]]
Section 37.29 Relief From Fingerprinting, Identification, and Criminal
History Records Checks and Other Elements of Background Investigations
for Designated Categories of Individuals Permitted Unescorted Access to
Certain Radioactive Materials
This section provides relief from the fingerprinting and criminal
history records check requirements and the background investigation
requirements of this subpart for certain categories of individuals.
Section 37.31 Protection of Information
This section outlines the requirements for the protection and
release to authorized personnel of personal information collected by a
licensee during a background investigation.
Section 37.33 Access Authorization Program Review
This section outlines the requirements for an annual access
authorization program review to confirm compliance with the
requirements of subpart B of 10 CFR part 37 and for comprehensive
corrective actions to be taken in response to any nonconformance
identified by the review.
Section 37.41 Security Program
Paragraph (a) establishes the applicability of the security
program. Paragraph (a)(1) requires licensees that possess an aggregated
quantity of category 1 or category 2 quantities of radioactive material
to establish, implement, and maintain a security program. Paragraph
(a)(2) requires those licensees that are newly subject to subpart C,
upon application for modification of its license or an applicant
submitting a new application, to implement the requirements before
taking possession of an aggregated category 1 or category 2 quantity of
radioactive material. Paragraph (a)(3) requires any licensee that has
not previously implemented either the orders or subpart C to notify the
NRC at least 90 days before aggregating radioactive material to a
quantity that equals or exceeds the category 2 threshold.
Paragraph (b) establishes the general performance objective of the
security program.
Paragraph (c) establishes the program features that must be
addressed in the security program.
Section 37.43 General Security Program Requirements
Paragraph (a)(1) requires licensees to develop a written security
plan that addresses how the licensee will implement the security
program requirements. Paragraph (a)(2) requires the security plan to be
reviewed and approved by the individual with overall responsibility for
the security program. Paragraph (a)(3) allows a licensee to revise its
security plan to ensure effective implementation of the plan. Paragraph
(a)(4) requires the licensee to retain a copy of the current security
plan until the license is terminated and any security plan revisions
for 3 years.
Paragraph (b)(1) requires licensees to develop and maintain written
procedures for implementation of the security plan. Paragraph (b)(2)
requires the procedures to be approved by the individual with overall
responsibility for the security program. Paragraph (b)(3) requires the
licensee to retain a copy of the procedures for 3 years after the
procedure is no longer needed or upon termination of the license and
any revisions for 3 years.
Paragraph (c) requires licensees to conduct training and annual
refresher training on the security plan. Licensees are required to
maintain training records for 3 years from the date of the training.
Paragraph (d) requires licensees to protect the security plan,
implementing procedures, and the list of individuals that have been
approved for unescorted access from unauthorized disclosure. Licensees
are required to develop, maintain and implement written policies and
procedures for controlling access to, and for proper handling and
protection against unauthorized disclosure of, the security plan and
implementing procedures. Only individuals with a need-to-know and that
have been determined to be trustworthy and reliable should have access
to the protected information. The information protection procedures are
retained for 3 years after the document is no longer needed.
Section 37.45 LLEA Coordination
Paragraph (a) requires that a licensee attempt to coordinate with
an LLEA and specifies the types of information to be shared with the
LLEA.
Paragraph (b) requires the licensee to notify the NRC if the LLEA
isn't willing to participate in coordination activities or does not
respond to the coordination request.
Paragraph (c) requires the licensee to maintain records of its
coordination activities with any LLEA.
Section 37.47 Security Zones
Paragraph (a) requires licensees to establish security zones for
the use of category 1 or category 2 quantities of radioactive material.
Paragraph (b) requires the establishment of temporary security
zones, as necessary, to meet transitory or intermittent business
activities.
Paragraph (c) requires that security zones use physical barriers or
direct control of the security zone to allow unescorted access only to
approved individuals.
Paragraph (d) requires licensees to provide an approved individual
to maintain constant surveillance of sources in temporary security
zones or in a security zone in which a physical barrier or intrusion
detection system has been disabled to allow maintenance, source
receipt, preparation for shipment, source installation, or removal or
exchange of category 1 quantities of radioactive material.
Paragraph (e) requires individuals not approved for unescorted
access to be escorted by an approved individual when in a security
zone.
Section 37.49 Monitoring, Detection, and Assessment
Paragraph (a) requires the licensee to establish and maintain the
capability to continuously monitor and detect without delay all
unauthorized entries into the security zones.
Paragraph (b) requires the licensee to assess without delay each
actual or attempted unauthorized entry into the security zone.
Paragraph (c)(1) requires the licensee to maintain continuous
capability for personnel communication and electronic data transmission
and processing among site security systems.
Paragraph (c)(2) requires the licensee to provide alternative
capabilities for personnel communication and data transmission and
processing.
Paragraph (d) requires the licensee to respond without delay to any
actual or attempted unauthorized access to the security zone.
Section 37.51 Maintenance and Testing
This section requires licensees to implement a maintenance and
testing program to ensure that intrusion alarms, associated
communication systems, and other physical components of the systems
used to secure or detect unauthorized access to radioactive material
are maintained in operable condition, are capable of performing their
intended function when needed, and are inspected and tested for
operability and performance. The testing and maintenance are to be
conducted at the frequency recommended by the manufacturer or annually
if there is no manufacturer's recommended frequency. Licensees are
[[Page 17000]]
required to maintain the maintenance and testing records for 3 years.
Section 37.53 Requirements for Mobile Devices
This section requires licensees that possess mobile devices
containing category 1 or category 2 quantities of radioactive materials
to have two independent physical controls to secure the radioactive
material from unauthorized removal and to use a method to disable the
vehicle or trailer when the device is on a vehicle or trailer, unless
the site prohibits the use of a disabling mechanism due to health and
safety concerns.
Section 37.55 Security Program Review
This section requires licensees to conduct an annual review of the
security program. The licensee is required to document the results of
the review and any findings and keep the records for 3 years.
Section 37.57 Reporting of Events
Paragraph (a) requires licensees to immediately notify the LLEA of
any actual or attempted theft, sabotage, or diversion of category 1 or
category 2 quantities of radioactive material and to then notify the
NRC.
Paragraph (b) requires licensees to assess any suspicious activity
related to the theft, sabotage, or diversion of category 1 or category
2 quantities of radioactive material and to notify the LLEA as
appropriate and then notify the NRC.
Paragraph (c) requires licensees to submit a written report to the
NRC within 30 days of any report of actual or attempted theft,
sabotage, or diversion of radioactive material.
Section 37.71 Additional Requirements for Transfer of Category 1 and
Category 2 Quantities of Radioactive Material
Paragraphs (a) and (b) establish new requirements for licensees
transferring category 1 and category 2 quantities of radioactive
material. The licensee is required to verify the validity of the
license by using the license verification system or contacting the
license issuing authority.
Paragraph (c) provides an emergency method for when the licensee
can't reach the license issuing authority and the license verification
system is nonfunctional.
Paragraph (d) requires documentation to be maintained for 3 years.
Section 37.73 Applicability of Physical Protection of Category 1 and
Category 2 Quantities of Radioactive Material During Transit
This section establishes which requirements apply to licensees
shipping category 1 or category 2 quantities of radioactive material
and what requirements apply during the domestic portion of a shipment
that is imported from another country or exported to another country.
This section also allows the receiving licensee to arrange for the in-
transit physical protection of a shipment instead of the shipping
licensee as long as the agreement is in writing.
Section 37.75 Preplanning and Coordination of Shipment of Category 1 or
Category 2 Quantities of Radioactive Material
This section establishes the preplanning and coordination necessary
for a shipment of category 1 or category 2 quantities of radioactive
material.
Section 37.77 Advance Notification of Shipment of Category 1 Quantities
of Radioactive Material
This section establishes the requirements for advance notification
to the NRC and the governor of a State, or the governor's designee, of
the shipment of category 1 quantities of radioactive material that will
pass through or across the State.
Section 37.79 Requirements for Physical Protection of Category 1 and
Category 2 Quantities of Radioactive Material During Shipment
This section establishes the physical protection requirements for
shipments of category 1 and category 2 quantities of radioactive
material. Paragraph (a)(1) establishes the requirements for shipping a
category 1 quantity of radioactive material by road. Paragraph (a)(2)
establishes the requirements for a licensee that transports category 2
quantities of radioactive material by road. Paragraph (a)(3)
establishes the requirements for a licensee that uses a carrier for
shipping category 2 quantities of radioactive material.
Paragraph (b)(1) establishes the requirements for shipping category
1 quantities of radioactive material by rail. Paragraph (b)(2)
establishes the security requirements for shipping category 2
quantities of radioactive material by rail.
Paragraph (c) requires the shipping licensee to immediately conduct
an investigation of any shipment of category 2 quantities of
radioactive material that is lost or unaccounted for after the
designated no-later-than arrival time. It also requires the licensee to
conduct an investigation once it is determined that a category 1
shipment is lost or missing.
Section 37.81 Reporting of Events
This section establishes requirements for the shipping licensee to
make notifications upon the discovery that a shipment is lost or
missing and upon discovery of any actual or attempted theft or
diversion of a shipment, or suspicious activities related to the theft
or diversion of a shipment of either a category 1 or category 2
quantity of radioactive material. This section also establishes
requirements for notification upon recovery of a lost or missing
shipment. Written follow-up reports are required for notifications of
actual theft or attempted theft or diversion of a shipment.
Section 37.101 Form of Records
This section establishes the requirements for the storage and
protection of records required by this part.
Section 37.103 Record Retention
This section establishes the Commission's termination of the
license as the end point of the retention period for any record where a
specific retention period is not specified.
Section 37.105 Inspections
Paragraph (a) requires licensees to allow the Commission the
opportunity to inspect the materials and facilities subject to 10 CFR
part 37.
Paragraph (b) requires the licensee to make available for
inspection any records subject to 10 CFR part 37.
Section 37.107 Violations
Paragraph (a) of this section establishes that the Commission may
obtain an injunction or other court order to prevent a violation of the
AEA, Title II of the Energy Reorganization Act of 1974, as amended; or
a regulation or order issued under those Acts.
Paragraph (b) of this section establishes the violations for which
the Commission may obtain a court order for the payment of a civil
penalty imposed under Section 234 of the AEA.
Section 37.109 Criminal Penalties
This section establishes the sections in 10 CFR part 37 that are
issued under one or more of Sections 161b, 161i, or 161o and are
therefore subject to criminal sanctions for willful violation of,
attempted violation of, or conspiracy to violate the regulation.
[[Page 17001]]
Appendix A to 10 CFR Part 37--Category 1 and Category 2 Radioactive
Materials
Table 1 of this appendix establishes the radionuclides and
associated thresholds for category 1 and category 2 quantities of
radioactive material. The appendix also provides the methodology for
calculating the sum of fractions for evaluating combinations of
multiple radionuclides.
Section 39.1 Purpose and Scope
10 CFR part 37 is added to the list of 10 CFR parts that apply to
applications and licenses subject to this part.
Section 51.22 Criterion for Categorical Exclusion; Identification of
Licensing and Regulatory Actions Eligible for Categorical Exclusion or
Otherwise Not Requiring Environmental Review
Paragraph (c)(3) is revised to include 10 CFR part 37.
Section 71.97 Advance Notification of Shipment of Irradiated Reactor
Fuel and Nuclear Waste
Paragraph (b) is revised to delete the reference to shipments of
irradiated reactor fuel in quantities less than those subject to the
advance notification requirements of 10 CFR 73.37(f). Section 73.35
provides that such irradiated reactor fuel shipments be subject to the
same requirements that apply to shipments of category 1 radioactive
material, including the advance notification requirements.
Section 73.35 Requirements for Physical Protection of Irradiated
Reactor Fuel (100 Grams or Less) in Transit
A new section is added to 10 CFR part 73 to address the physical
protection requirements for shipments of irradiated reactor fuel
weighing 100 g (0.22 lb) or less in net weight of irradiated fuel,
exclusive of cladding or other structural or packaging material, which
has a total external radiation dose rate in excess of 1 Gray (100 rad)
per hour at a distance of 1 m (3.3 ft) from any accessible surface
without intervening shielding. The material is subject to the same
transportation security requirements as category 1 quantities of
radioactive material.
V. Criminal Penalties
For the purpose of Section 223 of the AEA, the Commission is
amending 10 CFR parts 20, 30, 32, 33, 34, 35, 36, 39, 51, 71, and 73
and adding new 10 CFR part 37 under one or more of Sections 161b, 161i,
or 161o of the AEA. Willful violations of the rule would be subject to
criminal enforcement.
VI. Agreement State Compatibility
Under the ``Policy Statement on Adequacy and Compatibility of
Agreement State Programs'' approved by the Commission on June 30, 1997,
and published in the Federal Register (62 FR 46517; September 3, 1997),
this final rule is a matter of compatibility between the NRC and the
Agreement States, thereby providing consistency among the Agreement
States and the NRC requirements. The NRC analyzed the final rule in
accordance with the procedure established within part III,
``Categorization Process for NRC Program Elements,'' of Handbook 5.9 to
Management Directive 5.9, ``Adequacy and Compatibility of Agreement
State Programs'' (a copy of which may be viewed at http://www.nrc.gov/reading-rm/doc-collections/management-directives/).
The NRC program elements (including regulations) are placed into
four compatibility categories (see the Compatibility Table in this
section). In addition, the NRC program elements can also be identified
as having particular health and safety significance or as being
reserved solely to the NRC. Compatibility Category A elements are those
program elements that are basic radiation protection standards and
scientific terms and definitions that are necessary to understand
radiation protection concepts. An Agreement State should adopt Category
A program elements in an essentially identical manner to provide
uniformity in the regulation of agreement material on a nationwide
basis. Compatibility Category B elements are those program elements
that apply to activities that have direct and significant effects in
multiple jurisdictions. An Agreement State should adopt Category B
program elements in an essentially identical manner. Compatibility
Category C elements are those program elements that do not meet the
criteria of Category A or B, but the essential objectives of which an
Agreement State should adopt to avoid conflict, duplication, gaps, or
other conditions that would jeopardize an orderly pattern in the
regulation of agreement material on a nationwide basis. An Agreement
State should adopt the essential objectives of the Category C program
elements. Compatibility Category D elements are those program elements
that do not meet any of the criteria of Category A, B, or C, above,
and, thus, do not need to be adopted by Agreement States for purposes
of compatibility.
Health and Safety (H&S) elements are program elements that are not
required for compatibility, but are identified as having a particular
health and safety role (i.e., adequacy) in the regulation of agreement
material within the State. Although not required for compatibility, the
State should adopt program elements in this H&S Category based on those
of the NRC that embody the essential objectives of the NRC program
elements because of particular health and safety considerations.
Compatibility Category NRC elements are those program elements that
address areas of regulation that cannot be relinquished to Agreement
States under the AEA or provisions of 10 CFR. These program elements
are not adopted by Agreement States. The following table lists the
parts and sections that have been created or revised and their
corresponding categorization under the ``Policy Statement on Adequacy
and Compatibility of Agreement State Programs.'' A bracket around a
category means that the section may have been adopted elsewhere, and it
is not necessary to adopt it again.
The Agreement States have 3 years from the publication of the final
rule in the Federal Register to adopt compatible regulations.
Compatibility Table for Final Rule
----------------------------------------------------------------------------------------------------------------
Compatibility
Section Change Subject -----------------------------
Existing New
----------------------------------------------------------------------------------------------------------------
Part 20
----------------------------------------------------------------------------------------------------------------
20.2201(c).............................. Amend............... Reports of theft D............ D
or loss of
licensed material.
----------------------------------------------------------------------------------------------------------------
Part 30
----------------------------------------------------------------------------------------------------------------
30.6.................................... Amend............... Communications.... D............ D
[[Page 17002]]
30.13................................... Amend............... Carriers.......... B............ B
30.33(a)(4)............................. Amend............... General D............ D
requirements for
issuance of
specific licenses.
----------------------------------------------------------------------------------------------------------------
Part 32
----------------------------------------------------------------------------------------------------------------
32.1(b)................................. Amend............... Purpose and scope. D............ D
----------------------------------------------------------------------------------------------------------------
Part 33
----------------------------------------------------------------------------------------------------------------
33.1.................................... Amend............... Purpose and scope. D............ D
----------------------------------------------------------------------------------------------------------------
Part 34
----------------------------------------------------------------------------------------------------------------
34.1.................................... Amend............... Purpose and scope. D............ D
----------------------------------------------------------------------------------------------------------------
Part 35
35.1.................................... Amend............... Purpose and scope. D............ D
----------------------------------------------------------------------------------------------------------------
Part 36
36.1.................................... Amend............... Purpose and scope. D............ D
----------------------------------------------------------------------------------------------------------------
Part 37
----------------------------------------------------------------------------------------------------------------
37.1.................................... New................. Purpose........... ............. D
37.3.................................... New................. Scope............. ............. D
37.5.................................... New................. Definition Access ............. C
control.
37.5.................................... New................. Definition Act.... ............. D
37.5.................................... New................. Definition ............. C
Aggregated.
37.5.................................... New................. Definition ............. [B]
Agreement State.
37.5.................................... New................. Definition ............. B
Approved
individual.
37.5.................................... New................. Definition ............. C
Background
Investigation.
37.5.................................... New................. Definition ............. [A]
Becquerel.
37.5.................................... New................. Definition ............. [H&S]
Byproduct
Material.
37.5.................................... New................. Definition Carrier ............. [B]
37.5.................................... New................. Definition ............. B
Category 1
quantities of
radioactive
material.
37.5.................................... New................. Definition ............. B
Category 2
quantities of
radioactive
material.
37.5.................................... New................. Definition ............. D
Commission.
37.5.................................... New................. Definition Curie.. ............. [A]
37.5.................................... New................. Definition ............. C
Diversion.
37.5.................................... New................. Definition ............. B
Escorted access.
37.5.................................... New................. Definition ............. C
Fingerprint
Orders.
37.5.................................... New................. Definition ............. D
Government agency.
37.5.................................... New................. Definition License ............. D
37.5.................................... New................. Definition License ............. D
issuing agency.
37.5.................................... New................. Definition Local ............. C
law enforcement
agency.
37.5.................................... New................. Definition Lost or ............. [B]
missing material.
37.5.................................... New................. Definition Mobile ............. B
device.
37.5.................................... New................. Definition ............. B
Movement control
center.
37.5.................................... New................. Definition No- ............. B
later-than
arrival time.
37.5.................................... New................. Definition Person. ............. [C]
37.5.................................... New................. Definition ............. C
Reviewing
official.
37.5.................................... New................. Definition ............. C
Sabotage.
37.5.................................... New................. Safe haven........ ............. B
37.5.................................... New................. Definition ............. C
Security zone.
37.5.................................... New................. Definition State.. ............. D
37.5.................................... New................. Definition ............. B
Telemetric
position
monitoring system.
37.5.................................... New................. Definition ............. B
Trustworthiness
and reliability.
37.5.................................... New................. Definition ............. B
Unescorted access.
37.5.................................... New................. Definition United ............. D
States.
37.7.................................... New................. Communications.... ............. D
37.9.................................... New................. Interpretations... ............. D
37.11(a)................................ New................. Specific ............. D
exemptions.
37.11(b)................................ New................. Specific ............. D
exemptions.
37.11(c)................................ New................. Specific ............. B
exemptions.
37.13................................... New................. Information ............. D
collection
requirements: OMB
approval.
37.21(a)................................ New................. General........... ............. C
37.21(b)................................ New................. General ............. B
performance
objective.
37.21(c)................................ New................. Applicability..... ............. B
37.23(a)................................ New................. Granting ............. B
unescorted access
authorization.
37.23(b)(1), (2), (4), (5).............. New................. Reviewing ............. B
officials.
37.23(b)(3)............................. New................. Reviewing ............. C
officials.
[[Page 17003]]
37.23(c)................................ New................. Informed consent.. ............. B
37.23(d)................................ New................. Personal history ............. B
disclosure.
37.23(e)................................ New................. Determination ............. B
basis.
37.23(f)................................ New................. Procedures........ ............. C
37.23(g)................................ New................. Right to correct ............. B
and complete
information.
37.23(h)................................ New................. Records........... ............. C
37.25(a)................................ New................. Initial ............. B
investigation.
37.25(b)................................ New................. Grandfathering.... ............. C
37.25(c)................................ New................. Reinvestigations.. ............. B
37.27(a)................................ New................. General ............. B
performance
objective and
requirements.
37.27(b)................................ New................. Prohibitions...... ............. B
37.27(c)................................ New................. Procedures for ............. B
processing
fingerprint
checks.
37.29(a), (b)........................... New................. Relief from ............. B
fingerprinting,
identification,
and criminal
history records
checks and other
elements of a
background
investigations
for designated
categories of
individuals
permitted
unescorted access
to certain
radioactive
materials.
37.31(a)-(d)............................ New................. Protection of ............. B
information.
37.31(e)................................ New................. Protection of ............. C
information.
37.33(a), (b), (c)...................... New................. Access ............. C
authorization
program review.
37.41(a)................................ New................. Applicability..... ............. B
37.41(b)................................ New................. General ............. B
performance
objective.
37.41(c)................................ New................. Program features.. ............. C
37.43(a)................................ New................. Security plan..... ............. B
37.43(b)................................ New................. Implementing ............. C
procedures.
37.43(c)(1)-(c)(3)...................... New................. Training.......... ............. B
37.43(c)(4)............................. New................. Training.......... ............. C
37.43(d)(1)-(d)(8)...................... New................. Protection of ............. C
Information.
37.43(d)(9)............................. New................. Protection of ............. NRC
Information.
37.45(a), (b), (d)...................... New................. LLEA coordination. ............. B
37.45(c)................................ New................. LLEA coordination ............. C
(records).
37.47(a)-(e)............................ New................. Security zones.... ............. B
37.49(a)................................ New................. Monitoring and ............. B
detection.
37.49(b)................................ New................. Assessment........ ............. B
37.49(c)................................ New................. Personnel ............. B
communications
and data
transmission.
37.49(d)................................ New................. Response.......... ............. B
37.51................................... New................. Maintenance and ............. C
testing.
37.53................................... New................. Requirements for ............. B
mobile devices.
37.55(a), (b), (c)...................... New................. Security program ............. C
review.
37.57(a)................................ New................. Reporting of ............. C
events.
37.57(b)................................ New................. Reporting of ............. C
events.
37.71................................... New................. Additional ............. B
requirements for
transfer of
category 1 and
category 2
quantities of
radioactive
material.
37.71(a), (b) (c)....................... New................. Additional ............. B
requirements for
transfer of
category 1 and
category 2
quantities of
radioactive
material.
37.71(d)................................ New................. Additional ............. C
requirements for
transfer of
category 1 and
category 2
quantities of
radioactive
material.
37.73(a), (b), (d), (e)................. New................. Applicability of ............. D
physical
protection of
category 1 and
category 2
quantities of
radioactive
material during
transit.
37.73(c)................................ New................. Applicability of ............. B
physical
protection of
category 1 and
category 2
quantities of
radioactive
material during
transit.
37.75(a)-(d)............................ New................. Preplanning and ............. B
coordination of
shipment of
category 1 or
category 2
quantities of
radioactive
material.
37.75(e)................................ New................. Preplanning and ............. C
coordination of
shipment of
category 1 or
category 2
quantities of
radioactive
material.
37.77................................... New................. Advance ............. B
notification for
shipments of
category 1
quantities of
radioactive
material.
37.77(a)................................ New................. Procedures for ............. B
submitting
advance
notification.
37.77(b)................................ New................. Information to be ............. B
furnished in
advance
notification of
shipment.
37.77(c)................................ New................. Revision notice... ............. B
37.77(d)................................ New................. Cancellation ............. B
notice.
37.77(e)................................ New................. Records........... ............. C
37.77(f)................................ New................. Protection of ............. NRC
information.
37.79(a)................................ New................. Shipments by road. ............. B
37.79(b)................................ New................. Shipments by rail. ............. B
37.79(c)................................ New................. Investigations.... ............. B
37.81(a)................................ New................. Reporting of ............. B
events.
37.81(b)................................ New................. Reporting of ............. B
events.
37.81(c)................................ New................. Reporting of ............. B
events.
37.81(d)................................ New................. Reporting of ............. B
events.
37.81(e)................................ New................. Reporting of ............. B
events.
[[Page 17004]]
37.81(f)................................ New................. Reporting of ............. B
events.
37.81(g)................................ New................. Reporting of ............. C
events.
37.81(h)................................ New................. Reporting of ............. C
events.
37.101.................................. New................. Form of records... ............. C
37.103.................................. New................. Record retention.. ............. C
37.105.................................. New................. Inspections....... ............. D
37.107.................................. New................. Violations........ ............. D
37.109.................................. New................. Criminal penalties ............. D
Appendix A.............................. New................. Category 1 and 2 ............. B
thresholds.
----------------------------------------------------------------------------------------------------------------
Part 39
----------------------------------------------------------------------------------------------------------------
39.1.................................... Amend............... Purpose and scope. D............ D
----------------------------------------------------------------------------------------------------------------
Part 51
----------------------------------------------------------------------------------------------------------------
51.22(c)(3)............................. Amend............... Criterion for NRC.......... NRC
categorical
exclusion;
identification of
licensing and
regulatory
actions eligible
for categorical
exclusion or
otherwise not
requiring
environmental
review.
----------------------------------------------------------------------------------------------------------------
Part 71
----------------------------------------------------------------------------------------------------------------
71.97(b)................................ Amend............... Advance B............ B
notification of
shipment of
irradiated
reactor fuel and
nuclear waste.
----------------------------------------------------------------------------------------------------------------
Part 73
----------------------------------------------------------------------------------------------------------------
73.35................................... New................. Requirements for ............. NRC
physical
protection of
irradiated
reactor fuel (100
grams or less) in
transit.
----------------------------------------------------------------------------------------------------------------
VII. Plain Writing
The Plain Writing Act of 2010 (Pub. L. 111-274) requires Federal
agencies to write documents in a clear, concise, and well-organized
manner. The NRC has written this document to be consistent with the
Plain Writing Act as well as the Presidential Memorandum, ``Plain
Language in Government Writing,'' published June 10, 1998 (63 FR
31883).
VIII. Voluntary Consensus Standards
The National Technology Transfer and Advancement Act of 1995 (Pub.
L. 104-113), requires that Federal agencies use technical standards
that are developed or adopted by voluntary consensus standards bodies
unless the use of such a standard is inconsistent with applicable law
or otherwise impractical. In this final rule, the NRC is establishing
security requirements for the use of category 1 and category 2
quantities of radioactive materials. The NRC is not aware of any
voluntary consensus standards that address the subject matter of this
final rule. This action does not constitute the establishment of a
standard that establishes generally applicable requirements.
IX. Finding of No Significant Environmental Impact: Availability
Under the National Environmental Policy Act of 1969, as amended,
and the NRC regulations in subpart A of 10 CFR part 51, the NRC has
determined that this final rule, if adopted, would not be a major
Federal action significantly affecting the quality of the human
environment, and therefore an environmental impact statement is not
required for this rulemaking. The NRC has prepared an environmental
assessment and, on the basis of this environmental assessment, has made
a finding of no significant impact.
The implementation of the final rule's security requirements would
not result in significant changes to the licensee's facilities, nor
would such implementation result in any significant increase in
effluents released to the environment. Similarly, the implementation of
the final rule's security requirements would not affect occupational
exposure requirements. No major construction or other earth-disturbing
activities on the part of affected licensees are anticipated in
connection with licensees' implementation of the final rule's
requirements. The Commission has determined that the implementation of
this final rule is procedural and administrative in nature.
The determination of this environmental assessment is that there
will be no significant impact to the public from this action.
This conclusion was published in the environmental assessment that
was posted to the NRC's rulemaking Web site: http://www.regulations.gov
after publication of the proposed rule. No comments were received on
the content of the environmental assessment.
X. Paperwork Reduction Act Statement
This final rule contains new information collection requirements in
10 CFR part 37 that are subject to the Paperwork Reduction Act of 1995
(44 U.S.C. 3501 et seq.). These requirements were approved by the
Office of Management and Budget (OMB), approval number 3150-0214. The
changes to 10 CFR parts 20, 30, 32, 33, 34, 35, 36, 39, 51, 71, and 73
do not contain new or amended information collection requirements.
Existing requirements were approved by the OMB, approval numbers 3150-
0014, 3150-0017, 3150-0001, 3150-0015, 3150-0007, 3150-0010, 3150-0158,
3150-0130, 3150-0021, 3150-0008, and 3150-0002.
The burden to the public for the information collections in 10 CFR
part
[[Page 17005]]
37 is estimated to average1.7 hours per response. This includes the
time for reviewing instructions, searching existing data sources,
gathering and maintaining the data needed, and completing and reviewing
the information collection. Send comments on any aspect of these
information collections, including suggestions for reducing the burden,
to the Information Services Branch (T-5 F53), U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001, or by Internet electronic mail
to [email protected]; and to the Desk Officer, Chad
Whiteman, Office of Information and Regulatory Affairs, NEOB-10202,
(3150-0214), Office of Management and Budget, Washington, DC 20503.
Public Protection Notification
The NRC may not conduct or sponsor, and a person is not required to
respond to, a request for information or an information collection
requirement unless the requesting document displays a currently valid
OMB control number.
XI. Regulatory Analysis
The Commission has prepared a regulatory analysis on this final
regulation. The analysis examines the costs and benefits of the
alternatives considered by the Commission.
The analysis is available for inspection in the NRC's Public
Document Room, 11555 Rockville Pike, Rockville, Maryland 20852. The
analysis may also be viewed and downloaded electronically via the
Federal erulemaking portal at http://www.regulations.gov by searching
for Docket ID NRC-2008-0120.
XII. Regulatory Flexibility Certification
The NRC has prepared a regulatory analysis of the impact of this
final rule on small entities. The final rule will affect about 300 NRC
licensees and an additional 1,100 Agreement State licensees. Affected
licensees include laboratories, reactors, universities, colleges,
medical clinics, hospitals, irradiators, manufacturers and
distributors, well loggers, and radiographers, some of which may
qualify as small business entities as defined by 10 CFR 2.810. Based on
the regulatory analysis conducted for this action, the costs of the
rule for affected licensees are estimated to be between $358 million
and $488 million (7-percent and 3-percent discount rate over 20 years,
respectively) total. The average licensee will have a one-time cost of
approximately $23,375 and an annual cost of approximately $21,736 to
fully implement the final rule. The NRC believes that the selected
alternative reflected in the final rule is the least burdensome, most
flexible alternative that accomplishes the NRC's regulatory objective.
The Regulatory Flexibility Analysis is included as an Appendix to this
final rule.
XIII. Backfit Analysis
The NRC has determined that the backfit rule, which is found in the
regulations at 10 CFR 50.109, 70.76, 72.62, 76.76, and in 10 CFR part
52, does not apply to this final rule because this amendment would not
involve any provisions that would impose backfits as defined in 10 CFR
chapter I. Therefore, a backfit analysis is not required.
XIV. Congressional Review Act
In accordance with the Congressional Review Act of 1996, the NRC
has determined that this action is a major rule and has verified this
determination with the Office of Information and Regulatory Affairs of
OMB.
List of Subjects
10 CFR Part 20
Byproduct material, Criminal penalties, Licensed material, Nuclear
materials, Nuclear power plants and reactors, Occupational safety and
health, Packaging and containers, Radiation protection, Reporting and
recordkeeping requirements, Source material, Special nuclear material,
Waste treatment and disposal.
10 CFR Part 30
Byproduct material, Criminal penalties, Government contracts,
Intergovernmental relations, Isotopes, Nuclear materials, Radiation
protection, Reporting and recordkeeping requirements.
10 CFR Part 32
Byproduct material, Criminal penalties, Labeling, Nuclear
materials, Radiation protection, Reporting and recordkeeping
requirements.
10 CFR Part 33
Byproduct material, Criminal penalties, Nuclear materials,
Radiation protection, Reporting and recordkeeping requirements.
10 CFR Part 34
Criminal penalties, Packaging and containers, Radiation protection,
Radiography, Reporting and recordkeeping requirements, Scientific
equipment, Security measures.
10 CFR Part 35
Byproduct material, Criminal penalties, Drugs, Health facilities,
Health professions, Medical devices, Nuclear materials, Occupational
safety and health, Radiation protection, Reporting and recordkeeping
requirements.
10 CFR Part 36
Byproduct material, Criminal penalties, Nuclear materials,
Reporting and recordkeeping requirements, Scientific equipment,
Security measures.
10 CFR Part 37
Byproduct material, Criminal penalties, Export, Hazardous materials
transportation, Import, Licensed material, Nuclear materials, Reporting
and recordkeeping requirements, Security measures.
10 CFR Part 39
Byproduct material, Criminal penalties, Nuclear material, Oil and
gas exploration--well logging, Reporting and recordkeeping
requirements, Scientific equipment, Security measures, Source material,
Special nuclear material.
10 CFR Part 51
Administrative practice and procedure, Environmental impact
statement, Nuclear materials, Nuclear power plants and reactors,
Reporting and recordkeeping requirements.
10 CFR Part 71
Criminal penalties, Hazardous materials transportation, Nuclear
materials, Packaging and containers, Reporting and recordkeeping
requirements.
10 CFR Part 73
Criminal penalties, Export, Hazardous materials transportation,
Import, Nuclear materials, Nuclear power plants and reactors, Reporting
and recordkeeping requirements, Security measures.
For the reasons set out in the preamble and under the authority of
the Atomic Energy Act of 1954, as amended; the Energy Reorganization
Act of 1974, as amended; and 5 U.S.C. 552 and 553; the NRC is adopting
the following amendments to 10 CFR parts 20, 30, 32, 33, 34, 35, 36,
37, 39, 51, 71, and 73.
PART 20--STANDARDS FOR PROTECTION AGAINST RADIATION
0
1. The authority citation for part 20 continues to read as follows:
[[Page 17006]]
Authority: Atomic Energy Act secs. 53, 63, 65, 81, 103, 104,
161, 182, 186, 223. 234 1701 (42 U.S.C. 2073, 2093, 2095, 2111,
2133, 2134, 2201, 2232, 2236, 2273, 2282, 2297f), Energy
Reorganization Act secs. 201, 202, 206 (42 U.S.C. 5841, 5842, 5846);
Government Paperwork Elimination Act sec. 1704 (44 U.S.C. 3504
note); Energy Policy Act of 2005 sec. 651(e), Pub. L. No. 109-58,
119 Stat. 549 (2005) (42 U.S.C. 2014, 2021, 2021b, 2111).
0
2. In Sec. 20.2201, paragraph (c) is revised to read as follows:
Sec. 20.2201 Reports of theft or loss of licensed material.
* * * * *
(c) A duplicate report is not required under paragraph (b) of this
section if the licensee is also required to submit a report pursuant to
Sec. Sec. 30.55(c), 37.57, 37.81, 40.64(c), 50.72, 50.73, 70.52,
73.27(b), 73.67(e)(3)(vii), 73.67(g)(3)(iii), 73.71, or 150.19(c) of
this chapter.
* * * * *
PART 30--RULES OF GENERAL APPLICABILITY TO DOMESTIC LICENSING OF
BYPRODUCT MATERIAL
0
3. The authority citation for part 30 continues to read as follows:
Authority: Atomic Energy Act secs. 81, 82, 161, 181, 182, 183,
186, 223, 234 (42 U.S.C. 2111, 2112, 2201, 2231, 2232, 2233, 2236,
2273, 2282); Energy Reorganization Act secs. 201, 202, 206 (42
U.S.C. 5841, 5842, 5846); Government Paperwork Elimination Act sec.
1704 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No.
109-58, 119 Stat. 549 (2005).
Section 30.7 also issued under Energy Reorganization Act sec.
211, Pub. L. 95-601, sec. 10, as amended by Pub. L. 102-486, sec.
2902 (42 U.S.C. 5851). Section 30.34(b) also issued under Atomic
Energy Act sec. 184 (42 U.S.C. 2234). Section 30.61 also issued
under Atomic Energy Act sec. 187 (42 U.S.C. 2237).
0
4. In Sec. 30.6, the introductory text of paragraph (a) is revised to
read as follows:
Sec. 30.6 Communications.
(a) Unless otherwise specified or covered under the regional
licensing program as provided in paragraph (b) of this section, any
communication or report concerning the regulations in parts 30 through
37 and 39 of this chapter and any application filed under these
regulations may be submitted to the Commission as follows:
* * * * *
0
5. Section 30.13 is revised to read as follows:
Sec. 30.13 Carriers.
Common and contract carriers, freight forwarders, warehousemen, and
the U.S. Postal Service are exempt from the regulations in this part
and parts 31 through 37 and 39 of this chapter and the requirements for
a license set forth in section 81 of the Act to the extent that they
transport or store byproduct material in the regular course of carriage
for another or storage incident thereto.
0
6. In Sec. 30.33, paragraph (a)(4) is revised to read as follows:
Sec. 30.33 General requirements for issuance of specific licenses.
(a) * * *
(4) The applicant satisfies any special requirements contained in
parts 32 through 37 and 39 of this chapter; and
* * * * *
PART 32--SPECIFIC DOMESTIC LICENSES TO MANUFACTURE OR TRANSFER
CERTAIN ITEMS CONTAINING BYPRODUCT MATERIAL
0
7. The authority citation for part 32 continues to read as follows:
Authority: Atomic Energy Act secs. 81, 161, 181, 182, 183, 223,
234 (42 U.S.C. 2111, 2201, 2231, 2232, 2233, 2273, 2282); Energy
Reorganization Act sec. 201 (42 U.S.C. 5841); Government Paperwork
Elimination Act sec. 1704 (44 U.S.C. 3504 note); Energy Policy Act
of 2005, sec. 651(e), Pub. L. No. 109-58, 119 Stat. 806-810 (42
U.S.C. 2014, 2021, 2021b, 2111).
0
8. In Sec. 32.1, paragraph (b) is revised to read as follows:
Sec. 32.1 Purpose and scope.
* * * * *
(b) The provisions and requirements of this part are in addition
to, and not in substitution for, other requirements of this chapter. In
particular, the provisions of part 30 of this chapter apply to
applications, licenses and certificates of registration subject to this
part, and the provisions of part 37 of this chapter apply to
applications and licenses subject to this part.
* * * * *
PART 33--SPECIFIC DOMESTIC LICENSES OF BROAD SCOPE FOR BYPRODUCT
MATERIAL
0
9. The authority citation for part 33 continues to read as follows:
Authority: Atomic Energy Act secs. 81, 161, 181, 182, 183, 223,
234 (42 U.S.C. 2111, 2201, 2231, 2232, 2233, 2273, 2282); Energy
Reorganization Act sec. 201 (42 U.S.C. 5841); Government Paperwork
Elimination Act sec. 1704 (44 U.S.C. 3504 note); Energy Policy Act
of 2005 sec. 651(e), Public Law 109-58, 119 Stat. 806-810 (42 U.S.C.
2014, 2021, 2021b, 2111).
0
10. Section 33.1 is revised to read as follows:
Sec. 33.1 Purpose and scope.
This part prescribes requirements for the issuance of specific
licenses of broad scope for byproduct material (``broad licenses'') and
certain regulations governing holders of such licenses. The provisions
and requirements of this part are in addition to, and not in
substitution for, other requirements of this chapter. In particular,
the provisions of parts 30 and 37 of this chapter apply to applications
and licenses subject to this part.
PART 34--LICENSES FOR INDUSTRIAL RADIOGRAPHY AND RADIATION SAFETY
REQUIREMENTS FOR INDUSTRIAL RADIOGRAPHIC OPERATIONS
0
11. The authority citation for part 34 continues to read as follows:
Authority: Atomic Energy Act secs. 81, 161, 181, 182, 183, 223,
234 (42 U.S.C. 2111, 2201, 2231, 2232, 2233, 2273, 2282); Energy
Reorganization Act sec. 201 (42 U.S.C. 5841); Government Paperwork
Elimination Act sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note).
Atomic Energy Act of 2005 sec. 651(e), Pub. L. No. 109-58, 119 Stat.
806-810 (42 U.S.C. 2014, 2021, 2021b, 2111). Section 34.45 also
issued under Energy Reorganization Act sec. 206 (42 U.S.C. 5846).
0
12. Section 34.1 is revised to read as follows:
Sec. 34.1 Purpose and scope.
This part prescribes requirements for the issuance of licenses for
the use of sealed sources containing byproduct material and radiation
safety requirements for persons using these sealed sources in
industrial radiography. The provisions and requirements of this part
are in addition to, and not in substitution for, other requirements of
this chapter. In particular, the requirements and provisions of parts
19, 20, 21, 30, 37, 71, 150, 170, and 171 of this chapter apply to
applications and licenses subject to this part. This rule does not
apply to medical uses of byproduct material.
PART 35--MEDICAL USE OF BYPRODUCT MATERIAL
0
13. The authority citation for part 35 continues to read as follows:
Authority: Atomic Energy Act secs. 81, 161, 181, 182, 183, 223,
234 (42 U.S.C. 2111, 2201, 2231, 2232, 2233, 2273, 2282); Energy
Reorganization Act sec. 201, 206 (42 U.S.C. 5841, 5842, 5846); sec.
1704 (44 U.S.C. 3504 note); Energy Policy Act of 2005, sec. 651(e),
Public Law 109-58, 119 Stat. 806-810 (42 U.S.C. 2014, 2021, 2021b,
2111).
0
14. Section 35.1 is revised to read as follows:
[[Page 17007]]
Sec. 35.1 Purpose and scope.
This part contains the requirements and provisions for the medical
use of byproduct material and for issuance of specific licenses
authorizing the medical use of this material. These requirements and
provisions provide for the radiation safety of workers, the general
public, patients, and human research subjects. The requirements and
provisions of this part are in addition to, and not in substitution
for, others in this chapter. The requirements and provisions of parts
19, 20, 21, 30, 37, 71, 170, and 171 of this chapter apply to
applicants and licensees subject to this part unless specifically
exempted.
PART 36--LICENSES AND RADIATION SAFETY REQUIREMENTS FOR IRRADIATORS
0
15. The authority citation for part 36 continues to read as follows:
Authority: Atomic Energy Act secs. 81, 82, 161, 181, 182, 183,
186, 223, 234 (42 U.S.C. 2111, 2112, 2201, 2232, 2233, 2236, 2273,
2282); Energy Reorganization Act secs. 201, 202, 206 (42 U.S.C.
5841, 5842, 5846); Government Paperwork Elimination Act sec. 1704
(44 U.S.C. 3504 note); Atomic Energy Act of 2005 sec. 651(e), Pub.
L. No. 109-58, 119 Stat. 806-810 (42 U.S.C. 2014, 2021, 2021b,
2111).
0
16. In Sec. 36.1, paragraph (a) is revised to read as follows:
Sec. 36.1 Purpose and scope.
(a) This part contains requirements for the issuance of a license
authorizing the use of sealed sources containing radioactive materials
in irradiators used to irradiate objects or materials using gamma
radiation. This part also contains radiation safety requirements for
operating irradiators. The requirements of this part are in addition to
other requirements of this chapter. In particular, the provisions of
parts 19, 20, 21, 30, 37, 71, 170, and 171 of this chapter apply to
applications and licenses subject to this part. Nothing in this part
relieves the licensee from complying with other applicable Federal,
State and local regulations governing the siting, zoning, land use, and
building code requirements for industrial facilities.
* * * * *
0
17. Part 37 is added to read as follows:
PART 37--PHYSICAL PROTECTION OF CATEGORY 1 AND CATEGORY 2
QUANTITIES OF RADIOACTIVE MATERIAL
Sec.
Subpart A--General Provisions
37.1 Purpose.
37.3 Scope.
37.5 Definitions.
37.7 Communications.
37.9 Interpretations.
37.11 Specific exemptions.
37.13 Information collection requirements: OMB approval.
Subpart B--Background Investigations and Access Control Program
37.21 Personnel access authorization requirements for category 1 or
category 2 quantities of radioactive material.
37.23 Access authorization program requirements.
37.25 Background investigations.
37.27 Requirements for criminal history records checks of
individuals granted unescorted access to category 1 or category 2
quantities of radioactive material.
37.29 Relief from fingerprinting, identification, and criminal
history records checks and other elements of background
investigations for designated categories of individuals permitted
unescorted access to certain radioactive materials.
37.31 Protection of information.
37.33 Access authorization program review.
Subpart C--Physical Protection Requirements During Use
37.41 Security program.
37.43 General security program requirements.
37.45 LLEA coordination.
37.47 Security zones.
37.49 Monitoring, detection, and assessment.
37.51 Maintenance and testing.
37.53 Requirements for mobile devices.
37.55 Security program review.
37.57 Reporting of events.
Subpart D--Physical Protection in Transit
37.71 Additional requirements for transfer of category 1 and
category 2 quantities of radioactive material.
37.73 Applicability of physical protection of category 1 and
category 2 quantities of radioactive material during transit.
37.75 Preplanning and coordination of shipment of category 1 or
category 2 quantities of radioactive material.
37.77 Advance notification of shipment of category 1 quantities of
radioactive material.
37.79 Requirements for physical protection of category 1 and
category 2 quantities of radioactive material during shipment.
37.81 Reporting of events.
Subpart E--[Reserved]
Subpart F--Records
37.101 Form of records.
37.103 Record retention.
Subpart G--Enforcement
37.105 Inspections.
37.107 Violations.
37.109 Criminal penalties.
Appendix A to Part 37--Category 1 and Category 2 Radioactive Materials
Authority: Atomic Energy Act secs. 53, 81, 103, 104, 147, 148,
149, 161, 182, 183, 223, 234 (42 U.S.C. 2073, 2111, 2133, 2134,
2167, 2168, 2169, 2201a., 2232, 2233, 2273, 2282).
Subpart A--General Provisions
Sec. 37.1 Purpose.
This part has been established to provide the requirements for the
physical protection program for any licensee that possesses an
aggregated category 1 or category 2 quantity of radioactive material
listed in Appendix A to this part. These requirements provide
reasonable assurance of the security of category 1 or category 2
quantities of radioactive material by protecting these materials from
theft or diversion. Specific requirements for access to material, use
of material, transfer of material, and transport of material are
included. No provision of this part authorizes possession of licensed
material.
Sec. 37.3 Scope.
(a) Subparts B and C of this part apply to any person who, under
the regulations in this chapter, possesses or uses at any site, an
aggregated category 1 or category 2 quantity of radioactive material.
(b) Subpart D of this part applies to any person who, under the
regulations of this chapter:
(1) Transports or delivers to a carrier for transport in a single
shipment, a category 1 or category 2 quantity of radioactive material;
or
(2) Imports or exports a category 1 or category 2 quantity of
radioactive material; the provisions only apply to the domestic portion
of the transport.
Sec. 37.5 Definitions.
As used in this part:
Access control means a system for allowing only approved
individuals to have unescorted access to the security zone and for
ensuring that all other individuals are subject to escorted access.
Act means the Atomic Energy Act of 1954 (68 Stat. 919), including
any amendments thereto.
Aggregated means accessible by the breach of a single physical
barrier that would allow access to radioactive material in any form,
including any devices that contain the radioactive material, when the
total activity equals or exceeds a category 2 quantity of radioactive
material.
Agreement State means any state with which the Atomic Energy
Commission or the U.S. Nuclear Regulatory
[[Page 17008]]
Commission has entered into an effective agreement under subsection
274b. of the Act. Non-agreement State means any other State.
Approved individual means an individual whom the licensee has
determined to be trustworthy and reliable for unescorted access in
accordance with subpart B of this part and who has completed the
training required by Sec. 37.43(c).
Background investigation means the investigation conducted by a
licensee or applicant to support the determination of trustworthiness
and reliability.
Becquerel (Bq) means one disintegration per second.
Byproduct material means--
(1) Any radioactive material (except special nuclear material)
yielded in, or made radioactive by, exposure to the radiation incident
to the process of producing or using special nuclear material;
(2) The tailings or wastes produced by the extraction or
concentration of uranium or thorium from ore processed primarily for
its source material content, including discrete surface wastes
resulting from uranium solution extraction processes. Underground ore
bodies depleted by these solution extraction operations do not
constitute ``byproduct material'' within this definition;
(3)(i) Any discrete source of radium-226 that is produced,
extracted, or converted after extraction, before, on, or after August
8, 2005, for use for a commercial, medical, or research activity; or
(ii) Any material that--
(A) Has been made radioactive by use of a particle accelerator; and
(B) Is produced, extracted, or converted after extraction, before,
on, or after August 8, 2005, for use for a commercial, medical, or
research activity; and
(4) Any discrete source of naturally occurring radioactive
material, other than source material, that--
(i) The Commission, in consultation with the Administrator of the
Environmental Protection Agency, the Secretary of Energy, the Secretary
of Homeland Security, and the head of any other appropriate Federal
agency, determines would pose a threat similar to the threat posed by a
discrete source of radium-226 to the public health and safety or the
common defense and security; and
(ii) Before, on, or after August 8, 2005, is extracted or converted
after extraction for use in a commercial, medical, or research
activity.
Carrier means a person engaged in the transportation of passengers
or property by land or water as a common, contract, or private carrier,
or by civil aircraft.
Category 1 quantity of radioactive material means a quantity of
radioactive material meeting or exceeding the category 1 threshold in
Table 1 of Appendix A to this part. This is determined by calculating
the ratio of the total activity of each radionuclide to the category 1
threshold for that radionuclide and adding the ratios together. If the
sum is equal to or exceeds 1, the quantity would be considered a
category 1 quantity. Category 1 quantities of radioactive material do
not include the radioactive material contained in any fuel assembly,
subassembly, fuel rod, or fuel pellet.
Category 2 quantity of radioactive material means a quantity of
radioactive material meeting or exceeding the category 2 threshold but
less than the category 1 threshold in Table 1 of Appendix A to this
part. This is determined by calculating the ratio of the total activity
of each radionuclide to the category 2 threshold for that radionuclide
and adding the ratios together. If the sum is equal to or exceeds 1,
the quantity would be considered a category 2 quantity. Category 2
quantities of radioactive material do not include the radioactive
material contained in any fuel assembly, subassembly, fuel rod, or fuel
pellet.
Commission means the U.S. Nuclear Regulatory Commission or its duly
authorized representatives.
Curie means that amount of radioactive material which disintegrates
at the rate of 37 billion atoms per second.
Diversion means the unauthorized movement of radioactive material
subject to this part to a location different from the material's
authorized destination inside or outside of the site at which the
material is used or stored.
Escorted access means accompaniment while in a security zone by an
approved individual who maintains continuous direct visual surveillance
at all times over an individual who is not approved for unescorted
access.
Fingerprint orders means the orders issued by the U.S. Nuclear
Regulatory Commission or the legally binding requirements issued by
Agreement States that require fingerprints and criminal history records
checks for individuals with unescorted access to category 1 and
category 2 quantities of radioactive material or safeguards
information-modified handling.
Government agency means any executive department, commission,
independent establishment, corporation, wholly or partly owned by the
United States of America which is an instrumentality of the United
States, or any board, bureau, division, service, office, officer,
authority, administration, or other establishment in the executive
branch of the Government.
License, except where otherwise specified, means a license for
byproduct material issued pursuant to the regulations in parts 30
through 36 and 39 of this chapter;
License issuing authority means the licensing agency that issued
the license, i.e. the U.S. Nuclear Regulatory Commission or the
appropriate agency of an Agreement State;
Local law enforcement agency (LLEA) means a public or private
organization that has been approved by a federal, state, or local
government to carry firearms and make arrests, and is authorized and
has the capability to provide an armed response in the jurisdiction
where the licensed category 1 or category 2 quantity of radioactive
material is used, stored, or transported.
Lost or missing licensed material means licensed material whose
location is unknown. It includes material that has been shipped but has
not reached its destination and whose location cannot be readily traced
in the transportation system.
Mobile device means a piece of equipment containing licensed
radioactive material that is either mounted on wheels or casters, or
otherwise equipped for moving without a need for disassembly or
dismounting; or designed to be hand carried. Mobile devices do not
include stationary equipment installed in a fixed location.
Movement control center means an operations center that is remote
from transport activity and that maintains position information on the
movement of radioactive material, receives reports of attempted attacks
or thefts, provides a means for reporting these and other problems to
appropriate agencies and can request and coordinate appropriate aid.
No-later-than arrival time means the date and time that the
shipping licensee and receiving licensee have established as the time
at which an investigation will be initiated if the shipment has not
arrived at the receiving facility. The no-later-than-arrival time may
not be more than 6 hours after the estimated arrival time for shipments
of category 2 quantities of radioactive material.
Person means--
(1) Any individual, corporation, partnership, firm, association,
trust, estate, public or private institution, group, Government agency
other than the Commission or the DOE (except that the Department shall
be considered a
[[Page 17009]]
person within the meaning of the regulations in 10 CFR chapter I to the
extent that its facilities and activities are subject to the licensing
and related regulatory authority of the Commission under section 202 of
the Energy Reorganization Act of 1974 (88 Stat. 1244), the Uranium Mill
Tailings Radiation Control Act of 1978 (92 Stat. 3021), the Nuclear
Waste Policy Act of 1982 (96 Stat. 2201), and section 3(b)(2) of the
Low-Level Radioactive Waste Policy Amendments Act of 1985 (99 Stat.
1842), any State or any political subdivision of or any political
entity within a State, any foreign government or nation or any
political subdivision of any such government or nation, or other
entity; and
(2) Any legal successor, representative, agent, or agency of the
foregoing.
Reviewing official means the individual who shall make the
trustworthiness and reliability determination of an individual to
determine whether the individual may have, or continue to have,
unescorted access to the category 1 or category 2 quantities of
radioactive materials that are possessed by the licensee.
Sabotage means deliberate damage, with malevolent intent, to a
category 1 or category 2 quantity of radioactive material, a device
that contains a category 1 or category 2 quantity of radioactive
material, or the components of the security system.
Safe haven means a readily recognizable and readily accessible site
at which security is present or from which, in the event of an
emergency, the transport crew can notify and wait for the local law
enforcement authorities.
Security zone means any temporary or permanent area determined and
established by the licensee for the physical protection of category 1
or category 2 quantities of radioactive material.
State means a State of the United States, the District of Columbia,
the Commonwealth of Puerto Rico, the Virgin Islands, Guam, American
Samoa, and the Commonwealth of the Northern Mariana Islands.
Telemetric position monitoring system means a data transfer system
that captures information by instrumentation and/or measuring devices
about the location and status of a transport vehicle or package between
the departure and destination locations.
Trustworthiness and reliability are characteristics of an
individual considered dependable in judgment, character, and
performance, such that unescorted access to category 1 or category 2
quantities of radioactive material by that individual does not
constitute an unreasonable risk to the public health and safety or
security. A determination of trustworthiness and reliability for this
purpose is based upon the results from a background investigation.
Unescorted access means solitary access to an aggregated category 1
or category 2 quantity of radioactive material or the devices that
contain the material.
United States, when used in a geographical sense, includes Puerto
Rico and all territories and possessions of the United States.
Sec. 37.7 Communications.
Except where otherwise specified or covered under the regional
licensing program as provided in Sec. 30.6(b) of this chapter, all
communications and reports concerning the regulations in this part may
be sent as follows:
(a) By mail addressed to: ATTN: Document Control Desk; Director,
Office of Nuclear Reactor Regulation; Director, Office of New Reactors;
Director, Office of Nuclear Material Safety and Safeguards; Director,
Office of Federal and State Materials and Environmental Management
Programs; or Director, Division of Security Policy, Office of Nuclear
Security and Incident Response, as appropriate, U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001;
(b) By hand delivery to the NRC's offices at 11555 Rockville Pike,
Rockville, Maryland 20852;
(c) Where practicable, by electronic submission, for example,
Electronic Information Exchange, or CD-ROM. Electronic submissions must
be made in a manner that enables the NRC to receive, read,
authenticate, distribute, and archive the submission, and process and
retrieve it a single page at a time. Detailed guidance on making
electronic submissions can be obtained by visiting the NRC's Web site
at http://www.nrc.gov/site-help/e-submittals.html; by email to
nrc.gov">[email protected]nrc.gov; or by writing the Office of Information
Services, U.S. Nuclear Regulatory Commission, Washington, DC 20555-
0001. The guidance discusses, among other topics, the formats the NRC
can accept, the use of electronic signatures, and the treatment of
nonpublic information.
Sec. 37.9 Interpretations.
Except as specifically authorized by the Commission in writing, no
interpretations of the meaning of the regulations in this part by any
officer or employee of the Commission other than a written
interpretation by the General Counsel will be recognized as binding
upon the Commission.
Sec. 37.11 Specific exemptions.
(a) The Commission may, upon application of any interested person
or upon its own initiative, grant such exemptions from the requirements
of the regulations in this part as it determines are authorized by law
and will not endanger life or property or the common defense and
security, and are otherwise in the public interest.
(b) Any licensee's NRC-licensed activities are exempt from the
requirements of subparts B and C of this part to the extent that its
activities are included in a security plan required by part 73 of this
chapter.
(c) A licensee that possesses radioactive waste that contains
category 1 or category 2 quantities of radioactive material is exempt
from the requirements of subparts B, C, and D of this part. Except that
any radioactive waste that contains discrete sources, ion-exchange
resins, or activated material that weighs less than 2,000 kg (4,409
lbs) is not exempt from the requirements of this part. The licensee
shall implement the following requirements to secure the radioactive
waste:
(1) Use continuous physical barriers that allow access to the
radioactive waste only through established access control points;
(2) Use a locked door or gate with monitored alarm at the access
control point;
(3) Assess and respond to each actual or attempted unauthorized
access to determine whether an actual or attempted theft, sabotage, or
diversion occurred; and
(4) Immediately notify the LLEA and request an armed response from
the LLEA upon determination that there was an actual or attempted
theft, sabotage, or diversion of the radioactive waste that contains
category 1 or category 2 quantities of radioactive material.
Sec. 37.13 Information collection requirements: OMB approval.
(a) The U.S. Nuclear Regulatory Commission has submitted the
information collection requirements contained in this part to the
Office of Management and Budget (OMB) for approval as required by the
Paperwork Reduction Act (44 U.S.C. 3501 et seq.). The NRC may not
conduct or sponsor, and a person is not required to respond to, a
collection of information unless it displays a currently valid OMB
control number. The OMB has approved the information collection
requirements
[[Page 17010]]
contained in this part under control number 3150-0214.
(b) The approved information collection requirements contained in
this part appear in Sec. Sec. 37.11, 37.21, 37.23, 37.25, 37.27,
37.29, 37.31, 37.33, 37.41, 37.43, 37.45, 37.49, 37.51, 37.55, 37.57,
37.71, 37.75, 37.77, 37.79, and 37.81.
Subpart B--Background Investigations and Access Authorization
Program
Sec. 37.21 Personnel access authorization requirements for category 1
or category 2 quantities of radioactive material.
(a) General. (1) Each licensee that possesses an aggregated
quantity of radioactive material at or above the category 2 threshold
shall establish, implement, and maintain its access authorization
program in accordance with the requirements of this subpart.
(2) An applicant for a new license and each licensee that would
become newly subject to the requirements of this subpart upon
application for modification of its license shall implement the
requirements of this subpart, as appropriate, before taking possession
of an aggregated category 1 or category 2 quantity of radioactive
material.
(3) Any licensee that has not previously implemented the Security
Orders or been subject to the provisions of this subpart B shall
implement the provisions of this subpart B before aggregating
radioactive material to a quantity that equals or exceeds the category
2 threshold.
(b) General performance objective. The licensee's access
authorization program must ensure that the individuals specified in
paragraph (c)(1) of this section are trustworthy and reliable.
(c) Applicability. (1) Licensees shall subject the following
individuals to an access authorization program:
(i) Any individual whose assigned duties require unescorted access
to category 1 or category 2 quantities of radioactive material or to
any device that contains the radioactive material; and
(ii) Reviewing officials.
(2) Licensees need not subject the categories of individuals listed
in Sec. 37.29(a)(1) through (13) to the investigation elements of the
access authorization program.
(3) Licensees shall approve for unescorted access to category 1 or
category 2 quantities of radioactive material only those individuals
with job duties that require unescorted access to category 1 or
category 2 quantities of radioactive material.
(4) Licensees may include individuals needing access to safeguards
information-modified handling under part 73 of this chapter in the
access authorization program under this subpart B.
Sec. 37.23 Access authorization program requirements.
(a) Granting unescorted access authorization. (1) Licensees shall
implement the requirements of this subpart for granting initial or
reinstated unescorted access authorization.
(2) Individuals who have been determined to be trustworthy and
reliable shall also complete the security training required by Sec.
37.43(c) before being allowed unescorted access to category 1 or
category 2 quantities of radioactive material.
(b) Reviewing officials. (1) Reviewing officials are the only
individuals who may make trustworthiness and reliability determinations
that allow individuals to have unescorted access to category 1 or
category 2 quantities of radioactive materials possessed by the
licensee.
(2) Each licensee shall name one or more individuals to be
reviewing officials. After completing the background investigation on
the reviewing official, the licensee shall provide under oath or
affirmation, a certification that the reviewing official is deemed
trustworthy and reliable by the licensee. The fingerprints of the named
reviewing official must be taken by a law enforcement agency, Federal
or State agencies that provide fingerprinting services to the public,
or commercial fingerprinting services authorized by a State to take
fingerprints. The licensee shall recertify that the reviewing official
is deemed trustworthy and reliable every 10 years in accordance with
Sec. 37.25(b).
(3) Reviewing officials must be permitted to have unescorted access
to category 1 or category 2 quantities of radioactive materials or
access to safeguards information or safeguards information-modified
handling, if the licensee possesses safeguards information or
safeguards information-modified handling.
(4) Reviewing officials cannot approve other individuals to act as
reviewing officials.
(5) A reviewing official does not need to undergo a new background
investigation before being named by the licensee as the reviewing
official if:
(i) The individual has undergone a background investigation that
included fingerprinting and an FBI criminal history records check and
has been determined to be trustworthy and reliable by the licensee; or
(ii) The individual is subject to a category listed in Sec.
37.29(a).
(c) Informed consent. (1) Licensees may not initiate a background
investigation without the informed and signed consent of the subject
individual. This consent must include authorization to share personal
information with other individuals or organizations as necessary to
complete the background investigation. Before a final adverse
determination, the licensee shall provide the individual with an
opportunity to correct any inaccurate or incomplete information that is
developed during the background investigation. Licensees do not need to
obtain signed consent from those individuals that meet the requirements
of Sec. 37.25(b). A signed consent must be obtained prior to any
reinvestigation.
(2) The subject individual may withdraw his or her consent at any
time. Licensees shall inform the individual that:
(i) If an individual withdraws his or her consent, the licensee may
not initiate any elements of the background investigation that were not
in progress at the time the individual withdrew his or her consent; and
(ii) The withdrawal of consent for the background investigation is
sufficient cause for denial or termination of unescorted access
authorization.
(d) Personal history disclosure. Any individual who is applying for
unescorted access authorization shall disclose the personal history
information that is required by the licensee's access authorization
program for the reviewing official to make a determination of the
individual's trustworthiness and reliability. Refusal to provide, or
the falsification of, any personal history information required by this
subpart is sufficient cause for denial or termination of unescorted
access.
(e) Determination basis. (1) The reviewing official shall determine
whether to permit, deny, unfavorably terminate, maintain, or
administratively withdraw an individual's unescorted access
authorization based on an evaluation of all of the information
collected to meet the requirements of this subpart.
(2) The reviewing official may not permit any individual to have
unescorted access until the reviewing official has evaluated all of the
information collected to meet the requirements of this subpart and
determined that the individual is trustworthy and reliable. The
reviewing official may deny unescorted access to
[[Page 17011]]
any individual based on information obtained at any time during the
background investigation.
(3) The licensee shall document the basis for concluding whether or
not there is reasonable assurance that an individual is trustworthy and
reliable.
(4) The reviewing official may terminate or administratively
withdraw an individual's unescorted access authorization based on
information obtained after the background investigation has been
completed and the individual granted unescorted access authorization.
(5) Licensees shall maintain a list of persons currently approved
for unescorted access authorization. When a licensee determines that a
person no longer requires unescorted access or meets the access
authorization requirement, the licensee shall remove the person from
the approved list as soon as possible, but no later than 7 working
days, and take prompt measures to ensure that the individual is unable
to have unescorted access to the material.
(f) Procedures. Licensees shall develop, implement, and maintain
written procedures for implementing the access authorization program.
The procedures must include provisions for the notification of
individuals who are denied unescorted access. The procedures must
include provisions for the review, at the request of the affected
individual, of a denial or termination of unescorted access
authorization. The procedures must contain a provision to ensure that
the individual is informed of the grounds for the denial or termination
of unescorted access authorization and allow the individual an
opportunity to provide additional relevant information.
(g) Right to correct and complete information. (1) Prior to any
final adverse determination, licensees shall provide each individual
subject to this subpart with the right to complete, correct, and
explain information obtained as a result of the licensee's background
investigation. Confirmation of receipt by the individual of this
notification must be maintained by the licensee for a period of 1 year
from the date of the notification.
(2) If, after reviewing his or her criminal history record, an
individual believes that it is incorrect or incomplete in any respect
and wishes to change, correct, update, or explain anything in the
record, the individual may initiate challenge procedures. These
procedures include direct application by the individual challenging the
record to the law enforcement agency that contributed the questioned
information or a direct challenge as to the accuracy or completeness of
any entry on the criminal history record to the Federal Bureau of
Investigation, Criminal Justice Information Services (CJIS) Division,
ATTN: SCU, Mod. D-2, 1000 Custer Hollow Road, Clarksburg, WV 26306 as
set forth in 28 CFR 16.30 through 16.34. In the latter case, the
Federal Bureau of Investigation (FBI) will forward the challenge to the
agency that submitted the data, and will request that the agency verify
or correct the challenged entry. Upon receipt of an official
communication directly from the agency that contributed the original
information, the FBI Identification Division makes any changes
necessary in accordance with the information supplied by that agency.
Licensees must provide at least 10 days for an individual to initiate
action to challenge the results of an FBI criminal history records
check after the record being made available for his or her review. The
licensee may make a final adverse determination based upon the criminal
history records only after receipt of the FBI's confirmation or
correction of the record.
(h) Records. (1) The licensee shall retain documentation regarding
the trustworthiness and reliability of individual employees for 3 years
from the date the individual no longer requires unescorted access to
category 1 or category 2 quantities of radioactive material.
(2) The licensee shall retain a copy of the current access
authorization program procedures as a record for 3 years after the
procedure is no longer needed. If any portion of the procedure is
superseded, the licensee shall retain the superseded material for 3
years after the record is superseded.
(3) The licensee shall retain the list of persons approved for
unescorted access authorization for 3 years after the list is
superseded or replaced.
Sec. 37.25 Background investigations.
(a) Initial investigation. Before allowing an individual unescorted
access to category 1 or category 2 quantities of radioactive material
or to the devices that contain the material, licensees shall complete a
background investigation of the individual seeking unescorted access
authorization. The scope of the investigation must encompass at least
the 7 years preceding the date of the background investigation or since
the individual's eighteenth birthday, whichever is shorter. The
background investigation must include at a minimum:
(1) Fingerprinting and an FBI identification and criminal history
records check in accordance with Sec. 37.27;
(2) Verification of true identity. Licensees shall verify the true
identity of the individual who is applying for unescorted access
authorization to ensure that the applicant is who he or she claims to
be. A licensee shall review official identification documents (e.g.,
driver's license; passport; government identification; certificate of
birth issued by the state, province, or country of birth) and compare
the documents to personal information data provided by the individual
to identify any discrepancy in the information. Licensees shall
document the type, expiration, and identification number of the
identification document, or maintain a photocopy of identifying
documents on file in accordance with Sec. 37.31. Licensees shall
certify in writing that the identification was properly reviewed, and
shall maintain the certification and all related documents for review
upon inspection;
(3) Employment history verification. Licensees shall complete an
employment history verification, including military history. Licensees
shall verify the individual's employment with each previous employer
for the most recent 7 years before the date of application;
(4) Verification of education. Licensees shall verify that the
individual participated in the education process during the claimed
period;
(5) Character and reputation determination. Licensees shall
complete reference checks to determine the character and reputation of
the individual who has applied for unescorted access authorization.
Unless other references are not available, reference checks may not be
conducted with any person who is known to be a close member of the
individual's family, including but not limited to the individual's
spouse, parents, siblings, or children, or any individual who resides
in the individual's permanent household. Reference checks under this
subpart must be limited to whether the individual has been and
continues to be trustworthy and reliable;
(6) The licensee shall also, to the extent possible, obtain
independent information to corroborate that provided by the individual
(e.g., seek references not supplied by the individual); and
(7) If a previous employer, educational institution, or any other
entity with which the individual claims to have been engaged fails to
provide information or indicates an inability or unwillingness to
provide information
[[Page 17012]]
within a time frame deemed appropriate by the licensee but at least
after 10 business days of the request or if the licensee is unable to
reach the entity, the licensee shall document the refusal,
unwillingness, or inability in the record of investigation; and attempt
to obtain the information from an alternate source.
(b) Grandfathering. (1) Individuals who have been determined to be
trustworthy and reliable for unescorted access to category 1 or
category 2 quantities of radioactive material under the Fingerprint
Orders may continue to have unescorted access to category 1 and
category 2 quantities of radioactive material without further
investigation. These individuals shall be subject to the
reinvestigation requirement.
(2) Individuals who have been determined to be trustworthy and
reliable under the provisions of part 73 of this chapter or the
security orders for access to safeguards information, safeguards
information-modified handling, or risk-significant material may have
unescorted access to category 1 and category 2 quantities of
radioactive material without further investigation. The licensee shall
document that the individual was determined to be trustworthy and
reliable under the provisions of part 73 of this chapter or a security
order. Security order, in this context, refers to any order that was
issued by the NRC that required fingerprints and an FBI criminal
history records check for access to safeguards information, safeguards
information-modified handling, or risk significant material such as
special nuclear material or large quantities of uranium hexafluoride.
These individuals shall be subject to the reinvestigation requirement.
(c) Reinvestigations. Licensees shall conduct a reinvestigation
every 10 years for any individual with unescorted access to category 1
or category 2 quantities of radioactive material. The reinvestigation
shall consist of fingerprinting and an FBI identification and criminal
history records check in accordance with Sec. 37.27. The
reinvestigations must be completed within 10 years of the date on which
these elements were last completed.
Sec. 37.27 Requirements for criminal history records checks of
individuals granted unescorted access to category 1 or category 2
quantities of radioactive material.
(a) General performance objective and requirements. (1) Except for
those individuals listed in Sec. 37.29 and those individuals
grandfathered under Sec. 37.25(b), each licensee subject to the
provisions of this subpart shall fingerprint each individual who is to
be permitted unescorted access to category 1 or category 2 quantities
of radioactive material. Licensees shall transmit all collected
fingerprints to the Commission for transmission to the FBI. The
licensee shall use the information received from the FBI as part of the
required background investigation to determine whether to grant or deny
further unescorted access to category 1 or category 2 quantities of
radioactive materials for that individual.
(2) The licensee shall notify each affected individual that his or
her fingerprints will be used to secure a review of his or her criminal
history record, and shall inform him or her of the procedures for
revising the record or adding explanations to the record.
(3) Fingerprinting is not required if a licensee is reinstating an
individual's unescorted access authorization to category 1 or category
2 quantities of radioactive materials if:
(i) The individual returns to the same facility that granted
unescorted access authorization within 365 days of the termination of
his or her unescorted access authorization; and
(ii) The previous access was terminated under favorable conditions.
(4) Fingerprints do not need to be taken if an individual who is an
employee of a licensee, contractor, manufacturer, or supplier has been
granted unescorted access to category 1 or category 2 quantities of
radioactive material, access to safeguards information, or safeguards
information-modified handling by another licensee, based upon a
background investigation conducted under this subpart, the Fingerprint
Orders, or part 73 of this chapter. An existing criminal history
records check file may be transferred to the licensee asked to grant
unescorted access in accordance with the provisions of Sec. 37.31(c).
(5) Licensees shall use the information obtained as part of a
criminal history records check solely for the purpose of determining an
individual's suitability for unescorted access authorization to
category 1 or category 2 quantities of radioactive materials, access to
safeguards information, or safeguards information-modified handling.
(b) Prohibitions. (1) Licensees may not base a final determination
to deny an individual unescorted access authorization to category 1 or
category 2 quantities of radioactive material solely on the basis of
information received from the FBI involving:
(i) An arrest more than 1 year old for which there is no
information of the disposition of the case; or
(ii) An arrest that resulted in dismissal of the charge or an
acquittal.
(2) Licensees may not use information received from a criminal
history records check obtained under this subpart in a manner that
would infringe upon the rights of any individual under the First
Amendment to the Constitution of the United States, nor shall licensees
use the information in any way that would discriminate among
individuals on the basis of race, religion, national origin, gender, or
age.
(c) Procedures for processing of fingerprint checks. (1) For the
purpose of complying with this subpart, licensees shall use an
appropriate method listed in Sec. 37.7 to submit to the U.S. Nuclear
Regulatory Commission, Director, Division of Facilities and Security,
11545 Rockville Pike, ATTN: Criminal History Program/Mail Stop TWB-05
B32M, Rockville, Maryland 20852, one completed, legible standard
fingerprint card (Form FD-258, ORIMDNRCOOOZ), electronic fingerprint
scan or, where practicable, other fingerprint record for each
individual requiring unescorted access to category 1 or category 2
quantities of radioactive material. Copies of these forms may be
obtained by writing the Office of Information Services, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001, by calling 1-630-829-
9565, or by email to nrc.gov">[email protected]nrc.gov. Guidance on submitting
electronic fingerprints can be found at http://www.nrc.gov/site-help/e-submittals.html.
(2) Fees for the processing of fingerprint checks are due upon
application. Licensees shall submit payment with the application for
the processing of fingerprints through corporate check, certified
check, cashier's check, money order, or electronic payment, made
payable to ``U.S. NRC.'' (For guidance on making electronic payments,
contact the Security Branch, Division of Facilities and Security at
301-492-3531.) Combined payment for multiple applications is
acceptable. The Commission publishes the amount of the fingerprint
check application fee on the NRC's public Web site. (To find the
current fee amount, go to the Electronic Submittals page at http://www.nrc.gov/site-help/e-submittals.html and see the link for the
Criminal History Program under Electronic Submission Systems.)
(3) The Commission will forward to the submitting licensee all data
received from the FBI as a result of the licensee's
[[Page 17013]]
application(s) for criminal history records checks.
Sec. 37.29 Relief from fingerprinting, identification, and criminal
history records checks and other elements of background investigations
for designated categories of individuals permitted unescorted access to
certain radioactive materials.
(a) Fingerprinting, and the identification and criminal history
records checks required by section 149 of the Atomic Energy Act of
1954, as amended, and other elements of the background investigation
are not required for the following individuals prior to granting
unescorted access to category 1 or category 2 quantities of radioactive
materials:
(1) An employee of the Commission or of the Executive Branch of the
U.S. Government who has undergone fingerprinting for a prior U.S.
Government criminal history records check;
(2) A Member of Congress;
(3) An employee of a member of Congress or Congressional committee
who has undergone fingerprinting for a prior U.S. Government criminal
history records check;
(4) The Governor of a State or his or her designated State employee
representative;
(5) Federal, State, or local law enforcement personnel;
(6) State Radiation Control Program Directors and State Homeland
Security Advisors or their designated State employee representatives;
(7) Agreement State employees conducting security inspections on
behalf of the NRC under an agreement executed under section 274.i. of
the Atomic Energy Act;
(8) Representatives of the International Atomic Energy Agency
(IAEA) engaged in activities associated with the U.S./IAEA Safeguards
Agreement who have been certified by the NRC;
(9) Emergency response personnel who are responding to an
emergency;
(10) Commercial vehicle drivers for road shipments of category 2
quantities of radioactive material;
(11) Package handlers at transportation facilities such as freight
terminals and railroad yards;
(12) Any individual who has an active Federal security clearance,
provided that he or she makes available the appropriate documentation.
Written confirmation from the agency/employer that granted the Federal
security clearance or reviewed the criminal history records check must
be provided to the licensee. The licensee shall retain this
documentation for a period of 3 years from the date the individual no
longer requires unescorted access to category 1 or category 2
quantities of radioactive material; and
(13) Any individual employed by a service provider licensee for
which the service provider licensee has conducted the background
investigation for the individual and approved the individual for
unescorted access to category 1 or category 2 quantities of radioactive
material. Written verification from the service provider must be
provided to the licensee. The licensee shall retain the documentation
for a period of 3 years from the date the individual no longer requires
unescorted access to category 1 or category 2 quantities of radioactive
material.
(b) Fingerprinting, and the identification and criminal history
records checks required by section 149 of the Atomic Energy Act of
1954, as amended, are not required for an individual who has had a
favorably adjudicated U.S. Government criminal history records check
within the last 5 years, under a comparable U.S. Government program
involving fingerprinting and an FBI identification and criminal history
records check provided that he or she makes available the appropriate
documentation. Written confirmation from the agency/employer that
reviewed the criminal history records check must be provided to the
licensee. The licensee shall retain this documentation for a period of
3 years from the date the individual no longer requires unescorted
access to category 1 or category 2 quantities of radioactive material.
These programs include, but are not limited to:
(1) National Agency Check;
(2) Transportation Worker Identification Credentials (TWIC) under
49 CFR part 1572;
(3) Bureau of Alcohol, Tobacco, Firearms, and Explosives background
check and clearances under 27 CFR part 555;
(4) Health and Human Services security risk assessments for
possession and use of select agents and toxins under 42 CFR part 73;
(5) Hazardous Material security threat assessment for hazardous
material endorsement to commercial drivers license under 49 CFR part
1572; and
(6) Customs and Border Protection's Free and Secure Trade (FAST)
Program.
Sec. 37.31 Protection of information.
(a) Each licensee who obtains background information on an
individual under this subpart shall establish and maintain a system of
files and written procedures for protection of the record and the
personal information from unauthorized disclosure.
(b) The licensee may not disclose the record or personal
information collected and maintained to persons other than the subject
individual, his or her representative, or to those who have a need to
have access to the information in performing assigned duties in the
process of granting or denying unescorted access to category 1 or
category 2 quantities of radioactive material, safeguards information,
or safeguards information-modified handling. No individual authorized
to have access to the information may disseminate the information to
any other individual who does not have a need to know.
(c) The personal information obtained on an individual from a
background investigation may be provided to another licensee:
(1) Upon the individual's written request to the licensee holding
the data to disseminate the information contained in his or her file;
and
(2) The recipient licensee verifies information such as name, date
of birth, social security number, gender, and other applicable physical
characteristics.
(d) The licensee shall make background investigation records
obtained under this subpart available for examination by an authorized
representative of the NRC to determine compliance with the regulations
and laws.
(e) The licensee shall retain all fingerprint and criminal history
records (including data indicating no record) received from the FBI, or
a copy of these records if the individual's file has been transferred,
on an individual for 3 years from the date the individual no longer
requires unescorted access to category 1 or category 2 quantities of
radioactive material.
Sec. 37.33 Access authorization program review.
(a) Each licensee shall be responsible for the continuing
effectiveness of the access authorization program. Each licensee shall
ensure that access authorization programs are reviewed to confirm
compliance with the requirements of this subpart and that comprehensive
actions are taken to correct any noncompliance that is identified. The
review program shall evaluate all program performance objectives and
requirements. Each licensee shall periodically (at least annually)
review the access program content and implementation.
(b) The results of the reviews, along with any recommendations,
must be
[[Page 17014]]
documented. Each review report must identify conditions that are
adverse to the proper performance of the access authorization program,
the cause of the condition(s), and, when appropriate, recommend
corrective actions, and corrective actions taken. The licensee shall
review the findings and take any additional corrective actions
necessary to preclude repetition of the condition, including
reassessment of the deficient areas where indicated.
(c) Review records must be maintained for 3 years.
Subpart C--Physical Protection Requirements During Use
Sec. 37.41 Security program.
(a) Applicability. (1) Each licensee that possesses an aggregated
category 1 or category 2 quantity of radioactive material shall
establish, implement, and maintain a security program in accordance
with the requirements of this subpart.
(2) An applicant for a new license and each licensee that would
become newly subject to the requirements of this subpart upon
application for modification of its license shall implement the
requirements of this subpart, as appropriate, before taking possession
of an aggregated category 1 or category 2 quantity of radioactive
material.
(3) Any licensee that has not previously implemented the Security
Orders or been subject to the provisions of subpart C shall provide
written notification to the NRC regional office specified in Sec. 30.6
of this chapter at least 90 days before aggregating radioactive
material to a quantity that equals or exceeds the category 2 threshold.
(b) General performance objective. Each licensee shall establish,
implement, and maintain a security program that is designed to monitor
and, without delay, detect, assess, and respond to an actual or
attempted unauthorized access to category 1 or category 2 quantities of
radioactive material.
(c) Program features. Each licensee's security program must include
the program features, as appropriate, described in Sec. Sec. 37.43,
37.45, 37.47, 37.49, 37.51, 37.53, and 37.55.
Sec. 37.43 General security program requirements.
(a) Security plan. (1) Each licensee identified in Sec. 37.41(a)
shall develop a written security plan specific to its facilities and
operations. The purpose of the security plan is to establish the
licensee's overall security strategy to ensure the integrated and
effective functioning of the security program required by this subpart.
The security plan must, at a minimum:
(i) Describe the measures and strategies used to implement the
requirements of this subpart; and
(ii) Identify the security resources, equipment, and technology
used to satisfy the requirements of this subpart.
(2) The security plan must be reviewed and approved by the
individual with overall responsibility for the security program.
(3) A licensee shall revise its security plan as necessary to
ensure the effective implementation of Commission requirements. The
licensee shall ensure that:
(i) The revision has been reviewed and approved by the individual
with overall responsibility for the security program; and
(ii) The affected individuals are instructed on the revised plan
before the changes are implemented.
(4) The licensee shall retain a copy of the current security plan
as a record for 3 years after the security plan is no longer required.
If any portion of the plan is superseded, the licensee shall retain the
superseded material for 3 years after the record is superseded.
(b) Implementing procedures. (1) The licensee shall develop and
maintain written procedures that document how the requirements of this
subpart and the security plan will be met.
(2) The implementing procedures and revisions to these procedures
must be approved in writing by the individual with overall
responsibility for the security program.
(3) The licensee shall retain a copy of the current procedure as a
record for 3 years after the procedure is no longer needed. Superseded
portions of the procedure must be retained for 3 years after the record
is superseded.
(c) Training. (1) Each licensee shall conduct training to ensure
that those individuals implementing the security program possess and
maintain the knowledge, skills, and abilities to carry out their
assigned duties and responsibilities effectively. The training must
include instruction in:
(i) The licensee's security program and procedures to secure
category 1 or category 2 quantities of radioactive material, and in the
purposes and functions of the security measures employed;
(ii) The responsibility to report promptly to the licensee any
condition that causes or may cause a violation of Commission
requirements;
(iii) The responsibility of the licensee to report promptly to the
local law enforcement agency and licensee any actual or attempted
theft, sabotage, or diversion of category 1 or category 2 quantities of
radioactive material; and
(iv) The appropriate response to security alarms.
(2) In determining those individuals who shall be trained on the
security program, the licensee shall consider each individual's
assigned activities during authorized use and response to potential
situations involving actual or attempted theft, diversion, or sabotage
of category 1 or category 2 quantities of radioactive material. The
extent of the training must be commensurate with the individual's
potential involvement in the security of category 1 or category 2
quantities of radioactive material.
(3) Refresher training must be provided at a frequency not to
exceed 12 months and when significant changes have been made to the
security program. This training must include:
(i) Review of the training requirements of paragraph (c) of this
section and any changes made to the security program since the last
training;
(ii) Reports on any relevant security issues, problems, and lessons
learned;
(iii) Relevant results of NRC inspections; and
(iv) Relevant results of the licensee's program review and testing
and maintenance.
(4) The licensee shall maintain records of the initial and
refresher training for 3 years from the date of the training. The
training records must include dates of the training, topics covered, a
list of licensee personnel in attendance, and related information.
(d) Protection of information. (1) Except as provided in paragraph
(d)(9) of this section, licensees authorized to possess category 1 or
category 2 quantities of radioactive material shall limit access to and
unauthorized disclosure of their security plan, implementing
procedures, and the list of individuals that have been approved for
unescorted access.
(2) Efforts to limit access shall include the development,
implementation, and maintenance of written policies and procedures for
controlling access to, and for proper handling and protection against
unauthorized disclosure of, the security plan and implementing
procedures.
(3) Before granting an individual access to the security plan or
implementing procedures, licensees shall:
(i) Evaluate an individual's need to know the security plan or
implementing procedures; and
(ii) If the individual has not been authorized for unescorted
access to
[[Page 17015]]
category 1 or category 2 quantities of radioactive material, safeguards
information, or safeguards information-modified handling, the licensee
must complete a background investigation to determine the individual's
trustworthiness and reliability. A trustworthiness and reliability
determination shall be conducted by the reviewing official and shall
include the background investigation elements contained in Sec.
37.25(a)(2) through (a)(7).
(4) Licensees need not subject the following individuals to the
background investigation elements for protection of information:
(i) The categories of individuals listed in Sec. 37.29(a)(1)
through (13); or
(ii) Security service provider employees, provided written
verification that the employee has been determined to be trustworthy
and reliable, by the required background investigation in Sec.
37.25(a)(2) through (a)(7), has been provided by the security service
provider.
(5) The licensee shall document the basis for concluding that an
individual is trustworthy and reliable and should be granted access to
the security plan or implementing procedures.
(6) Licensees shall maintain a list of persons currently approved
for access to the security plan or implementing procedures. When a
licensee determines that a person no longer needs access to the
security plan or implementing procedures or no longer meets the access
authorization requirements for access to the information, the licensee
shall remove the person from the approved list as soon as possible, but
no later than 7 working days, and take prompt measures to ensure that
the individual is unable to obtain the security plan or implementing
procedures.
(7) When not in use, the licensee shall store its security plan and
implementing procedures in a manner to prevent unauthorized access.
Information stored in nonremovable electronic form must be password
protected.
(8) The licensee shall retain as a record for 3 years after the
document is no longer needed:
(i) A copy of the information protection procedures; and
(ii) The list of individuals approved for access to the security
plan or implementing procedures.
(9) Licensees that possess safeguards information or safeguards
information-modified handling are subject to the requirements of Sec.
73.21 of this chapter, and shall protect any safeguards information or
safeguards information-modified handling in accordance with the
requirements of that section.
Sec. 37.45 LLEA coordination.
(a) A licensee subject to this subpart shall coordinate, to the
extent practicable, with an LLEA for responding to threats to the
licensee's facility, including any necessary armed response. The
information provided to the LLEA must include:
(1) A description of the facilities and the category 1 and category
2 quantities of radioactive materials along with a description of the
licensee's security measures that have been implemented to comply with
this subpart; and
(2) A notification that the licensee will request a timely armed
response by the LLEA to any actual or attempted theft, sabotage, or
diversion of category 1 or category 2 quantities of material.
(b) The licensee shall notify the appropriate NRC regional office
listed in Sec. 30.6(a)(2) of this chapter within 3 business days if:
(1) The LLEA has not responded to the request for coordination
within 60 days of the coordination request; or
(2) The LLEA notifies the licensee that the LLEA does not plan to
participate in coordination activities.
(c) The licensee shall document its efforts to coordinate with the
LLEA. The documentation must be kept for 3 years.
(d) The licensee shall coordinate with the LLEA at least every 12
months, or when changes to the facility design or operation adversely
affect the potential vulnerability of the licensee's material to theft,
sabotage, or diversion.
Sec. 37.47 Security zones.
(a) Licensees shall ensure that all aggregated category 1 and
category 2 quantities of radioactive material are used or stored within
licensee-established security zones. Security zones may be permanent or
temporary.
(b) Temporary security zones must be established as necessary to
meet the licensee's transitory or intermittent business activities,
such as periods of maintenance, source delivery, and source
replacement.
(c) Security zones must, at a minimum, allow unescorted access only
to approved individuals through:
(1) Isolation of category 1 and category 2 quantities of
radioactive materials by the use of continuous physical barriers that
allow access to the security zone only through established access
control points. A physical barrier is a natural or man-made structure
or formation sufficient for the isolation of the category 1 or category
2 quantities of radioactive material within a security zone; or
(2) Direct control of the security zone by approved individuals at
all times; or
(3) A combination of continuous physical barriers and direct
control.
(d) For category 1 quantities of radioactive material during
periods of maintenance, source receipt, preparation for shipment,
installation, or source removal or exchange, the licensee shall, at a
minimum, provide sufficient individuals approved for unescorted access
to maintain continuous surveillance of sources in temporary security
zones and in any security zone in which physical barriers or intrusion
detection systems have been disabled to allow such activities.
(e) Individuals not approved for unescorted access to category 1 or
category 2 quantities of radioactive material must be escorted by an
approved individual when in a security zone.
Sec. 37.49 Monitoring, detection, and assessment.
(a) Monitoring and detection. (1) Licensees shall establish and
maintain the capability to continuously monitor and detect without
delay all unauthorized entries into its security zones. Licensees shall
provide the means to maintain continuous monitoring and detection
capability in the event of a loss of the primary power source, or
provide for an alarm and response in the event of a loss of this
capability to continuously monitor and detect unauthorized entries.
(2) Monitoring and detection must be performed by:
(i) A monitored intrusion detection system that is linked to an
onsite or offsite central monitoring facility; or
(ii) Electronic devices for intrusion detection alarms that will
alert nearby facility personnel; or
(iii) A monitored video surveillance system; or
(iv) Direct visual surveillance by approved individuals located
within the security zone; or
(v) Direct visual surveillance by a licensee designated individual
located outside the security zone.
(3) A licensee subject to this subpart shall also have a means to
detect unauthorized removal of the radioactive material from the
security zone. This detection capability must provide:
(i) For category 1 quantities of radioactive material, immediate
detection of any attempted unauthorized removal of the radioactive
material from the security zone. Such immediate detection capability
must be provided by:
(A) Electronic sensors linked to an alarm; or
(B) Continuous monitored video surveillance; or
[[Page 17016]]
(C) Direct visual surveillance.
(ii) For category 2 quantities of radioactive material, weekly
verification through physical checks, tamper indicating devices, use,
or other means to ensure that the radioactive material is present.
(b) Assessment. Licensees shall immediately assess each actual or
attempted unauthorized entry into the security zone to determine
whether the unauthorized access was an actual or attempted theft,
sabotage, or diversion.
(c) Personnel communications and data transmission. For personnel
and automated or electronic systems supporting the licensee's
monitoring, detection, and assessment systems, licensees shall:
(1) Maintain continuous capability for personnel communication and
electronic data transmission and processing among site security
systems; and
(2) Provide an alternative communication capability for personnel,
and an alternative data transmission and processing capability, in the
event of a loss of the primary means of communication or data
transmission and processing. Alternative communications and data
transmission systems may not be subject to the same failure modes as
the primary systems.
(d) Response. Licensees shall immediately respond to any actual or
attempted unauthorized access to the security zones, or actual or
attempted theft, sabotage, or diversion of category 1 or category 2
quantities of radioactive material at licensee facilities or temporary
job sites. For any unauthorized access involving an actual or attempted
theft, sabotage, or diversion of category 1 or category 2 quantities of
radioactive material, the licensee's response shall include requesting,
without delay, an armed response from the LLEA.
Sec. 37.51 Maintenance and testing.
(a) Each licensee subject to this subpart shall implement a
maintenance and testing program to ensure that intrusion alarms,
associated communication systems, and other physical components of the
systems used to secure or detect unauthorized access to radioactive
material are maintained in operable condition and are capable of
performing their intended function when needed. The equipment relied on
to meet the security requirements of this part must be inspected and
tested for operability and performance at the manufacturer's suggested
frequency. If there is no suggested manufacturer's suggested frequency,
the testing must be performed at least annually, not to exceed 12
months.
(b) The licensee shall maintain records on the maintenance and
testing activities for 3 years.
Sec. 37.53 Requirements for mobile devices.
Each licensee that possesses mobile devices containing category 1
or category 2 quantities of radioactive material must:
(a) Have two independent physical controls that form tangible
barriers to secure the material from unauthorized removal when the
device is not under direct control and constant surveillance by the
licensee; and
(b) For devices in or on a vehicle or trailer, unless the health
and safety requirements for a site prohibit the disabling of the
vehicle, the licensee shall utilize a method to disable the vehicle or
trailer when not under direct control and constant surveillance by the
licensee. Licensees shall not rely on the removal of an ignition key to
meet this requirement.
Sec. 37.55 Security program review.
(a) Each licensee shall be responsible for the continuing
effectiveness of the security program. Each licensee shall ensure that
the security program is reviewed to confirm compliance with the
requirements of this subpart and that comprehensive actions are taken
to correct any noncompliance that is identified. The review must
include the radioactive material security program content and
implementation. Each licensee shall periodically (at least annually)
review the security program content and implementation.
(b) The results of the review, along with any recommendations, must
be documented. Each review report must identify conditions that are
adverse to the proper performance of the security program, the cause of
the condition(s), and, when appropriate, recommend corrective actions,
and corrective actions taken. The licensee shall review the findings
and take any additional corrective actions necessary to preclude
repetition of the condition, including reassessment of the deficient
areas where indicated.
(c) The licensee shall maintain the review documentation for 3
years.
Sec. 37.57 Reporting of events.
(a) The licensee shall immediately notify the LLEA after
determining that an unauthorized entry resulted in an actual or
attempted theft, sabotage, or diversion of a category 1 or category 2
quantity of radioactive material. As soon as possible after initiating
a response, but not at the expense of causing delay or interfering with
the LLEA response to the event, the licensee shall notify the NRC's
Operations Center (301-816-5100). In no case shall the notification to
the NRC be later than 4 hours after the discovery of any attempted or
actual theft, sabotage, or diversion.
(b) The licensee shall assess any suspicious activity related to
possible theft, sabotage, or diversion of category 1 or category 2
quantities of radioactive material and notify the LLEA as appropriate.
As soon as possible but not later than 4 hours after notifying the
LLEA, the licensee shall notify the NRC's Operations Center (301-816-
5100).
(c) The initial telephonic notification required by paragraph (a)
of this section must be followed within a period of 30 days by a
written report submitted to the NRC by an appropriate method listed in
Sec. 37.7. The report must include sufficient information for NRC
analysis and evaluation, including identification of any necessary
corrective actions to prevent future instances.
Subpart D--Physical Protection in Transit
Sec. 37.71 Additional requirements for transfer of category 1 and
category 2 quantities of radioactive material.
A licensee transferring a category 1 or category 2 quantity of
radioactive material to a licensee of the Commission or an Agreement
State shall meet the license verification provisions listed below
instead of those listed in Sec. 30.41(d) of this chapter:
(a) Any licensee transferring category 1 quantities of radioactive
material to a licensee of the Commission or an Agreement State, prior
to conducting such transfer, shall verify with the NRC's license
verification system or the license issuing authority that the
transferee's license authorizes the receipt of the type, form, and
quantity of radioactive material to be transferred and that the
licensee is authorized to receive radioactive material at the location
requested for delivery. If the verification is conducted by contacting
the license issuing authority, the transferor shall document the
verification. For transfers within the same organization, the licensee
does not need to verify the transfer.
(b) Any licensee transferring category 2 quantities of radioactive
material to a licensee of the Commission or an Agreement State, prior
to conducting such transfer, shall verify with the NRC's license
verification system or the license issuing authority that the
transferee's license authorizes the
[[Page 17017]]
receipt of the type, form, and quantity of radioactive material to be
transferred. If the verification is conducted by contacting the license
issuing authority, the transferor shall document the verification. For
transfers within the same organization, the licensee does not need to
verify the transfer.
(c) In an emergency where the licensee cannot reach the license
issuing authority and the license verification system is nonfunctional,
the licensee may accept a written certification by the transferee that
it is authorized by license to receive the type, form, and quantity of
radioactive material to be transferred. The certification must include
the license number, current revision number, issuing agency, expiration
date, and for a category 1 shipment the authorized address. The
licensee shall keep a copy of the certification. The certification must
be confirmed by use of the NRC's license verification system or by
contacting the license issuing authority by the end of the next
business day.
(d) The transferor shall keep a copy of the verification
documentation as a record for 3 years.
Sec. 37.73 Applicability of physical protection of category 1 and
category 2 quantities of radioactive material during transit.
(a) For shipments of category 1 quantities of radioactive material,
each shipping licensee shall comply with the requirements for physical
protection contained in Sec. Sec. 37.75(a) and (e); 37.77;
37.79(a)(1), (b)(1), and (c); and 37.81(a), (c), (e), (g) and (h).
(b) For shipments of category 2 quantities of radioactive material,
each shipping licensee shall comply with the requirements for physical
protection contained in Sec. Sec. 37.75(b) through (e); 37.79(a)(2),
(a)(3), (b)(2), and (c); and 37.81(b), (d), (f), (g), and (h). For
those shipments of category 2 quantities of radioactive material that
meet the criteria of Sec. 71.97(b) of this chapter, the shipping
licensee shall also comply with the advance notification provisions of
Sec. 71.97 of this chapter.
(c) The shipping licensee shall be responsible for meeting the
requirements of this subpart unless the receiving licensee has agreed
in writing to arrange for the in-transit physical protection required
under this subpart.
(d) Each licensee that imports or exports category 1 quantities of
radioactive material shall comply with the requirements for physical
protection during transit contained in Sec. Sec. 37.75(a)(2) and (e);
37.77; 37.79(a)(1), (b)(1), and (c); and 37.81(a), (c), (e), (g), and
(h) for the domestic portion of the shipment.
(e) Each licensee that imports or exports category 2 quantities of
radioactive material shall comply with the requirements for physical
protection during transit contained in Sec. Sec. 37.79(a)(2), (a)(3),
and (b)(2); and 37.81(b), (d), (f), (g), and (h) for the domestic
portion of the shipment.
Sec. 37.75 Preplanning and coordination of shipment of category 1 or
category 2 quantities of radioactive material.
(a) Each licensee that plans to transport, or deliver to a carrier
for transport, licensed material that is a category 1 quantity of
radioactive material outside the confines of the licensee's facility or
other place of use or storage shall:
(1) Preplan and coordinate shipment arrival and departure times
with the receiving licensee;
(2) Preplan and coordinate shipment information with the governor
or the governor's designee of any State through which the shipment will
pass to:
(i) Discuss the State's intention to provide law enforcement
escorts; and
(ii) Identify safe havens; and
(3) Document the preplanning and coordination activities.
(b) Each licensee that plans to transport, or deliver to a carrier
for transport, licensed material that is a category 2 quantity of
radioactive material outside the confines of the licensee's facility or
other place of use or storage shall coordinate the shipment no-later-
than arrival time and the expected shipment arrival with the receiving
licensee. The licensee shall document the coordination activities.
(c) Each licensee who receives a shipment of a category 2 quantity
of radioactive material shall confirm receipt of the shipment with the
originator. If the shipment has not arrived by the no-later-than
arrival time, the receiving licensee shall notify the originator.
(d) Each licensee, who transports or plans to transport a shipment
of a category 2 quantity of radioactive material, and determines that
the shipment will arrive after the no-later-than arrival time provided
pursuant to paragraph (b) of this section, shall promptly notify the
receiving licensee of the new no-later-than arrival time.
(e) The licensee shall retain a copy of the documentation for
preplanning and coordination and any revision thereof, as a record for
3 years.
Sec. 37.77 Advance notification of shipment of category 1 quantities
of radioactive material.
As specified in paragraphs (a) and (b) of this section, each
licensee shall provide advance notification to the NRC and the governor
of a State, or the governor's designee, of the shipment of licensed
material in a category 1 quantity, through or across the boundary of
the State, before the transport, or delivery to a carrier for transport
of the licensed material outside the confines of the licensee's
facility or other place of use or storage.
(a) Procedures for submitting advance notification. (1) The
notification must be made to the NRC and to the office of each
appropriate governor or governor's designee. The contact information,
including telephone and mailing addresses, of governors and governors'
designees, is available on the NRC's Web site at http://nrc-stp.ornl.gov/special/designee.pdf. A list of the contact information is
also available upon request from the Director, Division of
Intergovernmental Liaison and Rulemaking, Office of Federal and State
Materials and Environmental Management Programs, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001. Notifications to the
NRC must be to the NRC's Director, Division of Security Policy, Office
of Nuclear Security and Incident Response, U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001. The notification to the NRC may
be made by email to RAMQC_SHIPMENTS@nrc.gov or by fax to
301-816-5151.
(2) A notification delivered by mail must be postmarked at least 7
days before transport of the shipment commences at the shipping
facility.
(3) A notification delivered by any means other than mail must
reach NRC at least 4 days before the transport of the shipment
commences and must reach the office of the governor or the governor's
designee at least 4 days before transport of a shipment within or
through the State.
(b) Information to be furnished in advance notification of
shipment. Each advance notification of shipment of category 1
quantities of radioactive material must contain the following
information, if available at the time of notification:
(1) The name, address, and telephone number of the shipper,
carrier, and receiver of the category 1 radioactive material;
(2) The license numbers of the shipper and receiver;
(3) A description of the radioactive material contained in the
shipment, including the radionuclides and quantity;
(4) The point of origin of the shipment and the estimated time and
date that shipment will commence;
[[Page 17018]]
(5) The estimated time and date that the shipment is expected to
enter each State along the route;
(6) The estimated time and date of arrival of the shipment at the
destination; and
(7) A point of contact, with a telephone number, for current
shipment information.
(c) Revision notice. (1) The licensee shall provide any information
not previously available at the time of the initial notification, as
soon as the information becomes available but not later than
commencement of the shipment, to the governor of the State or the
governor's designee and to the NRC's Director of Nuclear Security,
Office of Nuclear Security and Incident Response, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001.
(2) A licensee shall promptly notify the governor of the State or
the governor's designee of any changes to the information provided in
accordance with paragraphs (b) and (c)(1) of this section. The licensee
shall also immediately notify the NRC's Director, Division of Security
Policy, Office of Nuclear Security and Incident Response, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001 of any such changes.
(d) Cancellation notice. Each licensee who cancels a shipment for
which advance notification has been sent shall send a cancellation
notice to the governor of each State or to the governor's designee
previously notified and to the NRC's Director, Division of Security
Policy, Office of Nuclear Security and Incident Response, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001. The licensee shall
send the cancellation notice before the shipment would have commenced
or as soon thereafter as possible. The licensee shall state in the
notice that it is a cancellation and identify the advance notification
that is being cancelled.
(e) Records. The licensee shall retain a copy of the advance
notification and any revision and cancellation notices as a record for
3 years.
(f) Protection of information. State officials, State employees,
and other individuals, whether or not licensees of the Commission or an
Agreement State, who receive schedule information of the kind specified
in Sec. 37.77(b) shall protect that information against unauthorized
disclosure as specified in Sec. 73.21 of this chapter.
Sec. 37.79 Requirements for physical protection of category 1 and
category 2 quantities of radioactive material during shipment.
(a) Shipments by road. (1) Each licensee who transports, or
delivers to a carrier for transport, in a single shipment, a category 1
quantity of radioactive material shall:
(i) Ensure that movement control centers are established that
maintain position information from a remote location. These control
centers must monitor shipments 24 hours a day, 7 days a week, and have
the ability to communicate immediately, in an emergency, with the
appropriate law enforcement agencies.
(ii) Ensure that redundant communications are established that
allow the transport to contact the escort vehicle (when used) and
movement control center at all times. Redundant communications may not
be subject to the same interference factors as the primary
communication.
(iii) Ensure that shipments are continuously and actively monitored
by a telemetric position monitoring system or an alternative tracking
system reporting to a movement control center. A movement control
center must provide positive confirmation of the location, status, and
control over the shipment. The movement control center must be prepared
to promptly implement preplanned procedures in response to deviations
from the authorized route or a notification of actual, attempted, or
suspicious activities related to the theft, loss, or diversion of a
shipment. These procedures will include, but not be limited to, the
identification of and contact information for the appropriate LLEA
along the shipment route.
(iv) Provide an individual to accompany the driver for those
highway shipments with a driving time period greater than the maximum
number of allowable hours of service in a 24-hour duty day as
established by the Department of Transportation Federal Motor Carrier
Safety Administration. The accompanying individual may be another
driver.
(v) Develop written normal and contingency procedures to address:
(A) Notifications to the communication center and law enforcement
agencies;
(B) Communication protocols. Communication protocols must include a
strategy for the use of authentication codes and duress codes and
provisions for refueling or other stops, detours, and locations where
communication is expected to be temporarily lost;
(C) Loss of communications; and
(D) Responses to an actual or attempted theft or diversion of a
shipment.
(vi) Each licensee who makes arrangements for the shipment of
category 1 quantities of radioactive material shall ensure that
drivers, accompanying personnel, and movement control center personnel
have access to the normal and contingency procedures.
(2) Each licensee that transports category 2 quantities of
radioactive material shall maintain constant control and/or
surveillance during transit and have the capability for immediate
communication to summon appropriate response or assistance.
(3) Each licensee who delivers to a carrier for transport, in a
single shipment, a category 2 quantity of radioactive material shall:
(i) Use carriers that have established package tracking systems. An
established package tracking system is a documented, proven, and
reliable system routinely used to transport objects of value. In order
for a package tracking system to maintain constant control and/or
surveillance, the package tracking system must allow the shipper or
transporter to identify when and where the package was last and when it
should arrive at the next point of control.
(ii) Use carriers that maintain constant control and/or
surveillance during transit and have the capability for immediate
communication to summon appropriate response or assistance; and
(iii) Use carriers that have established tracking systems that
require an authorized signature prior to releasing the package for
delivery or return.
(b) Shipments by rail. (1) Each licensee who transports, or
delivers to a carrier for transport, in a single shipment, a category 1
quantity of radioactive material shall:
(i) Ensure that rail shipments are monitored by a telemetric
position monitoring system or an alternative tracking system reporting
to the licensee, third-party, or railroad communications center. The
communications center shall provide positive confirmation of the
location of the shipment and its status. The communications center
shall implement preplanned procedures in response to deviations from
the authorized route or to a notification of actual, attempted, or
suspicious activities related to the theft or diversion of a shipment.
These procedures will include, but not be limited to, the
identification of and contact information for the appropriate LLEA
along the shipment route.
[[Page 17019]]
(ii) Ensure that periodic reports to the communications center are
made at preset intervals.
(2) Each licensee who transports, or delivers to a carrier for
transport, in a single shipment, a category 2 quantity of radioactive
material shall:
(i) Use carriers that have established package tracking systems. An
established package tracking system is a documented, proven, and
reliable system routinely used to transport objects of value. In order
for a package tracking system to maintain constant control and/or
surveillance, the package tracking system must allow the shipper or
transporter to identify when and where the package was last and when it
should arrive at the next point of control.
(ii) Use carriers that maintain constant control and/or
surveillance during transit and have the capability for immediate
communication to summon appropriate response or assistance; and
(iii) Use carriers that have established tracking systems that
require an authorized signature prior to releasing the package for
delivery or return.
(c) Investigations. Each licensee who makes arrangements for the
shipment of category 1 quantities of radioactive material shall
immediately conduct an investigation upon the discovery that a category
1 shipment is lost or missing. Each licensee who makes arrangements for
the shipment of category 2 quantities of radioactive material shall
immediately conduct an investigation, in coordination with the
receiving licensee, of any shipment that has not arrived by the
designated no-later-than arrival time.
Sec. 37.81 Reporting of events.
(a) The shipping licensee shall notify the appropriate LLEA and the
NRC's Operations Center (301-816-5100) within 1 hour of its
determination that a shipment of category 1 quantities of radioactive
material is lost or missing. The appropriate LLEA would be the law
enforcement agency in the area of the shipment's last confirmed
location. During the investigation required by Sec. 37.79(c), the
shipping licensee will provide agreed upon updates to the NRC's
Operations Center on the status of the investigation.
(b) The shipping licensee shall notify the NRC's Operations Center
(301-816-5100) within 4 hours of its determination that a shipment of
category 2 quantities of radioactive material is lost or missing. If,
after 24 hours of its determination that the shipment is lost or
missing, the radioactive material has not been located and secured, the
licensee shall immediately notify the NRC's Operations Center.
(c) The shipping licensee shall notify the designated LLEA along
the shipment route as soon as possible upon discovery of any actual or
attempted theft or diversion of a shipment or suspicious activities
related to the theft or diversion of a shipment of a category 1
quantity of radioactive material. As soon as possible after notifying
the LLEA, the licensee shall notify the NRC's Operations Center (301-
816-5100) upon discovery of any actual or attempted theft or diversion
of a shipment, or any suspicious activity related to the shipment of
category 1 radioactive material.
(d) The shipping licensee shall notify the NRC's Operations Center
(301-816-5100) as soon as possible upon discovery of any actual or
attempted theft or diversion of a shipment, or any suspicious activity
related to the shipment, of a category 2 quantity of radioactive
material.
(e) The shipping licensee shall notify the NRC's Operations Center
(301-816-5100) and the LLEA as soon as possible upon recovery of any
lost or missing category 1 quantities of radioactive material.
(f) The shipping licensee shall notify the NRC's Operations Center
(301-816-5100) as soon as possible upon recovery of any lost or missing
category 2 quantities of radioactive material.
(g) The initial telephonic notification required by paragraphs (a)
through (d) of this section must be followed within a period of 30 days
by a written report submitted to the NRC by an appropriate method
listed in Sec. 37.7. A written report is not required for
notifications on suspicious activities required by paragraphs (c) and
(d) of this section. In addition, the licensee shall provide one copy
of the written report addressed to the Director, Division of Security
Policy, Office of Nuclear Security and Incident Response, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001. The report must set
forth the following information:
(1) A description of the licensed material involved, including
kind, quantity, and chemical and physical form;
(2) A description of the circumstances under which the loss or
theft occurred;
(3) A statement of disposition, or probable disposition, of the
licensed material involved;
(4) Actions that have been taken, or will be taken, to recover the
material; and
(5) Procedures or measures that have been, or will be, adopted to
ensure against a recurrence of the loss or theft of licensed material.
(h) Subsequent to filing the written report, the licensee shall
also report any additional substantive information on the loss or theft
within 30 days after the licensee learns of such information.
Subpart E--[Reserved]
Subpart F--Records
Sec. 37.101 Form of records.
Each record required by this part must be legible throughout the
retention period specified by each Commission regulation. The record
may be the original or a reproduced copy or a microform, provided that
the copy or microform is authenticated by authorized personnel and that
the microform is capable of producing a clear copy throughout the
required retention period. The record may also be stored in electronic
media with the capability for producing legible, accurate, and complete
records during the required retention period. Records such as letters,
drawings, and specifications, must include all pertinent information
such as stamps, initials, and signatures. The licensee shall maintain
adequate safeguards against tampering with and loss of records.
Sec. 37.103 Record retention.
Licensees shall maintain the records that are required by the
regulations in this part for the period specified by the appropriate
regulation. If a retention period is not otherwise specified, these
records must be retained until the Commission terminates the facility's
license. All records related to this part may be destroyed upon
Commission termination of the facility license.
Subpart G--Enforcement
Sec. 37.105 Inspections.
(a) Each licensee shall afford to the Commission at all reasonable
times opportunity to inspect category 1 or category 2 quantities of
radioactive material and the premises and facilities wherein the
nuclear material is used, produced, or stored.
(b) Each licensee shall make available to the Commission for
inspection, upon reasonable notice, records kept by the licensee
pertaining to its receipt, possession, use, acquisition, import,
export, or transfer of category 1 or category 2 quantities of
radioactive material.
Sec. 37.107 Violations.
(a) The Commission may obtain an injunction or other court order to
[[Page 17020]]
prevent a violation of the provisions of--
(1) The Atomic Energy Act of 1954, as amended;
(2) Title II of the Energy Reorganization Act of 1974, as amended;
or
(3) A regulation or order issued pursuant to those Acts.
(b) The Commission may obtain a court order for the payment of a
civil penalty imposed under section 234 of the Atomic Energy Act:
(1) For violations of--
(i) Sections 53, 57, 62, 63, 81, 82, 101, 103, 104, 107, or 109 of
the Atomic Energy Act of 1954, as amended:
(ii) Section 206 of the Energy Reorganization Act;
(iii) Any rule, regulation, or order issued pursuant to the
sections specified in paragraph (b)(1)(i) of this section;
(iv) Any term, condition, or limitation of any license issued under
the sections specified in paragraph (b)(1)(i) of this section.
(2) For any violation for which a license may be revoked under
Section 186 of the Atomic Energy Act of 1954, as amended.
Sec. 37.109 Criminal penalties.
(a) Section 223 of the Atomic Energy Act of 1954, as amended,
provides for criminal sanctions for willful violation of, attempted
violation of, or conspiracy to violate, any regulation issued under
sections 161b, 161i, or 161o of the Act. For purposes of section 223,
all the regulations in this part 37 are issued under one or more of
sections 161b, 161i, or 161o, except for the sections listed in
paragraph (b) of this section.
(b) The regulations in this part 37 that are not issued under
sections 161b, 161i, or 161o for the purposes of section 223 are as
follows: Sec. Sec. 37.1, 37.3, 37.5, 37.7, 37.9, 37.11, 37.13, 37.107,
and 37.109.
Appendix A to Part 37--Category 1 and Category 2 Radioactive Materials
Table 1--Category 1 and Category 2 Threshold
The terabecquerel (TBq) values are the regulatory standard. The
curie (Ci) values specified are obtained by converting from the TBq
value. The curie values are provided for practical usefulness only.
----------------------------------------------------------------------------------------------------------------
Category 1 Category 1 Category 2 Category 2
Radioactive material (TBq) (Ci) (TBq) (Ci)
----------------------------------------------------------------------------------------------------------------
Americium-241................................... 60 1,620 0.6 16.2
Americium-241/Be................................ 60 1,620 0.6 16.2
Californium-252................................. 20 540 0.2 5.40
Cobalt-60....................................... 30 810 0.3 8.10
Curium-244...................................... 50 1,350 0.5 13.5
Cesium-137...................................... 100 2,700 1 27.0
Gadolinium-153.................................. 1,000 27,000 10 270
Iridium-192..................................... 80 2,160 0.8 21.6
Plutonium-238................................... 60 1,620 0.6 16.2
Plutonium-239/Be................................ 60 1,620 0.6 16.2
Promethium-147.................................. 40,000 1,080,000 400 10,800
Radium-226...................................... 40 1,080 0.4 10.8
Selenium-75..................................... 200 5,400 2 54.0
Strontium-90.................................... 1,000 27,000 10 270
Thulium-170..................................... 20,000 540,000 200 5,400
Ytterbium-169................................... 300 8,100 3 81.0
----------------------------------------------------------------------------------------------------------------
Note: Calculations Concerning Multiple Sources or Multiple
Radionuclides
The ''sum of fractions'' methodology for evaluating combinations
of multiple sources or multiple radionuclides is to be used in
determining whether a location meets or exceeds the threshold and is
thus subject to the requirements of this part.
I. If multiple sources of the same radionuclide and/or multiple
radionuclides are aggregated at a location, the sum of the ratios of
the total activity of each of the radionuclides must be determined
to verify whether the activity at the location is less than the
category 1 or category 2 thresholds of Table 1, as appropriate. If
the calculated sum of the ratios, using the equation below, is
greater than or equal to 1.0, then the applicable requirements of
this part apply.
II. First determine the total activity for each radionuclide
from Table 1. This is done by adding the activity of each individual
source, material in any device, and any loose or bulk material that
contains the radionuclide. Then use the equation below to calculate
the sum of the ratios by inserting the total activity of the
applicable radionuclides from Table 1 in the numerator of the
equation and the corresponding threshold activity from Table 1 in
the denominator of the equation. Calculations must be performed in
metric values (i.e., TBq) and the numerator and denominator values
must be in the same units.
R1 = total activity for radionuclide 1
R2 = total activity for radionuclide 2
RN = total activity for radionuclide n
AR1 = activity threshold for radionuclide 1
AR2 = activity threshold for radionuclide 2
ARN = activity threshold for radionuclide n
[GRAPHIC] [TIFF OMITTED] TR19MR13.000
PART 39--LICENSES AND RADIATION SAFETY REQUIREMENTS FOR WELL
LOGGING
0
18. The authority citation for part 39 continues to read as follows:
Authority: Atomic Energy Act secs. 53, 57, 62, 63, 65, 69, 81,
82, 161, 181, 182, 183, 186, 223, 234 (42 U.S.C. 2073, 2077, 2092,
2093, 2095, 2099, 2111, 2112, 2201, 2231, 2232, 2233, 2236, 2273,
2282); Energy Reorganization Act secs. 201, 202, 206 (42 U.S.C.
5841, 5842, 5846); Government Paperwork Elimination Act sec. 1704
(44 U.S.C. 3504 note).
0
19. In Sec. 39.1, paragraph (a) is revised to read as follows:
Sec. 39.1 Purpose and scope.
(a) This part prescribes requirements for the issuance of a license
authorizing the use of licensed materials including sealed sources,
radioactive tracers, radioactive markers, and uranium sinker bars in
well logging in a single well. This part also prescribes radiation
safety requirements for persons using licensed materials in these
operations. The provisions and requirements of this part are in
addition to, and not in substitution for, other requirements of this
chapter. In particular, the provisions of parts 19, 20, 21, 30, 37, 40,
70, 71, and 150 of this chapter apply to applicants and licensees
subject to this part.
* * * * *
[[Page 17021]]
PART 51--ENVIRONMENTAL PROTECTION REGULATIONS FOR DOMESTIC
LICENSING AND RELATED REGULATORY FUNCTIONS
0
20. The authority citation for part 51 continues to read as follows:
Authority: Atomic Energy Act sec. 161, 1701 (42 U.S.C. 2201,
2297f); Energy Reorganization Act secs. 201, 202, 211 (42 U.S.C.
5841, 5842, 5851); Government Paperwork Elimination Act sec. 1704
(44 U.S.C. 3504 note). Subpart A also issued under National
Environmental Policy Act secs. 102, 104, 105 (42 U.S.C. 4332, 4334,
4335); Pub. L. 95-604, Title II, 92 Stat. 3033 3041; Atomic Energy
Act sec. 193 (42 U.S.C. 2243). Sections 51.20, 51.30, 51.60, 51.80.
and 51.97 also issued under Nuclear Waste Policy Act secs. 135, 141,
148 (42 U.S.C. 10155, 10161, 10168). Section 51.22 also issued under
Atomic Energy Act sec. 274 (42 U.S.C. 2021) and under Nuclear Waste
Policy Act sec. 121 (42 U.S.C. 10141). Sections 51.43, 51.67, and
51.109 also issued under Nuclear Waste Policy Act sec. 114(f) (42
U.S.C. 10134(f)).
0
21. In Sec. 51.22, the introductory text of paragraph (c)(3) is
revised to read as follows:
Sec. 51.22 Criterion for categorical exclusion; identification of
licensing and regulatory actions eligible for categorical exclusion or
otherwise not requiring environmental review.
* * * * *
(c) * * *
(3) Amendments to parts 20, 30, 31, 32, 33, 34, 35, 37, 39, 40, 50,
51, 52, 54, 60, 61, 63, 70, 71, 72, 73, 74, 81, and 100 of this chapter
which relate to--
* * * * *
PART 71--PACKAGING AND TRANSPORTATION OF RADIOACTIVE MATERIAL
0
22. The authority citation for part 71 continues to read as follows:
Authority: Atomic Energy Act secs. 53, 57, 62, 63, 81, 161,
182, 183, 223, 234, 1701 (42 U.S.C. 2073, 2077, 2092, 2093, 2111,
2201, 2232, 2233, 2273, 2282, 2297f); Energy Reorganization Act
secs. 201, 202, 206, 211 (42 U.S.C. 5841, 5842, 5846, 5851); Nuclear
Waste Policy Act sec. 180 (42 U.S.C. 10175); Government Paperwork
Elimination Act sec. 1704 (44 U.S.C. 3504 note); Energy Policy Act
of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Section 71.97
also issued under sec. 301, Pub. L. 96-295, 94 Stat. 789 790.
0
23. In Sec. 71.97, the introductory text of paragraph (b) is revised
to read as follows:
Sec. 71.97 Advance notification of shipment of irradiated reactor
fuel and nuclear waste.
* * * * *
(b) Advance notification is also required under this section for
the shipment of licensed material, other than irradiated fuel, meeting
the following three conditions:
* * * * *
PART 73--PHYSICAL PROTECTION OF PLANTS AND MATERIALS
0
24. The authority citation for part 73 continues to read as follows:
Authority: Atomic Energy Act secs. 53, 147, 161, 223, 234, 1701
(42 U.S.C. 2073, 2167, 2169, 2201, 2273, 2282, 2297(f), 2210(e));
Energy Reorganization Act sec. 201, 204 (42 U.S.C. 5841, 5844);
Government Paperwork Elimination Act sec. 1704, 112 Stat. 2750 (44
U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. 109-58, 119
Stat. 594 (2005).
Section 73.1 also issued under Nuclear Waste Policy Act secs.
135, 141 (42 U.S.C, 10155, 10161). Section 73.37(f) also issued
under sec. 301, Pub. L. 96-295, 94 Stat. 789 (42 U.S.C. 5841 note).
0
25. A new Sec. 73.35 is added to read as follows:
Sec. 73.35 Requirements for physical protection of irradiated reactor
fuel (100 grams or less) in transit.
Each licensee who transports, or delivers to a carrier for
transport, in a single shipment, a quantity of irradiated reactor fuel
weighing 100 grams (0.22 pounds) or less in net weight of irradiated
fuel, exclusive of cladding or other structural or packaging material,
which has a total external radiation dose rate in excess of 1 Gray (100
rad) per hour at a distance of 1 meter (3.3 feet) from any accessible
surface without intervening shielding, shall follow the physical
protection requirements for category 1 quantities of radioactive
material in subpart D of part 37 of this chapter.
Dated at Rockville, Maryland, this 8th day of March, 2013.
For the Nuclear Regulatory Commission.
Annette Vietti-Cook,
Secretary of the Commission.
Note: This Appendix Will Not Appear in the Code of Federal
Regulations.
APPENDIX A TO THIS FINAL RULE--REGULATORY FLEXIBILITY ANALYSIS FOR THE
AMENDMENTS TO 10 CFR PARTS 20, 30, 32, 33, 34, 35, 36, 37, 39, 51, 71,
AND 73 (PHYSICAL PROTECTION OF BYPRODUCT MATERIAL)
I. Background
The Regulatory Flexibility Act (RFA), as amended 5 U.S.C. 601 et
seq., requires that agencies consider the impact of their
rulemakings on small entities and, consistent with applicable
statutes, consider alternatives to minimize these impacts on the
businesses, organizations, and government jurisdictions to which
they apply.
The U.S. Nuclear Regulatory Commission (NRC) has established
standards for determining which NRC licensees qualify as small
entities (10 CFR 2.810). These size standards were based on the
Small Business Administration's most common receipts-based size
standards and include a size standard for business concerns that are
manufacturing entities.
Description of the Reasons That Action by the Agency Is Being
Considered
The NRC has long participated in efforts to address radioactive
source protection and security. The terrorist attacks of September
11, 2001, heightened concerns about the use of risk-significant
radioactive materials in a malevolent act. Such an attack is of
particular concern because of the widespread use of radioactive
materials in the United States by industrial, medical, and academic
institutions. The theft or diversion of risk-significant radioactive
materials could lead to their unauthorized use in a radiological
dispersal device or a radiological exposure device.
Commission regulations provide requirements for the safe use,
transport, and control of licensed material. A licensee's loss of
control of risk-significant radioactive material, whether it is
inadvertent or through a deliberate act, could result in significant
adverse impacts that could reasonably constitute a threat to the
public health and safety or the common defense and security of the
United States. After the attacks of September 11, 2001, the
Commission determined that certain licensed material should be
subject to enhanced security provisions and safeguarded during
transport, and that individuals with unescorted access to risk-
significant radioactive material should be subject to background
investigations. For additional information see the Discussion
portion of the Statements of Consideration (SOC).
Succinct Statement of the Objectives of, and Legal Basis for, the
Final Rule
The objective of this rule is to establish generically
applicable security requirements for the protection of category 1
and category 2 quantities of radioactive materials possessed by
certain NRC and Agreement State licensees. These security
requirements are similar to the requirements imposed on these
licensees through the NRC's applicable previously-issued security
orders. The NRC has determined that it is preferable to regulate
through rulemaking rather than order because notice and comment
rulemaking is an open and transparent process that facilitates
public participation. In developing the final rule, the NRC
considered, among other things, the various orders, lessons-learned
during implementation, the recommendations from the Independent
Review Panel and the Materials Working Group, and stakeholder
comments. The rule also considered a petition for rulemaking
submitted by the State of Washington. For additional information see
the Discussion portion of the SOC. The authority citation sections
of the final rule contain the statutory authority for the rule.
[[Page 17022]]
Description of and, Where Feasible, an Estimate of the Number of
Small Entities to Which the Final Rule Will Apply
The final rule would affect about 300 NRC licensees and about
1,100 Agreement State licensees. This includes a wide range of
licensees, including pool-type irradiator licensees; manufacturer
and distributor licensees; medical facilities with gamma knife
devices; self-shielded irradiator licensees (including blood
irradiators); teletherapy unit licensees; radiographers; well
loggers; broad scope users; radioisotope thermoelectric generator
licensees; and licensees that ship or prepare for shipment category
1 or category 2 quantities of radioactive material. Some of these
licensees would be considered small entities. In fiscal year 2008,
about 26 percent of materials licensees qualified as small entities.
Using the same percentage, approximately 364 of the licensees that
will be affected by the rule would be considered small entities.
Description of the Projected Reporting, Recordkeeping, and Other
Compliance Requirements of the Final Rule, Including an Estimate of
the Classes of Small Entities That Will Be Subject to the
Requirements, and the Type of Professional Skills Necessary for
Preparation of Reports and Records
Licensees will be required to: (1) Develop procedures for
implementation of the security provisions; (2) develop a security
plan that describes how security is being implemented; (3) conduct
training on the procedures and security plan; (4) conduct background
investigations for those individuals permitted access to category 1
or category 2 quantities of radioactive material; (5) coordinate
with local law enforcement agencies (LLEAs) so the LLEAs would be
better prepared to respond in an emergency; (6) conduct preplanning
and coordination activities before shipping radioactive material;
and (7) implement security measures for the protection of the
radioactive material. Licensees will be required to promptly report
any attempted or actual theft or diversion of the radioactive
material. Licensees will be required to keep copies of the security
plan, procedures, background investigation records, training
records, and documentation that certain activities have occurred.
For additional information on the requirements, see the SOC or the
final rule text. No special skills are necessary for the preparation
of reports or records.
On average, a licensee would have a one-time cost of
approximately $23,375 and an annual cost of approximately $21,736 to
fully implement the final rule. Much of this cost would result from
the requirements to have procedures, conduct training, and to
develop a security plan. Although not required by the various
orders, many licensees may have developed procedures and conducted
training that may require only minor revisions; if so, the actual
cost may be lower. Additional large costs are the annual program
review and the maintenance and testing of the security-related
equipment. The program review is important for licensees to review
the effectiveness of the program and to ensure that requirements are
being implemented. Maintenance and testing is essential to ensure
that the equipment is operational and available when needed. More
information on the cost of the rule is contained in the Regulatory
Analysis.
Identification, to the Extent Practicable, of All Relevant Federal
Rules That May Duplicate, Overlap, or Conflict With the Final Rule
Several U.S. Government programs involve fingerprinting and an
FBI identification and criminal history records check. These include
the National Agency Check; Transportation Worker Identification
Credentials in accordance with 49 CFR 1572; Bureau of Alcohol,
Tobacco, Firearms, and Explosives background check and clearances in
accordance with 27 CFR 555; Health and Human Services security risk
assessments for possession and use of select agents and toxins in
accordance with 42 CFR 73; Hazardous Material security threat
assessment for hazardous material endorsement to commercial drivers
license in accordance with 49 CFR 1572; and Customs and Border
Protection's Free and Secure Trade Program. Any individual that has
favorably undergone the background investigation required by these
programs would be relieved from the fingerprinting and FBI criminal
history records check element of the final rule as long as the
licensee has appropriate documentation. Any individual who has an
active Federal security clearance would also be relieved assuming
appropriate documentation is provided.
The Department of Transportation requires security plans for the
transport of highway route control quantities of radioactive
material in accordance with 49 CFR 172.800. This provision covers
only a small portion of the category 1 and category 2 quantities of
radioactive material covered by the rule.
The NRC is not aware of any other relevant Federal rules that
may duplicate, overlap, or conflict with the final rule.
Description of any significant alternatives to the final rule
that accomplish the stated objectives of applicable statutes and
that minimize any significant economic impact of the final rule on
small entities, including alternatives considered, such as: (1)
Establishment of differing compliance or reporting requirements or
timetables that take into account the resources available to small
entities; (2) clarification, consolidation, or simplification of
compliance and reporting requirements under the rule for small
entities; (3) use of performance rather than design standards; and
(4) any exemption from coverage of the rule, or any part thereof,
for such small entities.
As noted earlier, some of the licensees that would be impacted
by the final rule are small businesses. The rule would impose the
minimum requirements that the NRC believes are necessary to
adequately protect the public health and safety and the common
defense and security. Therefore, the NRC could not generically grant
relief to small entities to allow them to implement less effective
measures. The final rule provides some flexibility in the particular
measures that a licensee can choose to employ. Licensees affected by
the rule have already implemented the bulk of the rule's
requirements in response to various orders.
[FR Doc. 2013-05895 Filed 3-18-13; 8:45 am]
BILLING CODE 7590-01-P