Protecting People and the EnvironmentUNITED STATES NUCLEAR REGULATORY COMMISSION
UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR REACTOR REGULATION
WASHINGTON, D.C. 20555-0001
February 13, 1996
NRC GENERIC LETTER 96-02: RECONSIDERATION OF NUCLEAR POWER PLANT SECURITY
REQUIREMENTS ASSOCIATED WITH AN INTERNAL THREAT
Addressees
All holders of operating licenses or construction permits for nuclear power
reactors.
Purpose
The U.S. Nuclear Regulatory Commission (NRC) is issuing this generic letter to
notify addressees that the NRC has reconsidered its positions on certain
security measures associated with protecting nuclear power plants against an
internal threat. It is expected that addressees will review the information
for applicability to their facilities and consider actions, as appropriate.
However, suggestions contained in this generic letter are not NRC
requirements; therefore, no specific action or written response is required.
Background
The fitness-for-duty (FFD) rule (10 CFR Part 26) published on June 7, 1989,
required power reactor licensees to implement FFD programs. The access
authorization rule (10 CFR 73.56) published on April 25, 1991, required power
reactor licensees to implement access authorization programs. One objective
of these regulations was to ensure the reliability and trustworthiness of
persons granted unescorted access to protected areas at nuclear power
facilities. In light of these regulations, the NRC initiated an evaluation of
security requirements associated with protection against the insider threat at
nuclear power plants. One purpose of the evaluation was to determine if other
security requirements pertaining to protection against an insider remain
appropriate. The staff reported the results of its initial review in
SECY-92-272, "Re-Examination of Nuclear Power Plant Security Requirements
Associated With the Internal Threat," dated August 4, 1992. After performing
this initial review, the staff recommended a reduction or elimination of
certain security requirements that gave only marginal protection against the
insider threat.
After reviewing SECY-92-272, the Commission asked the staff to reexamine the
subject and explore alternatives for allowing reductions in unnecessary or
marginally effective security measures. The results of this reevaluation are
reported in SECY-93-326, "Reconsideration of Nuclear Power Plant Security
Requirements Associated With an Internal Threat," dated December 2, 1993.
9601230206. GL 96-02
February 13, 1996
Page 2 of 5
Description of Circumstances
In a staff requirements memorandum dated February 18, 1994, which is available
in the NRC public document room, the Commission endorsed staff recommendations
to (1) issue generic correspondence informing licensees of the opportunity to
revise certain commitments in their security plan and (2) proceed with
rulemaking regarding specific changes to reduce or eliminate certain security
requirements. This generic letter identifies those areas in which licensees
may choose to revise their plans without having to wait for the issuance of
the rule changes that are in progress. Section 10 CFR 73.55(a) specifies that
the Commission may authorize a licensee to provide measures for protection
against radiological sabotage other than those required by 10 CFR 73.55
paragraphs (b) through (h) if the licensee demonstrates that the measures have
the same high assurance objectives as specified in 10 CFR 73.55(a) and that
the overall level of system performance provides protection against
radiological sabotage equivalent to that which would be provided by
paragraphs (b) through (h) and meets the general performance requirements of
10 CFR 73.55(a). The Commission has determined that although the alternate
measures addressed herein could result in a small decrease in a licensee's
measures to protect against an internal threat, the additional licensee
commitments described reflect appropriately the same high assurance objectives
as specified in 73.55(a), and if properly implemented, the overall level of
system performance will provide protection equivalent to that provided by
paragraphs (b) through (h) and meet the general performance requirements of
10 CFR 73.55(a).
This generic letter was originally published in the Federal Register
(November 2, 1994) for public comment and has been modified on the basis of
those comments.
Discussion
Some of the changes identified will require licensees to submit security plan
changes in accordance with the provisions of 10 CFR 50.90, while other changes
may be processed in accordance with the provisions of 10 CFR 50.54(p) and can
be implemented without NRC approval. Staff positions reflected in A and D do
not apply to structures which are required to be bullet-resisting because
leaving these doors unlocked or failing to compensate for lock failures would
offset the bullet-resisting protection features.
As discussed below, licensee security plans may be revised in the following
four areas:
(I) Vital Area Access Control Measures
Changes to vital area (VA) access control measures identified below are
subject to confirmation that (1) certain other site-specific measures
are in place or will be implemented to demonstrate (e.g., through
contingency drills) that a capability, including a protective strategy,
exists to protect against an external adversary after making any of the . GL 96-02, February 13, 1996
Page 3 of 5
changes and (2) measures are in place to examine hand-carried packages
for explosives (at the protected area barrier) using equipment
specifically designed for that purpose.
Plan changes requesting any of the following VA measures must contain
commitments to hold contingency drills at a frequency sufficient to
maintain response capability for response personnel. The use of
"organic"-type X-ray equipment would satisfy the criteria for inspecting
hand-carried packages for explosives. Other acceptable methods would
include portable "sniffers" and visual inspection.
Subject to confirmation of these measures, the following changes to a
security plan may be acceptable:
A. Compensatory Measures - No compensatory measures need be taken for
either a lock or VA alarm failure for up to 72 hours after the
failure is discovered. After 72 hours, the equipment must either be
operable or compensatory actions taken by posting a guard or
watchman. During the first 72 hours of a lock or alarm failure,
that portal will be added to the existing patrol schedule to
periodically confirm functioning of the operable feature (lock or
alarm). If both lock and alarm fail at a portal, that portal must
be posted immediately (within the time specified in the current
plan).
B. Maintenance of Discrete Vital Area Access Lists - Separate access
authorization lists for each vital area of the facility may be
eliminated. As an alternative to those separate lists, it would be
acceptable to maintain a single listing of persons who have access
to any vital area. To maintain its accuracy, this listing would
have to be revised as the access status of a person changes,
especially as the status relates to removal or loss of vital area
access authorization, but a 31 day validation of the list is not
required.
C. Alarm Response - Modification to the response to vital area access
control alarms (doors) may be acceptable. Response is only needed
to a VA door intrusion or tamper alarm but not to other alarms. All
other alarms are to be resolved by existing procedures (e.g., assess
cause and fix problem).
D. Locked Condition of Door - Although locking mechanisms and access
control systems, including door alarms, would be retained, doors to
vital areas could be left unlocked. Licensees choosing this option
would be expected to have the capability to remotely lock the
door(s) from both the central and secondary alarm stations, as
necessary, in response to an external threat. Licensees choosing
this option would be expected to demonstrate their ability to
remotely lock doors in time to delay an adversary where delay was
essential in the protective strategy. Contingency drills should
test the use of the system locking function. The contingency plan . GL 96-02, February 13, 1996
Page 4 of 5
and procedures may have to be modified to indicate the immediate
"locking" of all VA doors during a safeguards emergency. Access
control systems would be retained on VA doors and would be expected
to continue to maintain a record of personnel access and generate
alarms if the door were opened by someone without a proper access.
Existing plan commitments for compensatory measures for failed door
alarms and access hardware must remain in effect, unless changes are
approved by the NRC. If the system function to lock the doors has
failed (unable to control locks from alarm stations), the VA doors
will have to be returned to a locked status.
The process for licensees to revise their security plans to implement
the changes to security measures in vital areas will depend on what is
presently contained in their security plans. Since acceptance of these
changes is conditional on confirmation of two offsetting conditions,
most changes would need to be processed in accordance with the
provisions of 10 CFR 50.90. Changes in security plans should include
commitments to the two measures described in the first paragraph of
Section I above.
(II) Access Search of On-Duty Armed Security Guards
Changes that would allow armed security officers who (1) are on duty and
carry a weapon in accordance with assigned duties, (2) have already been
searched during their current shift, and (3) have left the protected
area on official business, to reenter the protected area without being
subjected to the metal detector searches (but still be subjected to
explosive searches) would be acceptable. If search equipment is a
single unit containing both metal-detection and explosive-detection
equipment, alarms from the metal detector may be disregarded. The staff
considers that this change could be made to security plans in accordance
with the provisions of 10 CFR 50.54(p).
(III) Containment Access Control Measures
Changes were proposed, when this generic letter was published for public
comment, that would allow persons other than security personnel,
provided they are appropriately trained with respect to access control
procedures in accordance with the security plan, to perform the access
control function for personnel and materials entry into the containment
at any time frequent access is permitted to the containment. However,
this position is now unnecessary because the NRC amended its regulations
to eliminate 10 CFR 73.55(d)(8) effective October 10, 1995. Special
access controls for entry into the containment during periods of
frequent access are no longer required.
(IV) Alternative Measures for Control of Security Badges
Changes that would allow for alternative approaches for accountability
of picture badges used for unescorted access so that certain types of
badges may be taken outside the protected area. Alternative approaches . GL 96-02
February 13, 1996
Page 5 of 5
need to include the ability to ensure positive identification of
individuals upon entry to the protected area. For employees, such
changes can be made under 50.54(p). The staff considers that changes to
security plans to allow contractors to take security picture badges off
site would first require a request for exemption from the provisions of
10 CFR 73.55(d)(5). An exemption is not required for licensee employees
because the regulations currently allow licensee employees to take
badges off site. Upon approval of the exemption request for contractor
personnel, licensees would be allowed to implement the change in
accordance with the provisions of 10 CFR 50.54(p).
For assurance of unrestricted emergency access, the NRC staff notes the
advantages of (1) having the ability to remotely unlock doors to vital areas
from each alarm station, (2) ensuring that malfunctions result in doors
failing unlocked rather than locked, and (3) allowing all operators and
auxiliary operators to carry metal keys that can override keycard-operated
lock mechanisms. However, these conditions are not required for licensees to
implement any of the positions presented in this generic letter.
This generic letter requires no specific action or written response. If you
have any questions about this matter, please contact one of the technical
contacts listed below.
signed by
Dennis M. Crutchfield, Director
Division of Reactor Program Management
Office of Nuclear Reactor Regulation
Technical contacts: Loren L. Bush, NRR
(301) 415-2944
Internet:llb@nrc.gov
Robert F. Skelton, NRR
(301) 415-3208
Internet:rfs1@nrc.gov
