Report a Safety Concern
Search

The U.S. Nuclear Regulatory Commission is in the process of rescinding or revising guidance and policies posted on this webpage in accordance with Executive Order 14151 Ending Radical and Wasteful Government DEI Programs and Preferencing, and Executive Order 14168 Defending Women From Gender Ideology Extremism and Restoring Biological Truth to the Federal Government. In the interim, any previously issued diversity, equity, inclusion, or gender-related guidance on this webpage should be considered rescinded that is inconsistent with these Executive Orders.

Home NRC Library Document Collections NUREG-Series Publications Brochures Prepared by NRC Staff

Guide for Information Technology Security: Policy for Processing Unclassified Safeguards Information (SGI) on NRC Computers (NUREG/BR-0168, Revision 3)

On this page:

Download complete document

Publication Information

Date Published: March 2004

Office of the Chief Information Officer
U.S. Nuclear Regulatory Commission
Washington, DC 20555-0001

Overview

Policy for Processing Unclassified Safeguards Information (SGI) on NRC Computers

Safeguards information (SGI) is sensitive unclassified information about the security measures for the physical protection of special nuclear material, source material, byproduct material, and production and utilization facilities. Under NRC regulations, SGI must be protected and unauthorized disclosures of SGI are subject to civil and criminal sanctions.

The protective measures required for SGI are similar to those required for classified data at the confidential level. SGI may be stored, processed or produced only on a stand-alone personal computer (PC)–that is, a PC not physically or in any other way connected to the NRC or any other unclassified network. The standalone PC unit must have a removable storage medium with a bootable operating system. The bootable operating system must be used to load and initialize the computer. The removable storage medium must also contain the software application programs, and all data must be processed and saved on the same removable storage medium. A mobile device (such as a laptop computer) may also be used for the automated processing of SGI provided the device is secured in an appropriate storage container when not in use.

If a stand-alone or mobile personal computer has a removable drive, the operating system and the applications and data used for SGI processing must all reside on the same removable drive. The removable hard drive must be secured in an approved security container when not in use. SGI files may be transmitted across an unclassified network (e.g., a network not approved for the transmission of classified data), only if they have first been properly encrypted using encryption algorithms approved by the National Institute of Standards and Technology (NIST) or the National Security Agency (NSA). Contact the Computer Security Staff (CSS) in the Office of the Chief Information Officer (OCIO) for assistance in identifying approved methods of encryption. The OCIO CSS phone number is (301) 415-7430.

Page Last Reviewed/Updated Wednesday, March 24, 2021