Information Security
The U.S. Nuclear Regulatory Commission (NRC) must protect classified and sensitive unclassified non-safeguards information (SUNSI) related to U.S. government programs for the physical protection and safeguarding of nuclear materials or facilities to ensure that such information is protected against unauthorized disclosure. The NRC protects three types of information:
Classified Information
Classified information at the NRC and at the facilities it regulates is primarily of two types:
- National Security Information (NSI): Information classified by an Executive Order, whose compromise would cause some degree of damage to the national security.
- Restricted Data (RD): Information classified by the Atomic Energy Act, whose compromise would assist in the design, manufacture, or utilization of nuclear weapons.
The lowest level of classified information is Confidential; the next higher is Secret, and the highest is Top Secret. Confidential and Secret information will also be either NSI or RD and may be marked C-NSI or S-RD, for example.
The NRC may consider information about an uncompensated physical protection vulnerability to be classified information even if the facility is not a classified facility, depending upon the nature of the vulnerability and its potential consequences.
Some classified material at NRC and at the facilities it regulates is classified by other government agencies. The NRC is not empowered to declassify such information without the permission of the originating agency. Other information may be declassified (once it no longer requires protection in accordance with established procedures) to promote the free flow of information. For details, see NRC's Declassification Program.
Access to classified information requires a personnel security clearance (NRC "Q" or "L") equal to or higher than the level of information and a need-to-know. NRC contractors who require access to classified information are subject to security terms and conditions as specified in contractual commitments.
Procedures for obtaining an NRC facility security clearance for entities regulated by the Commission are contained in 10 CFR Part 95. Procedures in 10 CFR Part 25 apply to persons who may require access to classified information related to a license, a certificate, or an applicant for a license or certificate.
Safeguards Information (SGI)
Safeguards information is a special category of sensitive unclassified information authorized by Section 147 of the Atomic Energy Act to be protected. Safeguards information concerns the physical protection of operating power reactors, spent fuel shipments, strategic special nuclear material, or other radioactive material.
While SGI is considered to be sensitive unclassified information, its handling and protection more closely resemble the handling of classified Confidential information than other sensitive unclassified information. The categories of individuals who are permitted access to SGI are listed in 10 CFR 73.21.
For additional detail, see the following related documents:
Sensitive Unclassified Non-Safeguards Information (SUNSI)
Sensitive unclassified non-safeguards information (SUNSI) is information that is generally not publicly available and encompasses a wide variety of categories (e.g., personnel privacy, attorney-client privilege, confidential source, etc.).
Information about a licensee's or applicant's physical protection or material control and accounting program for special nuclear material not otherwise designated as Safeguards Information or classified as National Security Information or Restricted Data is required by 10 CFR 2.390 to be protected in the same manner as commercial or financial information (i.e., they are exempt from public disclosure).
SUNSI policy and procedures are the responsibility of the Office of the Chief Information Officer.