[Federal Register Volume 88, Number 29 (Monday, February 13, 2023)]
[Rules and Regulations]
[Pages 9117-9118]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-02941]
[[Page 9117]]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
10 CFR Part 73
[NRC-2021-0143]
Cyber Security Programs for Nuclear Power Reactors
AGENCY: Nuclear Regulatory Commission.
ACTION: Regulatory guide; issuance.
-----------------------------------------------------------------------
SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is issuing
Revision 1 to Regulatory Guide (RG) 5.71, ``Cyber Security Programs for
Nuclear Power Reactors.'' Revision 1 incorporates references to
industry guidance on identifying and protecting critical digital assets
for safety-related, important to safety, balance of plant, and
emergency preparedness equipment. It also clarifies guidance on
defense-in-depth for cyber security and includes updated text based on
the latest National Institute of Standards and Technology (NIST) and
International Atomic Energy Agency (IAEA) cyber security guidance.
Specifically, this revision clarifies issues identified from cyber
security inspections, insights gained through the Security Frequently
Asked Questions (SFAQ) process, documented cyber security attacks, new
technologies, and new regulations. This revision also considers the
changes in the most recent revision to the NIST Special Publications
(SP) 800-53, upon which Revision 0 of Regulatory Guide (RG) 5.71,
``Cyber Security Programs for Nuclear Facilities'' was based.
DATES: Revision 1 to RG 5.71 is available on February 13, 2023.
ADDRESSES: Please refer to Docket ID NRC-2021-0143 when contacting the
NRC about the availability of information regarding this document. You
may obtain publicly available information related to this document
using any of the following methods:
Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2021-0143. Address
questions about Docket IDs in Regulations.gov to Stacy Schumann;
telephone: 301-415-0624; email: [email protected]. For technical
questions, contact the individuals listed in the FOR FURTHER
INFORMATION CONTACT section of this document.
NRC's Agencywide Documents Access and Management System
(ADAMS): You may obtain publicly available documents online in the
ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``Begin Web-based ADAMS
Search.'' For problems with ADAMS, please contact the NRC's Public
Document Room (PDR) reference staff at 1-800-397-4209, 301-415-4737, or
by email to [email protected]. The ADAMS accession number for each
document referenced (if it is available in ADAMS) is provided the first
time that it is mentioned in this document.
NRC's PDR: You may examine and purchase copies of public
documents, by appointment, at the NRC's Public Document Room (PDR),
Room P1 B35, One White Flint North, 11555 Rockville Pike, Rockville,
Maryland 20852. To make an appointment to visit the PDR, please send an
email to [email protected] or call 1-800-397-4209 or 301-415-4737,
between 8 a.m. and 4 p.m. eastern time (ET), Monday through Friday,
except Federal holidays.
Revision 1 to RG 5.71 and the regulatory analysis may be found in
ADAMS under Accession No. ML22258A204 and ML21130A636, respectively.
Regulatory guides are not copyrighted, and NRC approval is not
required to reproduce them.
FOR FURTHER INFORMATION CONTACT: Kim Lawson-Jenkins, Office of Nuclear
Security and Incident Response, telephone: 301-287-3656, email:
[email protected] and Stanley Gardocki, Office of Nuclear
Regulatory Research, telephone: 301-415-1067, email:
[email protected]. Both are staff of the U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001.
SUPPLEMENTARY INFORMATION:
I. Discussion
The NRC is issuing a revision to an existing guide in the NRC's
``Regulatory Guide'' series. This series was developed to describe
methods that are acceptable to the NRC staff for implementing specific
parts of the agency's regulations, to explain techniques that the staff
uses in evaluating specific issues or postulated events, and to
describe information that the staff needs in its review of applications
for permits and licenses.
RG 5.71, Revision 1 is entitled ``Cyber Security Programs for
Nuclear Power Reactors.'' It provides NRC licensees with guidance on
meeting the cyber security requirements described in section 73.54 of
title 10 of the Code of Federal Regulations (10 CFR), ``Protection of
digital computer and communication systems and networks.''
Revision 1 clarifies guidance on defense-in-depth for cyber
security and updates guidance based on the latest NIST and IAEA cyber
security guidance. Revision 1 also clarifies issues identified from
cyber security inspections, insights gained through the SFAQ process,
lessons learned from international and domestic cyber security attacks,
new technologies, and new regulations.
The proposed Revision 1 to RG 5.71 was issued with a temporary
identification Draft Regulatory Guide (DG) 5061.
II. Additional Information
The NRC published a notice of availability of DG-5061 (ADAMS
Accession No. ML18016A129) in the Federal Register on August 23, 2018
(83 FR 42623) for a 60-day public comment period. The public comment
period closed on October 22, 2018. Public comments received on DG-5061
and the staff responses are available in ADAMS under Accession No.
ML21266A132.
In order to incorporate updates in industry documents, DG-5061 was
re-issued in the Federal Register on March 3, 2022 (87 FR 12208) for a
60-day public comment period. The public comment period closed on May
2, 2022. Public comments received on DG-5061 and the staff responses
are available in ADAMS under Accession No. ML22258A200.
As noted in the Federal Register on December 9, 2022 (87 FR 75671),
this document is being published in the ``Rules'' section of the
Federal Register to comply with publication requirements under 1 CFR
chapter I.
III. Congressional Review Act
This RG is a rule as defined in the Congressional Review Act (5
U.S.C. 801-808). However, the Office of Management and Budget has not
found it to be a major rule as defined in the Congressional Review Act.
IV. Backfitting, Forward Fitting, and Issue Finality
RG 5.71 describes methods acceptable to the NRC staff for complying
with the NRC's regulations to meet the regulatory requirements in 10
CFR 73.54. Issuance of this RG, would not constitute backfitting as
defined in 10 CFR 50.109, ``Backfitting,'' and as described in NRC
Management Directive (MD) 8.4, ``Management of Backfitting, Forward
Fitting, Issue Finality, and Information Requests,'' constitute forward
fitting as that term is defined and described in MD 8.4; or affect the
issue finality of any approval issued under 10 CFR part 52, ``Licenses,
certifications, and approvals for nuclear power plants.''
[[Page 9118]]
V. Submitting Suggestions for Improvement of Regulatory Guides
A member of the public may, at any time, submit suggestions to the
NRC for improvement of existing RGs or for the development of new RGs.
Suggestions can be submitted on the NRC's public website at https://www.nrc.gov/reading-rm/doc-collections/reg-guides/contactus.html.
Suggestions will be considered in future updates and enhancements to
the ``Regulatory Guide'' series.
Dated: February 7, 2023.
For the Nuclear Regulatory Commission.
Meraj Rahimi,
Chief, Regulatory Guide and Programs Management Branch, Division of
Engineering, Office of Nuclear Regulatory Research.
[FR Doc. 2023-02941 Filed 2-10-23; 8:45 am]
BILLING CODE 7590-01-P