[Federal Register Volume 78, Number 152 (Wednesday, August 7, 2013)]
[Rules and Regulations]
[Pages 48037-48042]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-18947]
=======================================================================
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
10 CFR Part 95
[NRC-2011-0268]
RIN 3150-AJ07
Facility Security Clearance and Safeguarding of National Security
Information and Restricted Data
AGENCY: Nuclear Regulatory Commission.
ACTION: Direct final rule.
-----------------------------------------------------------------------
SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is updating its
regulations to standardize the frequency of required security education
training for employees of NRC licensees possessing security clearances
so that such training will be conducted annually consistent with the
objectives of Executive Order 13526, Classified National Security
Information. The rule allows licensees flexibility in determining the
means and methods for providing this training. This action establishes
uniformity in the frequency of licensee security education and training
programs and enhances the protection of classified information.
DATES: This rule is effective October 21, 2013 unless significant
adverse comments are received by September 6, 2013.
ADDRESSES: Please refer to Docket ID NRC-2011-0268 when contacting the
NRC about the availability of information for this direct final rule.
You may access information and comment submittals related to this
direct final rule, which the NRC possesses and is publicly available,
by any of the following methods:
Federal Rulemaking Web site: Go to http://www.regulations.gov and search for Docket ID NRC-2011-0268. Address
questions about NRC dockets to Carol Gallagher; telephone: 301-287-
3422; email: [email protected]. For technical questions, please
contact the individual listed in the FOR FURTHER INFORMATION CONTACT
section of this proposed rule.
NRC's Agencywide Documents Access and Management System
(ADAMS): You may access publicly available documents online in the NRC
Library at http://www.nrc.gov/reading-rm/adams.html. To begin the
search, select ``ADAMS Public Documents'' and then select ``Begin Web-
based ADAMS Search.'' For problems with ADAMS, please contact the NRC's
Public Document Room (PDR) reference staff at 1-800-397-4209, 301-415-
4737, or by email to [email protected]. The ADAMS accession number
for each document referenced in this document (if that document is
available in ADAMS) is provided the first time that a document is
referenced.
NRC's PDR: You may examine and purchase copies of public
documents at the NRC's PDR, Room O1-F21, One White Flint North, 11555
Rockville Pike, Rockville, Maryland 20852.
FOR FURTHER INFORMATION CONTACT: Daniel W. Lenehan, Office of the
General Counsel, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001; telephone: 301-415-3501, email: [email protected].
SUPPLEMENTARY INFORMATION:
I. Background
II. Discussion
III. Section-by-Section Analysis
IV. Procedural Background
V. Compatibility of Agreement State Regulations
VI. Plain Writing
VII. Voluntary Consensus Standards
VIII. Environmental Impact: Categorical Exclusion
IX. Paperwork Reduction Act Statement
X. Regulatory Analysis
XI. Regulatory Flexibility Act Certification
XII. Backfitting
XIII. Congressional Review Act
I. Background
On December 29, 2009, the President signed Executive Order 13526,
Classified National Security Information, which was published in the
Federal Register on January 5, 2010 (75 FR 707). The Executive Order
prescribes training requirements applicable to the NRC for the proper
safeguarding of national security information and requires the NRC to
ensure that classified information disseminated outside the executive
branch is protected ``in a manner equivalent to that provided within
the executive branch.'' The Information Security Oversight Office
(ISOO) within the National Archives and Records Administration, which
is responsible for issuing guidance to Federal agencies on the
implementation of the Executive Order, issued a final rule (75 FR
37254; June 28, 2010) amending 32 CFR parts 2001 and 2003 (ISOO
Regulations). The final rule requires executive branch agencies to
conduct classified information security refresher briefings for all
cleared employees at least annually, and to provide derivative
classification training for employees authorized to apply derivative
classifications prior to exercising such authority and at least once
every 2 years thereafter. This rulemaking will establish standard
training requirements for NRC licensee security education and
[[Page 48038]]
training programs in a manner equivalent to that provided within the
executive branch.
II. Discussion
The NRC is issuing this direct final rule to update part 95 of
Title 10 of the Code of Federal Regulations (10 CFR), Facility Security
Clearance and Safeguarding of National Security Information and
Restricted Data, Sec. 95.33, Security Education. These updates require
NRC licensees (or their designees) to conduct classified information
security refresher briefings for all cleared employees at least
annually, and to provide derivative classification training for
employees authorized to apply derivative classifications before
exercising this authority and then at least once every 2 years
thereafter. This rule also gives licensees flexibility in determining
the means and methods for providing this training. The NRC regulations
at 10 CFR 95.33 currently require NRC licensees, or their designees, to
conduct classified information security refresher briefings for all
cleared employees every 3 years. These regulations do not mandate a
uniform training frequency for derivative classifiers.
The NRC has determined that requiring cleared licensee employees to
undergo classified information security refresher briefings at least
annually and standardizing the derivative classification training for
licensee employees enhances the protection of classified information by
ensuring that cleared individuals are properly aware of their
responsibilities to protect classified information and conform NRC
regulations with executive branch policies.
Section 4.1(e) of Executive Order 13526, Classified National
Security Information (75 FR 707; January 5, 2010) (the Executive Order)
requires the NRC to ensure that classified information disseminated
outside the executive branch is protected ``in a manner equivalent to
that provided within the executive branch.'' The Information Security
Oversight Office (ISOO) within the National Archives and Records
Administration is responsible for issuing guidance to Federal agencies
on the implementation of the Executive Order. On June 28, 2010, ISOO
issued a final rule (75 FR 37254; June 28, 2010; amending 32 CFR parts
2001 and 2003 (ISOO Regulations)). The ISOO Regulations require
executive branch agencies to conduct classified information security
refresher briefings for all cleared employees at least annually, and to
provide derivative classification training for employees authorized to
apply derivative classifications prior to exercising such authority and
at least once every 2 years thereafter. This rulemaking will
standardize the frequency of required security education training for
NRC licensee employees possessing security clearances in a manner
equivalent to that provided within the executive branch.
This direct final rule will establish standard training
requirements for NRC licensee security education and training programs.
Implementation of this rule will enhance the protection of classified
information, and ensure the protection of classified information in a
manner equivalent to that provided within the executive branch. Current
NRC regulations only require refresher security education and training
once every 3 years for all NRC licensee personnel who handle or
generate classified information. Updating 10 CFR 95.33 to require
annual training will enhance the protection of classified information
by ensuring that all NRC licensee employees who create, process, or
handle classified information have a satisfactory knowledge and
understanding of classification, safeguarding, and declassification
policies and procedures.
Additionally, the current text of 10 CFR 95.33 does not provide for
education and training of NRC licensee personnel authorized to apply
derivative classification markings. This rulemaking enhances the
protection of classified information through uniform training
requirements for derivative classifiers. The uniform standard will have
the beneficial effect of reducing instances of over-classification or
improper classification, improper safeguarding, and inappropriate or
inadequate declassification practices.
Finally, these updated requirements are equivalent to requirements
applicable to the Commission itself via the Executive Order and the
ISOO Regulations. The NRC has determined that the updated requirements
in this final rule are consistent with the NRC obligation, stated in
Section 4.1(e) of the Executive Order, to ensure that the protection of
classified information by NRC licensees is performed in a manner
equivalent to that required within the executive branch.
III. Section-by-Section Analysis
The initial paragraph of 10 CFR 95.33, Security education, is
amended to state that program officials are responsible for determining
the methods for providing security education and training. This
requirement is equivalent to requirements applicable to the Commission
pursuant to 32 CFR 2001.70(c).
A new paragraph (e) has been added to specify that access by
licensees' employees to classified information is subject to a
favorable eligibility determination, signing an approved non-disclosure
agreement and the employee's need-to-know. This requirement is
equivalent to requirements applicable to the Commission pursuant to
Section 4.1(a) of the Executive Order.
Current paragraph (e) is redesignated as paragraph (f) and revised
to specify that initial security training will be provided to every
person who has met the criteria set forth in new paragraph (e) before
being granted access to classified information. This requirement is
equivalent to requirements applicable to the Commission pursuant to 32
CFR 2001.70(d)(1).
Current paragraph (f) is redesignated as paragraph (g) and revised
to specify that the requirement for conducting refresher briefings for
all of a licensee's cleared employees is changed from every 3 years to
at least annually. This requirement is equivalent to requirements
applicable to the Commission pursuant to 32 CFR 2001.70(d)(4).
Current paragraph (g) is redesignated as paragraph (i) and former
paragraph (h) is redesignated as paragraph (j).
New paragraph (h) specifies that derivative classifiers are to
receive training prior to derivatively classifying information and at
least once every 2 years. This requirement is equivalent to
requirements applicable to the Commission pursuant to 32 CFR
2001.70(d)(3).
Minor editorial changes were also made to Sec. 95.33.
IV. Procedural Background
Because the NRC considers this action to be non-controversial, the
NRC is using the direct final rule process for this rule. The
amendments in this rule will become effective on October 21, 2013.
However, if the NRC receives significant adverse comments on this
direct final rule by September 6, 2013, then the NRC will publish a
document that withdraws this action and will subsequently address the
comments received in a final rule as a response to the companion
proposed rule published elsewhere in this issue of the Federal
Register. Absent significant modifications to the proposed revisions
requiring republication, the NRC will not initiate a second comment
period on this action.
A significant adverse comment is a comment where the commenter
[[Page 48039]]
explains why the rule would be inappropriate, including challenges to
the rule's underlying premise or approach, or would be ineffective or
unacceptable without a change. A comment is adverse and significant if:
(1) The comment opposes the rule and provides a reason sufficient
to require a substantive response in a notice-and-comment process. For
example, a substantive response is required when:
(A) The comment causes the NRC to reevaluate (or reconsider) its
position or conduct additional analysis;
(B) The comment raises an issue serious enough to warrant a
substantive response to clarify or complete the record; or
(C) The comment raises a relevant issue that was not previously
addressed or considered by the NRC.
(2) The comment proposes a change or an addition to the rule and it
is apparent that the rule would be ineffective or unacceptable without
incorporation of the change or addition.
(3) The comment causes the NRC to make a change (other than
editorial) to the rule.
For detailed instruction on submitting a comment, please see the
companion proposed rule published elsewhere in this issue of the
Federal Register.
V. Compatibility of Agreement State Regulations
Under the ``Policy Statement on Adequacy and Compatibility of
Agreement State Programs,'' approved by the Commission on June 30,
1997, and published in the Federal Register on September 3, 1997 (62 FR
46517), this rule is classified as Compatibility Category ``NRC.''
Compatibility is not required for Category ``NRC'' regulations. The NRC
program elements in this category are those that relate directly to
areas of regulation reserved to the NRC by the Atomic Energy Act of
1954, as amended, or the provisions of 10 CFR. Although an Agreement
State may not adopt program elements reserved to the NRC, it may wish
to inform its licensees of certain requirements via a mechanism that is
consistent with the particular State's administrative procedure laws
but does not confer regulatory authority on the State.
VI. Plain Writing
The Plain Writing Act of 2010 (Pub. L. 111-274) requires Federal
agencies to write documents in a clear, concise, and well-organized
manner. The NRC has written this document to be consistent with the
Plain Writing Act as well as the Presidential Memorandum, ``Plain
Language in Government Writing,'' published June 10, 1998 (63 FR
31883).
VII. Voluntary Consensus Standards
The National Technology Transfer and Advancement Act of 1995,
Public Law 104-113, requires Federal agencies to use technical
standards developed or adopted by voluntary consensus standards bodies
unless the use of such a standard is inconsistent with applicable law
or is otherwise impractical. This direct final rule amends the
frequency of the training required for employees of NRC licensees
handling classified information. This action is administrative in
nature and does not involve the establishment or application of a
technical standard containing generally applicable requirements.
VIII. Environmental Impact: Categorical Exclusion
The NRC has determined that this direct final rule is the type of
action described in categorical exclusions 10 CFR 51.22(c)(1), (2), and
(3)(iv). Therefore, neither an environmental impact statement nor an
environmental assessment has been prepared for this direct final rule.
IX. Paperwork Reduction Act Statement
This direct final rule does not contain new or amended information
collection requirements subject to the Paperwork Reduction Act of 1995
(44 U.S.C. 3501 et seq.). Existing requirements were approved by the
Office of Management and Budget (OMB), approval number 3150-0047.
Public Protection Notification
The NRC may neither conduct nor sponsor, and a person is not
required to respond to, an information collection request or
requirement unless the requesting document displays a currently valid
OMB control number.
X. Regulatory Analysis
The NRC has prepared a regulatory analysis on this regulation. The
analysis examines the costs and benefits of the alternatives considered
by the NRC.
Statement of the Problem and Reasons for the Rulemaking
The NRC regulations in 10 CFR part 95 establish procedures for
safeguarding Secret and Confidential National Security Information and
Restricted Data received or developed in conjunction with activities
licensed, certified, or regulated by the Commission. The requirements
set forth in 10 CFR 95.33 currently require security refresher training
for all cleared employees every 3 years. However, they do not address
initial or refresher training for persons who apply derivative
classification markings.
The NRC has determined that requiring cleared employees of NRC
licensees to undergo classified information security refresher
briefings at least annually and standardizing the derivative
classification training for cleared employees of NRC licensees will
enhance the protection of classified information. Annual classified
information security refresher briefings will help ensure that cleared
employees of NRC licensees have adequate knowledge and understanding of
proper classification policies and procedures and thereby help reduce
instances of improper processing, handling, storage, and
declassification of classified information. Standardized derivative
classification training will help ensure that cleared employees of NRC
licensees will have a proper understanding of derivative classification
policies and procedures and thereby help reduce instances of improper
classification of derivative documents containing classified
information.
Furthermore, this rulemaking will bring the requirements for
licensee protection of classified information into alignment with two
new requirements imposed on the Commission for the protection of
classified information by Executive Order 13526 and the ISOO
Regulations implementing the requirements of the Executive Order set
forth at 32 CFR part 2001.
The Executive Order and the ISOO Regulations at 32 CFR
2001.70(d)(3) specify that Federal government employees who ``apply
derivative classification markings shall receive training in the proper
application of the derivative classification principles of the
Executive Order prior to derivatively classifying information and at
least once every 2 years.'' Additionally, 32 CFR 2001.70(d)(4) directs
each U.S. Government agency to ``provide some form of refresher
security education and training at least annually for all its personnel
who handle or generate classified information.''
The purpose of this rulemaking is twofold. First, this rulemaking
ensures that classified information possessed or accessed by employees
of NRC licensees is effectively safeguarded. The NRC has determined
that successful safeguarding of classified information requires
effective security education and training programs. The NRC has further
determined that updating its 10 CFR part 95 security education and
training programs to achieve parity with the
[[Page 48040]]
Executive Order and the ISOO Regulations is necessary to ensure these
programs are effective. Second, this rulemaking ``ensure[s] the
protection of [classified] information in a manner equivalent to that
provided within the executive branch,'' as required by Section 4.1(e)
of the Executive Order by updating training requirements applicable to
licensees to be equivalent to training requirements applicable to the
Commission itself.
Background
Regulatory Objective
The NRC objective for this final rule is to require that all
cleared employees of NRC licensees receive security refresher training
on an annual basis. In addition, all licensee employees who apply
derivative classification markings shall receive training in their
derivative classification duties prior to derivatively classifying
information and at least once every 2 years thereafter.
Identification and Preliminary Analysis of Alternative Approaches
No-Action Alternative: Under this option, the NRC would not amend
the current regulations under 10 CFR part 95 to require security
refresher training every year rather than every 3 years. The NRC would
also not amend the current regulations under 10 CFR part 95 to require
training for derivative classifiers prior to derivatively classifying
information and at least once every 2 years. This option would avoid
certain costs that the rule will impose. However, taking no action
would mean that licensees who handle and store classified information
are not protecting that information in accordance with the requirements
the NRC considers necessary to be consistent with the objectives of
Executive Order 13526 to enhance the adequate protection of classified
information consistent with the goal of protecting national security.
This no-action alternative is the baseline for this regulatory
analysis.
Estimate and Evaluation of Values and Impacts
Overview: This final rule revises the governing regulations under
10 CFR part 95 to require licensees to handle classified information in
the same manner as is required of employees of Federal agencies by the
Executive Order. This rulemaking adds value because it ensures those
licensees who are handling and derivatively marking classified
information are appropriately trained in the protection of classified
information in accordance with current federal standards and
requirements.
Impacts on Licensees: Impacts upon licensees from this final rule
will be minimal. Only the three 10 CFR part 70 licensees and one Part
76 Certificate holder, for which the NRC is the Cognizant Security
Agency (CSA), would be affected by the rule. A fourth 10 CFR part 70
licensee will be affected later this year when it becomes a possessor
of classified matter. Of those three, two already commit in their
internal procedures to annual security education briefings of all their
employees and are conducting initial and refresher training of their
employees who apply derivative classification markings more frequently
than every 2 years. The other licensee is conducting annual refresher
training and training its derivative classifiers at least every 2 years
but does not commit to those requirements in its security program. It
is estimated that there will be no one-time cost associated with
amending their licenses through security plan changes since the only
change is from three years to annually. Two of the three licensees have
contractors who possess classified information and therefore, have
their own independent security plans. It is estimated that there will
also be no one-time cost associated with amending their licenses
through security plan changes since the only change is from three years
to annually. Since the majority of the training is administered
electronically, there is little to no cost of preparing and
administering the training sessions. Those 10 CFR part 50 licensees who
only access classified information but do not possess it will be
impacted minimally from the increase in frequency of security education
briefings, since those licensees only have three to five employees who
are cleared to access classified information. The associated security
plan change would merely update the frequency of refresher training
from 3 years to annually. In addition, none of their employees are
derivative classifiers.
Impacts on the NRC: The primary impact on the NRC will be the
resources expended in conducting this rulemaking and reviewing the
amended security plans and programs. The staff time to review revisions
to security plans and programs to ensure commitment to the new
requirements is minimal. It is estimated that this will require no more
than 20 hours and will be accomplished by existing staff as part of
their normal workload.
Impacts on Other Stakeholders: The NRC staff has identified one
impact to other stakeholders. Those contractors that support licensees
who handle classified information but are not cleared for storage will
have to amend their security plans to change the frequency of refresher
training from 3 years to annually. These contractors are not required
to have derivative classifiers.
XI. Regulatory Flexibility Act Certification
Under the Regulatory Flexibility Act, 5 U.S.C 605(b), the
Commission certifies that this direct final rule amending 10 CFR part
95 does not have a significant economic impact on a substantial number
of small entities. This direct final rule applies to those licensees
who generate, receive, safeguard, and store National Security
Information or Restricted Data (as defined in 10 CFR part 95). The
requirements in this direct final rule apply to licensees who operate
power reactors as well as licensees operating fuel cycle facilities.
None of these licensees are ``small entities'' as defined in the
Regulatory Flexibility Act or the size standards established by the NRC
(10 CFR 2.810). This direct final rule also applies to contractors of
those licensees required to comply with this direct final rule who
generate, receive, safeguard, and store National Security Information
or Restricted Data (as defined in 10 CFR part 95), received or
developed in conjunction with activities licensed, certified, or
regulated by the Commission. Some of these contractors may be ``small
entities'' as defined in the Regulatory Flexibility Act or the NRC's
size standards. However, the impact on these contractors is not
significant because it is the licensees, not the contractors, who are
required to offer the training and absorb its costs.
XII. Backfitting
This direct final rule will apply to all NRC licensees who receive
or possess Classified National Security Information. The NRC has
determined that the modifications constitute backfitting as defined in
10 CFR 50.109 for power reactors, 10 CFR 76.76 for gaseous diffusion
plants, 10 CFR 72.62 for independent spent fuel storage installations
or monitored retrievable storage installations, and 10 CFR 70.76 for
special nuclear material licensees. Consequently, the NRC has prepared
the following backfit analysis. The Commission has determined that
there will be a substantial increase in the overall common defense and
security derived from the backfit, and that the direct and indirect
costs that will result from the implementation of the backfit are
justified.
[[Page 48041]]
A Statement of the Specific Objectives That the Backfit is Designed to
Achieve.
The Commission is amending its regulations at 10 CFR 95.33 to
update the frequency of training requirements applicable to licensees
in order to enhance the protection of classified information, and to
ensure that there is no discrepancy in the level of protection afforded
such information regardless of whether it is in the possession of the
NRC or of its licensees. The objective of the backfit is to ensure that
protection of Secret and Confidential National Security Information and
Restricted Data received or developed in conjunction with activities
licensed, certified, or regulated by the Commission, in the possession
of Commission licensees is enhanced and is as well protected as such
information would be if it was in the hands of the Commission itself.
A General Description of the Activity That Would Be Required of the
Licensee or the Applicant To Complete the Backfit.
Licensee personnel who apply derivative classification markings
will receive training in the proper application of the derivative
classification principles, with an emphasis on avoiding over-
classification, at least once every 2 years. In addition, licensees
will be required to provide some form of refresher security education
and training at least annually for all of its personnel who handle or
generate classified information.
The Potential Change in the Risk to the Public From the Accidental
Offsite Release of Radioactive Material.
None.
The Potential Impact on the Radiological Exposure of Facility
Employees.
None.
The Installation and Continuing Costs Associated With the Backfit,
Including the Cost of Facility Downtime or the Cost of Construction
Delay.
Impacts upon licensees from this direct final rule will be minimal.
There are only three 10 CFR part 70 licensees and one Part 76
Certificate holder who possess classified information. A fourth 10 CFR
part 70 licensee will be affected later this year when it becomes a
possessor of classified matter. Of those three, two already commit in
their internal procedures to annual security education briefings of all
their employees and are conducting initial and refresher training of
their employees who apply derivative classification markings more
frequently than every 2 years. The other licensee is conducting annual
refresher training and training its derivative classifiers at least
every 2 years but does not commit to those requirements in its security
program. It is estimated that there will be no one-time cost associated
with amending licenses through security plan changes since the only
change is from three years to annually. Two of the three licensees have
contractors who possess classified information and therefore, have
their own independent security plans. It is estimated that there will
also be no one-time cost associated with amending licenses through
security plan changes ranges since the only change is from three years
to annually. Since the majority of the training is administered
electronically, there is little to no cost of preparing and
administering the training sessions. Those 10 CFR part 50 licensees who
only access classified information but do not posses it will be
impacted minimally from the increase in frequency of security education
briefings since those licensees only have three to five employees who
are cleared for access to classified information. The associated
security plan change would merely update the frequency of refresher
training from 3 years to annually. In addition, none of their employees
are derivative classifiers.
The NRC staff has identified one impact to other stakeholders.
Those contractors that support licensees who handle classified
information but are not cleared for storage will have to amend their
security plans to change the frequency of refresher training from 3
years to annually. These contractors are not required to have
derivative classifiers.
The Potential Safety Impact of Changes in Plant or Operational
Complexity, Including the Relationship to Proposed and Existing
Regulatory Requirements.
None.
The Estimated Resource Burden on the NRC Associated With the Backfit
and the Availability of NRC Resources.
The primary impact on the NRC will be the resources expended in
conducting this rulemaking and reviewing the amended security plans and
programs. The staff time to review revisions to security plans to
ensure commitment to the new requirements is minimal.
The Potential Impact of Differences in Facility Type, Design, or Age on
the Relevance and Practicality of the Backfit.
None.
Whether the Backfit is Interim or Final and, if Interim, the
Justification for Imposing the Backfit on an Interim Basis.
The backfit is final.
XIII. Congressional Review Act
Under the Congressional Review Act of 1996, the NRC has determined
that this action is not a major rule and has verified this
determination with the Office of Information and Regulatory Affairs of
OMB.
List of Subjects in 10 CFR Part 95
Classified information, Criminal penalties, Reporting and
recordkeeping requirements, Security measures.
For the reasons set forth in the preamble and under the authority
of the Atomic Energy Act of 1954, as amended; the Energy Reorganization
Act of 1974, as amended; and 5 U.S.C. 552 and 553; the NRC is adopting
the following amendments to 10 CFR part 95.
PART 95--FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL
SECURITY INFORMATION AND RESTRICTED DATA
0
1. The authority citation for part 95 continues to read as follows:
Authority: Atomic Energy Act Secs. 145, 161, 223, 234 (42 U.S.C.
2165, 2201, 2273, 2282); Energy Reorganization Act sec. 201 (42
U.S.C.5841); Government Paperwork Elimination Act sec. 1704 (44
U.S.C. 3504 note); E.O. 10865, as amended, 3 CFR 1959-1963 Comp., p.
398 (50 U.S.C. 401, note); E.O. 12829, 3 CFR, 1993 Comp., p. 570; EO
13526, 3 CFR 2010 Comp., pp. 298-327; E.O. 12968, 3 CFR, 1995 Comp.,
p. 391; E.O. 13526, 3 CFR, 2010 Comp., p. 298.
0
2. Revise Sec. 95.33 to read as follows:
Sec. 95.33 Security education.
All cleared employees must be provided with security training and
briefings commensurate with their involvement with classified
information. The facility official(s) responsible for the program shall
determine the means and methods for providing security education and
training. A licensee or other entity subject to part 95 may obtain
defensive security, threat awareness, and other education and training
information and material from their Cognizant Security Agency (CSA) or
other appropriate sources.
[[Page 48042]]
(a) Facility Security Officer Training. Licensees or other entities
subject to part 95 are responsible for ensuring that the Facility
Security Officer, and other personnel performing security duties,
complete security training deemed appropriate by the CSA. Training
requirements must be based on the facility's involvement with
classified information and may include a Facility Security Officer
Orientation Course and, for Facility Security Officers at facilities
with safeguarding capability, a Facility Security Officer Program
Management Course. Training, if required, should be completed within 1
year of appointment to the position of Facility Security Officer.
(b) Government-Provided Briefings. The CSA is responsible for
providing initial security briefings to the Facility Security Officer,
and for ensuring that other briefings required for special categories
of information are provided.
(c) Temporary Help Suppliers. A temporary help supplier, or other
contractor who employs cleared individuals solely for dispatch
elsewhere, is responsible for ensuring that required briefings are
provided to their cleared personnel. The temporary help supplier or the
using licensee's, certificate holder's, or other person's facility may
conduct these briefings.
(d) Classified Information Nondisclosure Agreement (SF-312). The
SF-312 is an agreement between the United States and an individual who
is cleared for access to classified information. An employee issued an
initial access authorization must, in accordance with the requirements
of Sec. 25.23 of this chapter, execute an SF-312 before being granted
access to classified information. The Facility Security Officer shall
forward the executed SF-312 to the CSA for retention. If the employee
refuses to execute the SF-312, the licensee or other facility shall
deny the employee access to classified information and submit a report
to the CSA. The SF-312 must be signed and dated by the employee and
witnessed. The employee's and witness' signatures must bear the same
date.
(e) Access to Classified Information. Employees may have access to
classified information only if:
(1) A favorable determination of eligibility for access has been
made with respect to such employee by the CSA;
(2) The employee has signed an approved non-disclosure agreement;
and
(3) The employee has a need-to-know the information.
(f) Initial Security Briefings. Initial training shall be provided
to every employee who has met the standards for access to classified
information in accordance with paragraph (e) of this section before the
employee is granted access to classified information. The initial
training shall include the following topics:
(1) A Threat Awareness Briefing;
(2) A Defensive Security Briefing;
(3) An overview of the security classification system;
(4) Employee reporting obligations and requirements; and
(5) Security procedures and duties applicable to the employee's
job.
(g) Refresher Briefings. The licensee or other entities subject to
part 95 shall conduct refresher briefings for all cleared employees at
least annually. As a minimum, the refresher briefing must reinforce the
information provided during the initial briefing and inform employees
of appropriate changes in security regulations. This requirement may be
satisfied by use of audio/video materials and/or by issuing written
materials to cleared employees.
(h) Persons who apply derivative classification markings shall
receive training specific to the proper application of the derivative
classification principles of Executive Order 13526, Classified National
Security Information (75 FR 707; January 5, 2010), before derivatively
classifying information and at least once every 2 years thereafter.
(i) Debriefings. Licensee and other facilities shall debrief
cleared employees at the time of termination of employment (discharge,
resignation, or retirement); when an employee's access authorization is
terminated, suspended, or revoked; and upon termination of the Facility
Clearance.
(j) Records reflecting an individual's initial and refresher
security orientations and security termination must be maintained for 3
years after termination of the individual's access authorization.
Dated at Rockville, Maryland, this 23rd day of July, 2013.
For the Nuclear Regulatory Commission.
R. William Borchardt,
Executive Director for Operations.
[FR Doc. 2013-18947 Filed 8-6-13; 8:45 am]
BILLING CODE 7590-01-P