[Federal Register: October 31, 2006 (Volume 71, Number 210)] [Proposed Rules] [Page 64003-64068] ----------------------------------------------------------------------- Part IV Nuclear Regulatory Commission ----------------------------------------------------------------------- 10 CFR Parts 2, 30, et al. Protection of Safeguards Information; Proposed Rule [[Page 64004]] ----------------------------------------------------------------------- NUCLEAR REGULATORY COMMISSION 10 CFR Parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, and 150 RIN: 3150-AH57 Protection of Safeguards Information AGENCY: Nuclear Regulatory Commission. ACTION: Proposed rule. ----------------------------------------------------------------------- SUMMARY: The Nuclear Regulatory Commission (NRC) is proposing to amend its regulations for the protection of Safeguards Information (SGI) to protect SGI from inadvertent release and unauthorized disclosure which might compromise the security of nuclear facilities and materials. The amendments would affect certain licensees, information, and materials not currently subject to SGI regulations, but which are within the scope of Commission authority under the Atomic Energy Act of 1954, as amended (AEA). The NRC originally published a proposed rule on SGI on February 11, 2005 (70 FR 7196). The NRC is again publishing the proposed rule on SGI protection requirements in order to allow the public to comment on changes to the proposed rule text in response to public comment and to reflect amendments to the AEA in the Energy Policy Act of 2005 (EPAct) and Commission Orders issued to licensees authorized to possess and transfer items containing certain quantities of radioactive material. DATES: The comment period expires January 2, 2007. Submit comments specific to information collection aspects of this rule January 2, 2007. Comments received after that date will be considered if it is practical to do so, but the NRC is able to ensure consideration only for comments received on or before this date. ADDRESSES: You may submit comments by any one of the following methods. Please include the following number (RIN 3150-AH57) in the subject line of your comments. Comments on this rulemaking submitted in writing or in electronic form will be made available for public inspection. Because your comments will not be edited to remove identifying information, the NRC cautions against including personal information such as social security numbers and birth dates in your submission. Mail comments to: Secretary, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, Attn: Rulemaking and Adjudications Staff. E-mail comments to: SECY@nrc.gov. If you do not receive a reply e- mail confirming that we have received your comments, contact us directly at (301) 415-1966. You may also submit comments via the NRC's rulemaking Web site at http://ruleforum.llnl.gov. Address questions about our rulemaking Web site to Carol Gallagher at (301) 415-5905; e- mail: cag@nrc.gov. Comments can also be submitted via the Federal Rulemaking Portal http://www.regulations.gov. Hand deliver comments to 11555 Rockville Pike, Rockville, Maryland, 20852, between 7:30 a.m. and 4:15 p.m. Federal workdays. (Telephone: (301) 415-1966). Fax comments to: Secretary, U.S. Nuclear Regulatory Commission at (301) 415-1101. Publicly available documents related to this rulemaking may be examined and copied for a fee at the NRC's Public Document Room (PDR), Public File Area 01F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland. Selected documents, including comments, can be reviewed and downloaded electronically via the NRC rulemaking Web site at http://ruleforum.llnl.gov. You may submit comments on the information collections by the methods indicated in the Paperwork Reduction Act Statement. Publicly available documents created or received at the NRC after November 1, 1999, are available electronically at the NRC's Electronic Reading Room at http://www.nrc.gov/ NRC/ADAMS/index.html. From this site, the public can gain entry into the NRC's Agencywide Document Access and Management System (ADAMS), which provides text and image files of NRC's public documents. If you do not have access to ADAMS or if there are problems in accessing the documents located in ADAMS, contact the NRC's PDR Reference staff at 1-800-397-4209, 301-415-4737 or by e-mail to pdr@nrc.gov. FOR FURTHER INFORMATION CONTACT: Marjorie Rothschild, Senior Attorney, Office of the General Counsel, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone (301) 415-1633, e-mail MUR@nrc.gov or Bernard Stapleton, Office of Nuclear Security and Incident Response, Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone (301) 415-2432, e-mail BWS2@nrc.gov. Supplementary Information: I. Background II. Need for Rule III. Purpose of Rulemaking IV. Discussion A. Overview of Public Comments on the Original Proposed Rule B. Comments and Issues 1. Comments in Response to Specific Request for Comments 2. General Issues 3. Section-Specific Comments C. Section-by-Section Analysis D. Request for Specific Comment V. Criminal Penalties VI. Agreement State Issues VII. Voluntary Consensus Standards VIII. Finding of No Significant Impact: Environmental Assessment IX. Paperwork Reduction Act Statement X. Regulatory Analysis XI. Regulatory Flexibility Certification XII. Backfit Analysis I. Background The NRC first published proposed amendments to its rules in parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, 150 governing the handling of Safeguards Information and creating a new category of protected material, Safeguards Information-Modified Handling on February 11, 2005 (70 FR 7196). Subsequently, Congress passed the Energy Policy Act of 2005 (EPAct), Pub. L. No. 109-58, 119 Stat. 594. Section 652 of the EPAct amended section 149 of the Atomic Energy Act (AEA) to require fingerprinting, for criminal history check purposes, of a broader class of persons. With regard to access to SGI before the EPAct, the NRC's fingerprinting authority was limited to requiring licensees and applicants for a license to operate a nuclear power reactor under 10 CFR part 50 to fingerprint individuals prior to granting access to SGI. The EPAct expanded the NRC's authority to require fingerprinting of only individuals with access to SGI. Under the EPAct, NRC has the authority to require that the following individuals conduct fingerprinting before granting access to SGI: (1) Individuals licensed or certified to engage in an activity subject to regulation by the Commission; (2) individuals who have filed an application for a license or certificate to engage in Commission- regulated activities; and (3) have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission. Previously, section 149 of the AEA only required fingerprinting and criminal history records checks of individuals seeking access to SGI (as defined in Sec. 73.2) from a power reactor licensee or license applicant. The EPAct preserved the Commission's authority in section 149 to relieve by rule certain persons from the fingerprinting, identification, and [[Page 64005]] criminal history records checks. The Commission recently exercised that authority to relieve by rule certain categories of persons from those requirements including Federal, State, and local officials involved in security planning and incident response, Agreement State employees who evaluate licensee compliance with security-related orders, members of Congress who request SGI as part of their oversight function, and certain foreign representatives. These exemptions are based on the Commission's findings that (1) interrupting those individuals' access to SGI to perform fingerprinting and criminal history checks would harm vital inspection, oversight, planning, and enforcement functions, (2) it would impair communications among the NRC, its licensees, and first responders in the event of an imminent security threat or other emergency, and (3) it could strain the Commission's cooperative relationships with its international counterparts, and might delay needed exchanges of information to the detriment of current security initiatives both at home and abroad. The final rule was published in the Federal Register on June 13, 2006 (71 FR 33,989). That final rule was necessary to avoid disruption of the Commission's information sharing activities during the interim period while the Commission completes the overall revision of the regulations in this rulemaking. We have revised the original proposed rule to reflect the new requirements under the EPAct, and the final rule cited above, and we are again seeking public comment before promulgating a final SGI rule. We have also made revisions to reflect public comments on the original proposed rule, recent Commission direction, and Orders issued to licensees authorized to possess and transfer items containing certain quantities of radioactive material. The Commission requests that comments on this revised proposed rule focus on the changes and additions to the original proposed rule and not on areas discussed in previous comments. Because the public has already had opportunity to comment on much of the material contained in this revised proposed rule, the Commission has determined that a 60-day comment period is appropriate, and requests for extension of the commenting period will not be granted. SGI is a special category of sensitive unclassified information to be protected from unauthorized disclosure under Section 147 of the AEA. Although SGI is considered to be sensitive unclassified information, it is handled and protected more like Classified National Security Information than like other sensitive unclassified information (e.g., privacy and proprietary information). Part 73, ``Physical Protection of Plants and Materials,'' of the NRC's regulations in Title 10 of the Code of Federal Regulations (CFR) contains requirements for the protection of SGI. Commission orders issued since September 11, 2001, have also imposed requirements for the designation and protection of SGI. These requirements apply to SGI in the hands of any person, whether or not a licensee of the Commission, who produces, receives, or acquires SGI. An individual's access to SGI requires both a valid ``need to know'' the information and authorization based on an appropriate background investigation. Power reactors, certain research and test reactors, and independent spent fuel storage installations are examples of the categories of licensees currently subject to the provisions of 10 CFR part 73 for the protection of SGI. Examples of the types of information designated as SGI include the physical security plan for a licensee's facility, the design features of a licensee's physical protection system, and operational procedures for the licensee's security organization. The Commission has authority under Section 147 of the AEA to designate, by regulation or order, other types of information as SGI. For example, Section 147a.(2) allows the Commission to designate as SGI a licensee's or applicant's detailed security measures (including security plans, procedures and equipment) for the physical protection of source material or byproduct material in quantities determined by the Commission to be significant to the public health and safety or the common defense and security. The AEA explicitly provides in Section 147a. that ``any person, whether or not a licensee of the Commission, who violates any regulations adopted under this section shall be subject to the civil monetary penalties of Section 234 of this Act.'' Furthermore, willful violation of any regulation or order governing SGI is a felony subject to criminal penalties in the form of fines or imprisonment, or both, as prescribed in Section 223 of the AEA. The Commission has, by order, imposed SGI handling requirements on certain categories of these licensees. An example is the November 25, 2003 Order issued to certain materials licensees.\1\ Violations of SGI handling and protection requirements, whether those specified in part 73 or those imposed by order, are subject to civil and criminal sanctions. Licensee employees, past or present, and all other persons who have had access to SGI have a continuing obligation to protect SGI in order to prevent inadvertent release and unauthorized disclosure. Information designated as SGI must be withheld from public disclosure and must be physically controlled and protected. Protection requirements include: (1) Secure storage; (2) document marking; (3) restriction of access; (4) limited reproduction; (5) protected transmission; (6) controls for information processing on electronic systems; and (7) destruction of SGI. The AEA explicitly provides in Section 147a. that ``any person, whether or not a licensee of the Commission, who violates any regulations adopted under this section shall be subject to the civil monetary penalties of Section 234 of this Act.'' Furthermore, willful violation of any regulation or order governing SGI is a felony subject to criminal penalties in the form of fines or imprisonment, or both, as prescribed in Section 223 of the AEA. --------------------------------------------------------------------------- \1\ This Order was published in the Federal Register as ``Licensees Authorized to Manufacture or Initially Transfer Items Containing Radioactive Material for Sale or Distribution and Who Possess Certain Radioactive Material of Concern and all Persons Who Obtain Safeguards Information Described Herein; Order Issued on November 25, 2003, Imposing Requirements for the Protection of Certain Safeguards Information (Effective Immediately),'' (69 FR 3397; Jan. 23, 2004). --------------------------------------------------------------------------- II. Need for Rule Changes in the threat environment have revealed the need to protect as SGI additional types of security information held by a broader group of licensees. The current regulations do not specify all of the types of information that could be designated as SGI and are now recognized to be significant to the public health and safety or the common defense and security. The unauthorized release of this information could result in harm to the public health and safety and the Nation's common defense and security, as well as damage to the Nation's critical infrastructure, including nuclear power plants and other facilities and materials licensed and regulated by the NRC or Agreement States. Since September 11, 2001, the NRC has issued orders that have increased the number of licensees whose security measures will be protected as SGI and added types of security information considered to be SGI. Orders have been issued to power reactor licensees, fuel cycle facility licensees, certain source material licensees, and certain byproduct material licensees. Some of [[Page 64006]] the orders expanded the types of information to be protected by licensees who already have an SGI protection program, such as nuclear power reactor licensees. Other orders were issued to licensees that have not previously been subject to SGI protection requirements in the regulations, such as certain licensees authorized to manufacture or initially transfer items containing radioactive material.\2\ Some orders imposed a new designation detailing modified handling requirements for certain SGI: Safeguards Information-Modified Handling (SGI-M). The more precise term is ``Safeguards Information-designated as Safeguards Information-Modified Handling'' to distinguish between ``type of information''--SGI, and the two sets of handling requirements ``SGI'' and ``SGI-M''. We are not seeking to create another type of information separate from SGI, and in fact SGI-M is SGI. --------------------------------------------------------------------------- \2\1\ See Order (69 FR 3397; January 23, 2004). --------------------------------------------------------------------------- SGI-M refers to SGI with handling requirements that are modified somewhat due to the lower risk posed by unauthorized disclosure of the information. The SGI-M protection requirements apply to certain security-related information regarding quantities of source, byproduct, and special nuclear materials for which the harm caused by unauthorized disclosure of information would be less than that for SGI. Some of the requirements imposed by orders that have increased the types of information to be considered SGI are not covered by the current regulations. Although the Commission has the authority to impose new SGI requirements through the issuance of orders, the regulations would not reflect current Commission SGI policy and/or requirements. Consequently, the NRC has opted to amend its regulations. III. Purpose of Rulemaking NRC staff review of the SGI regulatory program indicates that changes in the regulations are needed to address issues such as access to SGI, types of security information to be protected, and handling and storage requirements. This rulemaking will: (1) Revise the definition of ``need to know'' in 10 CFR 73.2; (2) Implement expanded fingerprinting and criminal history check procedures for broader categories of individuals who will have access to SGI unless exempt from those requirements; (3) Implement a requirement for background checks which form the basis for demonstrating trustworthiness and reliability for individuals who will have access to SGI unless exempt from those requirements. As discussed in detail later, background checks are comprised of several elements, which would now include a criminal history check; (4) Modify part 73 to reflect the Commission's recent experience and actions, including addressing requirements contained in Orders issued following the terrorist attacks of September 11, 2001; (5) Expand the scope of part 73 to include additional categories of licensees (e.g., source and byproduct material licensees, research and test reactors not previously covered, and fuel cycle facilities not previously covered); (6) Expand the types of security information covered by the definition of SGI in Sec. 73.2 and the information categories described in Sec. Sec. 73.22 and 73.23 to include detailed security measures for the physical protection of byproduct, source, and special nuclear material; security-related scenarios and implementing procedures; uncorrected vulnerabilities or weaknesses in a security system; and certain training and qualification information; and (7) Clarify requirements for obtaining access to SGI in the context of adjudications and clarify the appeal procedures available. (8) Modify the original proposed rule to align it with the final rule in 10 CFR 73.59 granting relief from the identification and criminal history records check element (including fingerprinting) of background checks for designated categories of individuals. (9) Modify 10 CFR 73.59 to make it consistent with the language and structure of the proposed SGI rule. A graded approach based on the risks and consequences of information disclosure would be used in determining which category of licensee or type of information would be subject to certain protection requirements. This graded approach can be applied to issues such as the type of information to be protected, the classes of licensees subject to the rule, and the level of handling requirements necessary for the various licensees. For example, the graded approach would allow certain licensees to employ the modified-handling procedures introduced in recent orders and now set forth in the provisions of this revised proposed rule. The requirements set forth in this revised proposed rule are the minimum restrictions the Commission finds necessary to protect SGI against inadvertent release or unauthorized disclosure which might compromise the health and safety of the public or the common defense and security. The revised proposed rule would cover those facilities and materials the Commission has already determined need to be protected against theft or sabotage. The categories of information constituting SGI relate to the types of facilities and the quantities of special nuclear material, source material and byproduct material determined by the Commission to be significant and therefore subject to protection against unauthorized disclosure pursuant to Section 147 of the AEA. Unauthorized release of SGI could reduce the deterrence value of systems and measures used to protect nuclear facilities and materials and allow for the possible compromise of those facilities and materials. Such disclosures could also facilitate advance planning by an adversary intent on committing acts of theft or sabotage against the facilities and materials within the scope of the revised proposed rule. Further, the Commission has determined, pursuant to Section 147a.(3)(B) of the AEA, that the unauthorized disclosure of the information that is the subject of this revised proposed rule could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of nuclear material or a production or utilization facility. The Commission has distinguished SGI designated as SGI-M, needing modified protection, from SGI for reactors and fuel cycle facilities that require a higher level of protection. IV. Discussion A. Overview of Public Comments on the Original Proposed Rule On February 11, 2005, (70 FR 7196), the Commission published a proposed rule and requested public comments by March 28, 2005. Twenty- five comment letters were received, in addition to 622 letters from members of the public that were substantively identical. Copies of those letters are available for public inspection and copying for a fee at the NRC Public Document Room, 11555 Rockville Pike, Rockville, Maryland, or on the NRC's Agencywide Document Access and Management System, available online at: http://www.nrc.gov/reading-rm/adams/web-based.html . Two comment letters were from trade unions, four were from public interest or government watchdog groups, one was from a journalist group, three were from members of the public, one was from a State government agency, two were from the U.S. Department of [[Page 64007]] Energy, one was from a law firm that represents nuclear utilities, and eleven were from utilities or nuclear industry groups. The comment letters provided various points of view and suggestions for clarifications, additions, deletions, and changes. Responses to the comments, including those in the 622 letters from the public, are set forth below. B. Comments and Issues 1. Comments In Response to Specific Request for Comments In the February 2005 proposed rule, the NRC solicited specific public comment on the issue associated with differing requirements for access to SGI and SGI-M. The original proposed rule Sec. Sec. 73.22(b)(1) and 73.23(b)(1) contained different requirements for performing background checks and making trustworthiness and reliability determinations for granting personnel access to SGI or SGI-M. These proposed requirements were based on the then-existing statutory authorization in Section 149 of the AEA for the NRC to require nuclear power reactor applicants or licensees to fingerprint individuals to be granted access to SGI. Before enactment of the EPAct on August 8, 2005, there was no similar statutory authorization to require fingerprinting by other applicants or licensees. Section 652 of the EPAct, however, amended Section 149 of the AEA to authorize the NRC to require fingerprinting of individuals granted access to SGI by all: (1) Individuals and entities engaged in activities subject to regulation by the Commission; (2) applicants for a license or certificate to engage in Commission-regulated activities; and (3) individuals and entities who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulations by the Commission. The NRC published the original proposed rule six months before the Energy Policy was enacted, specifically inviting comment on whether stakeholders perceived difficulties in complying with the varying requirements of SGI and SGI-M. The Commission has considered stakeholders' suggestions, comments, and proposals regarding the issue of whether a more uniform approach can be provided for background checks and trustworthiness and reliability determinations. Although comments may not have explicitly referred to this request for specific comment, many comments addressed the issue of performing background checks and the criteria for determining trustworthiness and reliability for access to SGI and SGI-M. These comments and detailed responses are set forth below. Commission views are also presented. One commenter expressed concern that the criteria to judge ``trustworthiness and reliability'' could be applied arbitrarily to restrict access to information by persons deemed to have interests opposing the NRC or nuclear industry. Commenters also questioned how a ``comprehensive background check'' would be conducted and what ``the other means'' for determining ``trustworthiness and reliability'' would be. Other commenters noted that the definition of ``trustworthiness and reliability'' does not clearly address how its requirements will be uniformly applied for all classes of individuals (for example, an individual who is not a utility employee such as an attorney for a utility or intervenor in an NRC adjudicatory proceeding), and whether there is a need for continued monitoring. Another commenter requested that the NRC address when background checks are required for persons requiring infrequent access to SGI or SGI-M such as commercial vendors periodically supplying security equipment and needed services to facilities. Some commenters requested greater detail on the criteria the NRC will use to determine access to SGI-M and that such criteria should allow for greater access to SGI-M because it poses ``a lower security risk.'' In response to these comments, the Commission notes that the purpose of the criteria to determine ``trustworthiness and reliability'' for access to SGI is to provide reasonable assurance to the person granting access and to the Commission that granting an individual access to SGI does not constitute an unreasonable risk to the public health and safety or the common defense and security. Applying the criteria to improperly restrict access to SGI on the basis of an individual's support or opposition to the nuclear industry is not consistent with the regulatory framework the Commission has established for granting access to SGI. The changes to the original proposed rule text reflect Commission efforts to more thoroughly address the criteria for determining access to SGI. For example, the revised proposed rule defines the term ``background check'' and provides greater specificity in the definition of the term ``trustworthiness and reliability.'' The revised proposed rule provides procedural protections to individuals seeking access to SGI in the context of adjudication both before and after an adverse determination of trustworthiness and reliability by the NRC Office of Administration. Before an adverse determination of trustworthiness and reliability is made, individuals would be entitled to use the procedures set forth in Sec. 73.57. In the context of NRC adjudications, individuals receiving an adverse determination on their background check for trustworthiness and reliability would be able to appeal that adverse determination to the presiding officer of the proceeding in which the SGI is sought. Potential witnesses, participants without attorneys, and attorneys would be able to request that the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the determination. Moreover, in the revised proposed rule, the Commission has standardized the criteria for access to SGI to implement amendments to Section 149 of the AEA contained in Section 652 of the EPAct. The revised proposed rule would require a Federal Bureau of Investigation criminal history check as part of the background check used to determine whether an individual is trustworthy and reliable before obtaining access to SGI, unless the Commission has otherwise provided. This requirement would extend to participants in NRC adjudicatory proceedings. The frequency with which access to SGI is needed is not a factor for determining access to SGI or SGI-M based on the governing provisions of the AEA or the Commission's regulatory framework implementing those provisions. Establishing an individual's need-to- know the information and trustworthiness and reliability is necessary whether an individual needs a one-time access to SGI or SGI-M or access multiple times. A trustworthiness and reliability determination based on a background check must be made except for individuals enumerated in Sec. 73.59 including contractors of an applicant or licensee. The Commission has determined that access to SGI and Safeguards Information designated as SGI-M by licensee employees, agents, vendors, or contractors must include both an appropriate need-to-know finding by the licensee and a finding concerning the trustworthiness and reliability of individuals having access to the information. Although a separate need-to-know determination will be required for each specific request for access to SGI, the requirement for a determination of trustworthiness and [[Page 64008]] reliability based on a background check could be considered satisfied within a certain period of time, 5 years for example. The same interval would apply to criminal history records checks (including fingerprinting), which are an element of a background check to determine trustworthiness and reliability. A commenter also questioned why the Commission would institute requirements applicable to SGI-M and suggested that the ``less risk- associated information'' be ``Official Use Only'' while some of the more sensitive information be ``Classified National Security Information.'' The Commission has distinguished SGI designated as SGI- M, needing a lower level of protection. Information meeting the definition of SGI in Section 147 of the AEA is being protected as such rather than under the designations proposed by this commenter because such information should be protected as SGI does not constitute Classified National Security Information. 2. General Issues Comment: Some commenters stated that the proposed regulations go beyond the ``minimum restrictions'' needed to protect the health and safety of the public or the common defense and security, as required by Section 147 of the AEA. Rather than applying this provision, the Commission has expanded the SGI category to include virtually anything it wants to withhold. Therefore, the original proposed rule should be withdrawn or drastically revised. Response: The Commission recognizes there are limits to its discretion under Section 147 of the AEA in determining what information presents security concerns significant enough to warrant protection as SGI. The revised proposed rule does not expand the Commission's discretion beyond statutory limits--the revised proposed rule describes the information the Commission considers SGI and is within the scope of the authority granted by Section 147 of the AEA. Section 147 of the AEA authorizes the Commission to protect information that specifically identifies the control and accounting procedures or security measures, including plans, procedures, and equipment used to protect source, byproduct, and special nuclear material. The categories of information to be protected under the rule fall well within this scope. Sections 73.22(a)(1) and 73.23(a)(1) would protect information associated with physical protection such as alarm system layouts, intrusion detection equipment, and security communications systems, among other information. Sections 73.22(a)(2) and 73.23(a)(2) would protect information associated with physical protection such as intrusion alarms, vehicle immobilization features, and plans for law enforcement coordination. Sections 73.22(a)(3) and 73.23(a)(3) would protect inspection reports, audits, and evaluations to the extent they discuss security measures or security vulnerabilities. All of this and other information categorized in the regulations, if publicly disclosed, could be used to specifically identify the control and accounting procedures or security measures, including security plans, procedures, and equipment used to protect source, byproduct, and special nuclear material and allow the circumvention of those plans, procedures, or equipment. The Commission's proposed conditions for access to SGI are not overly restrictive. Persons authorized access must be trustworthy and reliable based upon a background check to ensure that they will not purposely or inadvertently compromise the information. Access to SGI is limited to those with a ``need to know'' the information to avoid unnecessarily broad distribution of the information, which would increase the risk of inadvertent disclosures. As in the current SGI regulations, certain persons would be deemed trustworthy and reliable by virtue of their occupational status-these persons are generally members of government or law enforcement agencies, who in many cases have undergone background checks as a condition of their employment. Representatives of foreign governments or organizations would also not be subject to the background and criminal history checks, if approved by the Commission for access to SGI. Such an exemption is consistent with the Commission's historical practice. All of these persons would still be required to demonstrate a ``need to know'' the information. The Commission's proposed SGI handling requirements are not overly restrictive. Document marking requirements are necessary to distinguish SGI from other information so that it can be properly controlled. Locking up SGI while unattended is necessary to prevent unauthorized access to the information, as is limiting access to keys and knowledge of lock combinations. Restrictions on electronic processing, telecommunications and transmission are important to prevent interception of SGI, whether by electronic surveillance or other means. Comment: Many commenters suggested that the SGI designation does not permit the NRC to withhold all information and that the NRC is acting illegally and trying to silence those who are trying to improve nuclear safety. If instituted, these regulations would compromise the public's ability to hold the nuclear industry and its government regulators accountable for their management of nuclear facilities and materials. Response: The Commission recognizes that there are statutory limits to the use of the SGI designation. The revised proposed rule remains within these limits and describes categories of information that may properly be considered SGI. The revised proposed rule recognizes the Commission's authority to issue further orders or regulations designating information as SGI, provided it is within the scope of Section 147 of the AEA. The Commission's purpose in proposing this rulemaking is not to unnecessarily withhold information from the public, to silence criticism of nuclear safety or security policies or to prevent the public from offering suggestions for improvement. The proposed SGI regulations are intended to ensure adequate protection of the public health and safety and the common defense and security by preventing authorized disclosure of certain, limited category of information that could be used to compromise the security of nuclear facilities and materials. The Commission always welcomes public input on nuclear safety and nuclear security. Members of the public may write letters to the Commission, file petitions for rulemaking under 10 CFR 2.802, and file requests to institute a proceeding to modify, suspend, or revoke a license under 10 CFR 2.206. Members of the public may seek to initiate or participate in adjudications held in connection with proposed licensing actions. They may also attend public meetings to communicate their safety and security concerns. The NRC will always consider and respond to public concerns, but it must do so without compromising the safety and security of nuclear materials and facilities. Comment: One commenter stated that the original proposed rule would create a system without rights, duties, and obligations such as those in the Freedom of Information Act (FOIA), which would abuse the open government principles on which the United States was founded. Other commenters proposed that a final rule include procedures for designating [[Page 64009]] officials who may withhold SGI, to provide oversight of the system, and to allow for review or appeal of SGI or SGI-M determinations. A commenter stated that the NRC has not provided an individual the opportunity to challenge an SGI determination by appealing to the head of the agency. A commenter expressed concerns that a final rule needed the types of controls and checks that are built into the national security classification system. According to the commenter, there are no mechanisms for reviewing and appealing decisions to categorize information as SGI; the rule has an inadequate mechanism for removing information from SGI status once it has been categorized; there are no truly independent bodies to exercise oversight over SGI determinations; there is no recognized channel for getting disputes over SGI status into court; and there are insufficient mechanisms for making the portions of SGI information which would not present a risk in the form of redacted documents available to Congress, the news media, and the public. Response: Section 147 of the AEA sets forth the substantive legal requirements governing the protection of SGI. Section 147 of the AEA does not require the Commission to develop FOIA-like appeal procedures to resolve individual challenges to SGI designation on a case-by-case basis. Creation of FOIA-like appeal procedures would result in a cumbersome administrative process for SGI designation and potentially require substantial resources to implement and administer. The preferred approach is the one the Commission is proposing here-- providing the public notice of and opportunity to comment on categories of information the Commission would consider SGI. Throughout this rulemaking, the Commission has been open about the categories of information it seeks to protect and the reasons for protecting that information. The Commission is giving the public adequate notice of the approach and ample opportunity to challenge the Commission's SGI designations on a generic basis. There is no need to develop procedures for challenging the designation of information as SGI or SGI-M. Comment: One commenter proposed that the NRC should followup this rulemaking with the deletion of or revisions to current orders and advisory letters. In the interim, NRC should, by order or regulation, state that the revised regulations supersede all conflicting orders and advisory letters issued prior to the effective date of the revision to the regulations. Response: This revised proposed rule incorporates the requirements for SGI protection previously described in NRC orders and advisory letters. The final rule would, on its effective date, supersede all SGI orders and advisory letters issued prior to that effective date. The Commission will, however, take administrative action to withdraw all previously orders where appropriate. Comment: One commenter recommended that the NRC rule specify that security information or plans associated with a licensee possessing, using, transporting, or offering for transport greater than or equal to Category (CAT) I quantities of Strategic Special Nuclear Material (SSNM) be controlled as Classified National Security Information in accordance with the provisions of 10 CFR parts 25 and 95. In addition, the commenter recommends that the NRC revise the final rule with respect to the protection of information associated with security information and plans for a licensee possessing, using, transporting, or offering for transport CAT II and III quantities of special nuclear material (SNM) to utilize a risk-informed and graded approach consistent with the change to CAT I SSNM, specifically: (1) Security information and plans for licensees possessing, using, transporting, or offering for transport less than a formula quantity of SSNM but greater than or equal to a CAT II quantity of SNM (consisting of U-233, Pu, or high-enriched U-235 (enriched to 20 percent or more)) should be controlled as SGI per the requirements of Sec. Sec. 73.21 and 73.22 of the original proposed rule; (2) Security information and plans for licensees possessing, using, transporting, or offering for transport less than a CAT II quantity of SNM (consisting of U-233, Pu, or high-enriched U-235 (enriched to 20 percent or more)), but more than 10 kg of a CAT III quantity of SNM, or a CAT II quantity of low-enriched U-235 (enriched to less than 20%) should be controlled as SGI-M per the requirements of Sec. Sec. 73.21 and 73.23 of the original proposed rule; (3) The risks associated with security information and plans for licensees possessing, using, transporting, or offering for transport less than a CAT III of SNM do not require protection under part 73. The commenter suggests that this approach would provide greater regulatory clarity than the NRC's original proposed rule language of ``fuel cycle facilities required to implement security measures'' and ``fuel cycle facilities'' in Sec. Sec. 73.21(a)(1)(i) and 73.22 introductory text, respectively, by clearly identifying de minimis levels of SNM requiring protection. The commenter also recommends that the NRC revise part 76 to incorporate this graded approach for certificate holders under part 76, because the requirements for protection of CAT I, II, or III SNM under parts 70 and 76 should be the same. Response: The revised proposed rule language clearly indicates that it only applies to information that is not classified as Restricted Data or National Security Information. If the specific information is considered to be Restricted Data or National Security Information it would be protected as such and the SGI provisions would not apply. The NRC staff agrees that a graded approach should be used, and the revised proposed rule uses a graded approach. The staff agrees that additional clarification is necessary to explain what is meant by fuel cycle facilities. The original proposed rule text has been revised to add clarity. Fuel fabrication facilities, uranium enrichment facilities, uranium hexafluoride conversion facilities, and independent spent fuel storage installations will be subject to the provisions in Sec. 73.22 for SGI. Research and test reactors and other facilities that have special nuclear material of low or moderate strategic significance will be subject to the provisions of Sec. 73.23 for SGI- M. Comment: One commenter suggested that a final rule either: (1) Remove the designation of site access information as SGI; or (2) specify that the ``need to know'' includes the protection of employment and labor rights, so that individuals involved in employment-related grievances, arbitration, litigation, and/or labor contract negotiations and administration may gain access to relevant SGI when such individuals qualify as ``Individuals Authorized to Access Safeguards Information''. Also, the commenter requests that the rule set forth a procedure by which employees and their representatives may apply to gain access to relevant SGI for the protection of employment and labor rights so that individuals involved in employment-related grievances, arbitration, litigation and/or labor contract negotiations and administration may gain access to relevant SGI when such individuals do not qualify as ``Individuals Authorized to Access Safeguards information.'' The commenter asserts that it is additionally problematic that site access information is SGI because it could lead to an unnecessary chilling effect having adverse safety implications. Removing [[Page 64010]] site access information as SGI or, alternatively, establishing provisions whereby employees and their representatives may obtain such information, will prevent violations of individuals' rights under applicable laws and will not compromise the safety of nuclear facilities. Response: The revised proposed rule would not designate ``site access information'' as SGI and is not intended to discourage individuals from raising safety or security concerns to licensees or the NRC. Employees of NRC licensees who feel they have been retaliated against for raising safety or security concerns are encouraged to seek potential enforcement action through the NRC and to go to the Department of Labor for potential personal remedies. There is no presumptive ``need to know'' for agents representing employees of NRC licensees in employment-related grievances. The revised proposed rule would not establish a special procedure by which agents representing employees of NRC licensees may have access to SGI, but the Commission retains the authority to grant such access if the circumstances of an individual case so require. Comment: One commenter contended that the Commission lacks the statutory authority to impose regulations for the protection of SGI pertaining to the security measures of State licensees. According to this commenter, the licensees or applicants referred to in Section 147 of the AEA are clearly those of the Commission only, and not of the Agreement States. Response: Section 147a. of the AEA requires the Commission, in relevant part, to prescribe such regulations or issue such orders as necessary to prohibit the unauthorized disclosure of SGI. The Commission also has authority under Subsections 161b. and 161i. to issue rules, regulations, or orders to protect the common defense and security. Moreover, Section 274m. of the AEA, ``Cooperation with States,'' provides that no agreement entered into pursuant to Section 274b. shall affect the Commission's authority under Subsections 161b. and, 161i. As to the commenter's assertions regarding the terms ``licensee'' or ``applicant,'' the plain language of Section 147 refers simply to ``licensee's or applicant's [detailed information].'' Section 147 draws no distinction between a ``Commission licensee'' as the commenter asserts and an ``Agreement State licensee.'' Thus, on its face, the statute does not support the commenter's viewpoint. Comment: One commenter suggested that a final rule should focus not only on SGI and SGI-M material, but should include rules for the protection of other levels of information. Response: The scope of this rulemaking, as stated in the original proposed rule, is limited to amending the regulations for the protection of SGI. Other types of information are governed by separate requirements. For example, an executive order, applicable government- wide, controls Classified National Security Information. E.O. 12958, as amended, ``Classified National Security Information'', and related directives of the Information Security Oversight Office, National Archives and Records Administration, April 20, 1995. NRC regulations found in 10 CFR 2.390 govern handling of other categories of sensitive unclassified information. The NRC has determined that no further changes to NRC regulations are warranted at this time. Comment: One commenter questioned the ``correct'' categorization of information the NRC considers to be SGI. According to the commenter, when a Department of Energy (DOE) facility is licensed, there may be difficulties in deciding if the information should be Classified National Security Information (CNSI) or SGI. On the other hand, the commenter asserted that ``Official Use Only'' should be considered before marking the information as SGI. Response: The proposed amendments to the regulations reflect the statutory definitions of SGI in Section 147 of the AEA. The Commission believes that the definitions in the revised proposed rule accurately reflect the information described in Section 147 as SGI. Both the relevant proposed amendments to part 73 as well as guidance that would be issued by the staff would assist licensees in correctly designating information to be protected as SGI. The DOE has previously demonstrated that it has a comprehensive program governing the classification of information. As noted in the original proposed rule, any information classified as National Security Information would carry that designation and not be designated as SGI. It is appropriate for any entity possessing sensitive information, classified or otherwise, to consider all possible and appropriate classifications/designations of information when making decisions to protect such information from public disclosure. The Commission expects that information falling within the definition of SGI will be so designated, thus mandating the withholding of the information from public disclosure and that only information properly characterized as SGI will be designated as such. In this regard, the Commission notes that information marked as ``Official Use Only'' does not assure that the information will be withheld from public disclosure. Comment: One commenter recognized that requirements in 10 CFR 73.22, for SGI, would apply to reactors and licensees authorized to possess a formula quantity of SSNM, while requirements in 10 CFR 73.23, for SGI-M, would apply to licensees authorized to possess certain quantities of source and byproduct material and SNM of moderate or low strategic significance. The commenter pointed out that some licensees are authorized to possess, in one license, in excess of a formula quantity of SSNM, in addition to a significant quantity of source material and byproduct material. The commenter suggested that the rule is not clear on whether such a licensee should follow Sec. 73.22 or Sec. 73.23. The commenter further suggested that it would seem burdensome for a single licensee to have separate SGI and SGI-M programs. Another commenter noted that industry discussions with the NRC led it to believe that controlling SGI-M documents under its existing SGI program was acceptable; however, the proposed changes in paragraph (d) of Sec. Sec. 73.22 and 73.23 appear to contradict that position and expand the marking and handling requirements to apply to both SGI and SGI-M documents. That commenter noted that, given the effectiveness of the current program, there does not appear to be any justification for the additional marking requirements in paragraph (d). Response: The NRC agrees with the comment that it could be inefficient for licensees possessing categories or quantities of material under Sec. Sec. 73.22 and 73.23 to implement both information protection schemes. Licensees subject to both Sec. Sec. 73.22 and 73.23 would be in compliance with the requirements for protection of SGI if they implement the higher protection standards in Sec. 73.22, or they may choose to implement a multi-level approach. Licensees with a single-level information security system could use the marking ``Safeguards Information'' in place of ``Safeguards Information-- Modified Handling.'' This alternative would be appropriate because the facility security measures and associated information protection requirements would be based on the higher category of asset possessed by the licensee. A primary difference between the SGI protection requirements in Sec. 73.22 and the SGI-M protection requirements in Sec. 73.23 is how the information is [[Page 64011]] marked and stored. SGI in the former category is marked ``Safeguards Information'' while the latter category is marked ``Safeguards Information designated as Safeguards Information-Modified Handling.'' The different markings are associated with different storage requirements. SGI described in Sec. 73.22 must be stored in a locked security storage container, but SGI described in Sec. 73.23 has a less stringent storage requirement--the information must be stored in a locked file drawer or cabinet or may be stored in a security container as described in Sec. 73.22. Proper marking is necessary when SGI is communicated between entities or parties so that the recipient does not receive a document with markings that would require storage in a container that the recipient does not possess. It is the duty of the licensee or applicant who transfers documents containing SGI to a party beyond their control to ensure that the document is properly marked. Without the appropriate document markings, the sender inadvertently could cause a violation of the regulations. Comment: One commenter noted that the expanded types of documents that must be handled as SGI or SGI-M and the addition of marking requirements will require additional effort and time to implement. Therefore, the commenter suggested that the rule allow at least one year for the licensee to effectively implement the requirements. Response: The NRC recognizes that SGI requirements require effort and time to implement, but does not concur that one year is necessary for implementation. This revised proposed rule reflects orders already imposed by the Commission and would expand the types of security information covered by Sec. 73.2. Considering the scope of the rule, the Commission proposes to set an effective date for the final rule of 90 days from publication in the Federal Register. Comment: One commenter stated that the reference in the Supplementary Information portion of the original proposed rule to criminal penalties for violation of Commission requirements governing SGI should clarify that criminal sanctions are only imposed for willful violations. Response: In response to this comment, the relevant language in Section I. (``Background'') of this revised proposed rule has been changed to remove ambiguity about the application of criminal penalties for violations of the AEA (i.e., such penalties apply to willful violations only). Comment: One commenter asked whether DOE facilities licensed by the NRC would be excluded from all orders. Response: To the extent that the NRC has regulatory authority over a DOE facility, the NRC has the authority to issue orders to the DOE applicable to that facility. 3. Section-Specific Comments Parts 60 and 63: Disposal of High-Level Radioactive Waste in Geologic Repositories; Disposal of High-Level Radioactive Wastes in a Geologic Repository in Yucca Mountain, Nevada Comment: One commenter suggested that the degree of information security required for facilities licensed under parts 60 and 63 is insufficient for the protection of National Security Information and is inconsistent with long-standing NRC classification guidance, recent Commission and staff actions, as well as the 2004 ``Joint DOE and NRC Sensitive Unclassified Information and Classification Guide for the Office of Civilian Radioactive Waste Management Program'' (CG-OCRWM-1, which is non-public). The commenter contends that this inconsistency in language will cause regulatory confusion and could lead to inadequate protection of National Security Information or inadequate enforcement authority. Specifically, the commenter notes that the proposed language in Sec. Sec. 70.22, 70.32, 73.2, and 73.22 refers to physical security, safeguards contingency, and guard qualification and training plans information being controlled as SGI per Sec. Sec. 73.21 and 73.22. However, CG-OCRWM-1, the commenter notes, indicates that certain information associated with the proposed Yucca Mountain repository will be considered National Security Information. In addition, the commenter contends that Sec. Sec. 60.21, 60.42, 63.21, and 63.42 refer to the ``design for physical security'' to be protected as SGI, but does not mention the ``physical security plan.'' The commenter suggests that the NRC explicitly require the physical security plan for a repository licensed under parts 60 or 63 be protected as SGI or classified information, to ensure that the plan itself is properly protected and that greater regulatory consistency is maintained. In addition, the commenter recommends that the NRC revise parts 60 and 63 to require design for physical security and the physical security, safeguards contingency, and guard qualification and training plans be controlled as SGI or classified information per parts 25 and 95. Response: The SGI definition includes the disclaimer that it does not include information classified as National Security Information or Restricted Data. Any information covered by the classification guide as constituting National Security Information would continue to be classified. The proposed regulation would cover security related information that is not covered by the classification guide. Changes to this revised proposed rule are not necessary to specify which information is considered to be National Security Information and which is SGI, however, changes to the original proposed rule have been made in Sec. Sec. 60.21, 60.42, 63.21, and 63.42 to clarify that security information associated with a geologic repository would be protected as SGI or as classified information. The NRC has also revised the original proposed rule language to remove the inconsistency in terminology for the ``physical security,'' ``safeguards contingency,'' and ``guard qualification and training plans.'' Comment: One commenter suggested that the program entitled ``Joint DOE and NRC Sensitive Unclassified Information and Classification Guide for the Office of Civilian Radioactive Waste Management Program'' remains an adequate and acceptable program, as written, for the identification of SGI and its continued use in the part 63 licensing process will be in compliance with this rulemaking. Response: A classification/designation guide, ``Joint DOE and NRC Sensitive Unclassified Information and Classification Guide for the Office of Civilian Radioactive Waste Management Program,'' has been issued by the NRC and the DOE. This guide reflects the current laws and regulations governing classification and designation of information required to be protected from unauthorized disclosure. The NRC staff believes that this guide represents the information proposed to be protected by the current rulemaking. Part 73: Physical Protection of Plants and Materials Section 73.2 Definitions The Commission received numerous comments on the definitions. Commenters asked the Commission to revise, delete, or add definitions for terms used in the rule. Some new terms have been added because of changes made in other sections of the revised proposed rule. Public comments and responses to the comments, as well other reasons for changes to Sec. 73.2, are presented below. [[Page 64012]] Comprehensive Background Check Comment: Commenters suggested that the term ``comprehensive background check'' be defined. Response: The Commission has changed the phrase ``comprehensive background check'' to ``background check'' in the new proposed rule. The change is intended to more clearly distinguish the background check requirements of this revised proposed rule from the background investigation requirements of other regulations governing access authorization (10 CFR 73.56). Background investigations required under those regulations are arguably more comprehensive. To avoid the impression that the background check that would be required by this rule would be more stringent or probing than background investigations, the word ``comprehensive'' has been deleted. The Commission has included a general definition of ``background check'' in Sec. 73.2 of the revised proposed rule. A background check performed to determine the trustworthiness and reliability of an individual to be authorized access to SGI or SGI-M includes, at a minimum, a criminal history check, verification of identity, employment history, education, and personal references. The EPAct expanded the NRC's authority to fingerprint, and as such, entities engaged in activities subject to regulation by the Commission, entities who applied for licenses or certificates to engage in Commission-regulated activities, and entities who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission would be required under 10 CFR 73.57 to conduct criminal history checks, including fingerprints, before granting access to SGI or SGI-M to the employees of the individual's organization. Ultimately, the decision whether an individual is sufficiently trustworthy and reliable to receive SGI or SGI-M is made by the person granting access. In the case of information held by the NRC staff and the originator, the NRC staff would make the determination. The background check must be sufficient to support a trustworthiness and reliability determination so that the person granting access and the Commission have reasonable assurance that individuals granted access to SGI do not constitute an unreasonable risk to the public health and safety or the common defense and security. To reiterate, the background check that would be required by this revised proposed rule may not completely satisfy the background investigations required under other regulations. Nor does the trustworthiness and reliability determination based on the background check that would be required by this revised proposed rule satisfy the trustworthiness and reliability objectives of other regulations. For example, determining trustworthiness and reliability under 10 CFR 73.56 requires not only a background investigation, but a psychological assessment and behavioral observation as well. Determining trustworthiness and reliability under 10 CFR 26.10 requires chemical and alcohol testing under a fitness-for-duty program. Those requirements are separate from the requirements of this revised proposed rule. The NRC staff plans to issue further guidance that will include a discussion of acceptable background checks to support a licensee's trustworthiness and reliability determinations. Detailed Control and Accounting Procedures Comment: One commenter suggested that the term ``detailed control and accounting procedures'' for SNM needs clarification, for example, as to whether it includes: (1) The written directions for transferring fuel between the fuel pool and the reactor; (2) the outage schedule that shows when fuel movement occurs; (3) the real-time communication channels or video-monitoring to support fuel movement; or (4) the computer and software that performs the isotopic calculations for irradiated fuel. The commenter is concerned that restricting access to these types of detailed information would significantly hamper work coordination and communication within the protected area, without affecting what is commonly known outside the protected area in a more general sense. Response: In response to the request in this comment, the Commission notes that ``detailed control and accounting procedures'' do not include any of the four types of information set forth in this comment. Therefore, there should be no concern about restricting access to these types of information on the basis that they are SGI. High-Level Radioactive Waste, Spent Nuclear Fuel, and Irradiated Reactor Fuel Comment: A commenter requested that these terms be defined in Sec. 73.2. Response: The revised proposed rule would make conforming changes to 10 CFR part 72, ``Licensing Requirements for the Independent Storage of Spent Nuclear Fuel, High-Level Radioactive Waste, and Reactor- Related Greater than Class C Waste.'' The terms ``high-level radioactive waste'' and ``spent nuclear fuel'' are defined in existing 10 CFR 72.3. These definitions of ``high-level radioactive waste'' and ``spent nuclear fuel'' would not be affected and would continue to apply. The description of ``irradiated reactor fuel'' provided in Sec. 73.37 includes certain spent fuel described in parts 71 and 72, is consistent with the definition of spent fuel in the Nuclear Waste Policy Act (NWPA), and appropriately uses a graded approach for physical protection and safeguards considerations. Therefore, the Commission does not believe a separate definition of the term is needed in Sec. 73.2. Safeguards Information (``SGI'') Comment: Commenters stated that the definition of this term in the original proposed rule is too broad. They asked that the terms used in Section 147 of the AEA, ``a licensee's or applicant's'' detailed information, be included in the rule's definition of SGI. Response: This revised proposed rule modifies the definition of SGI to more closely track the language in Section 147, by including the term ``licensee's or applicant's [detailed information].'' However, SGI could include information other entities generate, e.g. vendors, as such information could ultimately identify a licensee's or applicant's detailed procedures, security measures, or other information within the scope of Section 147. Comment: A commenter suggested that while security measures to protect certain plant equipment vital to the safety of production or utilization facilities should be protected as SGI, the location of the equipment should not be included within the definition of SGI. Response: As set forth in Section 147 of the AEA, SGI includes ``security measures for the physical protection of and the ``location of certain plant equipment vital to the safety of production or utilization facilities involving nuclear material covered by paragraphs (1) and (2) [of Section 147a]''. The Commission has determined, in accordance with Section 147a.(3) of the AEA, that the unauthorized disclosure of this type of information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security. As required by Section [[Page 64013]] 147a.(3)(A), the Commission applied the minimum restrictions necessary to protect the health and safety of the public or the common defense and security in making this determination. As noted in the Statement of Considerations for the original proposed rule, one purpose of this rulemaking is to include in part 73 the types of information the Commission may protect as SGI, based on the description of SGI in Section 147 of the AEA. Accordingly, the Commission is keeping the language which is the subject of this comment in the definition of SGI in Sec. 73.2. Comment: A commenter requested that the definition of SGI in Sec. 73.2 include language that allows for temporary status of SGI, based, for example, on a six-month period in which there would be an immediate risk if the information were disclosed. Response: Designation of information as SGI is not static. Section 73.22(h), ``Removal from Safeguards Information category'' would require that documents originally containing SGI must be removed from the SGI category, in accordance with the criteria in Sec. 73.22(h), at such time as the information no longer meets the criteria contained in part 73. In addition, a review of such documents to make that determination shall be conducted every 10 years. Documents that are 10 years or older and designated as SGI or SGI-M shall be reviewed for a decontrol determination if they are currently in use or removed from storage. The Commission sees no need to modify the definition of SGI to reflect the non-permanent nature of the SGI designation, as the commenter requests. Comment: According to another comment, the definition of SGI should not allow a source or byproduct material ``exemption'' that would allow the NRC to categorize anything as SGI if it believed disclosure of that information could have an adverse effect on the public health and safety or the common defense and security. The commenter expressed concern that such language could be overused or abused, and therefore suggested that it be eliminated and that the definition of SGI be more precise and have clearly defined limits. Response: Section 147a.(2) of the AEA specifically includes as SGI security measures for the physical protection of source material or byproduct material in quantities determined by the Commission to be significant to the public health and safety or the common defense and security. The Commission has appropriately defined the categories of information to be protected as SGI or SGI-M in this rulemaking. Those categories are within the limits of the Commission's authority under Section 147 of the AEA. Comment: A commenter objected to the ``blanket exemption'' in the definition of SGI and requested that this ``exemption'' be eliminated. According to the commenter, such an ``exemption'' was unnecessary and could adversely impact workers'' and communities' abilities to monitor health risks. Response: The definition of SGI does not contain any explicit ``exemption.'' Therefore, the Commission can only surmise as to the ``exemption'' to which this comment refers. The commenter may be referring to that portion of the definition which reflects the Commission's authority, under Section 147a.(3) of the AEA, to determine certain security measures to be SGI, provided certain findings are made pursuant to Sections 147a.(3)(A) and (B). In exercising this authority, the Commission would, as reflected in the SGI definition, make the designation by order or regulation as specified in revised 73.22(a)(5) and 73.23(a)(5). The Commission is proposing to modify this portion of the definition of SGI to make clear that the ``other information'' would be within the scope of Section 147. Safeguards Information-Modified Handling (``SGI-M'') Comment: A commenter believes that the definition of this term is unclear and should be defined as ``lower-risk information'' and therefore have less rigorous restrictions and greater public access. Response: The definition of SGI-M in Sec. 73.2 is not as specific as the definition of SGI in Sec. 73.2. The main reason for this is that SGI-M is SGI for which modified handling requirements apply. As stated in the Statement of Considerations for the original proposed rule, the term SGI-M ``would be added to reflect this new designation for marking [and handling] of SGI subject to this regulation.'' 70 FR at 7199. The marking and handling requirements for SGI-M are set forth in Sec. 73.23, ``Protection of Safeguards Information-Modified Handling: Specific Requirements.'' Those requirements are less restrictive than for information marked SGI, for example, requirements for unattended storage of SGI-M set forth in Sec. 73.23(c)(2). The introductory text of Sec. 73.23 and paragraph (a) of that section specifically describe the types of information SGI-M that are subject to the handling requirements. Therefore, the Commission sees no need to modify the definition of SGI-M in the revised proposed rule. Significant Adverse Effect Comment: One commenter proposed that a final rule define the term ``significant adverse effect''. Response: The term ``significant adverse effect'' appears in Section 147.a. of the AEA, in the proposed definition of SGI, and elsewhere in the revised proposed rule. The term reflects the Commission's authority under Section 147a.(2) and (3) to protect against a certain type of unauthorized disclosure of information. Such an unauthorized disclosure is one which ``could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage'' of material or a facility. Thus, a ``significant adverse effect'' is one which could significantly increase the likelihood of such effects. The Commission believes that this statement adequately describes the term and a separate definition is not necessary. Transportation Physical Security Plan Comment: One commenter proposed that the final rule define the term ``transportation physical security plan''. Response: The phrase ``transportation physical security plan'' does not appear in the revised proposed rule. The new proposed rule would require protection of ``the composite physical security plan for transportation'' in Sec. 73.22(a)(2)(i), and ``information regarding transportation security measures, including physical security plans and procedures'' in Sec. 73.23(a)(2)(i). The revision was made in part because not all licensees who would be subject to the revised proposed rule are explicitly required to have a ``transportation security plan.'' The revised proposed rule is intended to protect information detailing the physical security measures and procedures used to protect source, byproduct, and special nuclear material in transit, whether or not those measures and procedures are contained in a document labeled ``transportation security plan.'' Because the term ``transportation physical security plan'' is not used in the revised proposed rule, there is no need to provide a definition. Threat Environment Comment: One commenter proposed that a final rule define the term ``threat environment.'' Response: The phrase, ``threat environment,'' does not appear in the revised proposed rule text and, therefore, a definition for that term is not warranted. [[Page 64014]] Trustworthiness and Reliability Comment: Several commenters from both public interest and industry groups expressed concern with the proposed definition of ``Trustworthiness and Reliability'' and whether it is sufficiently clear. One commenter wrote that it is conceivable that the criteria used to judge ``trustworthiness and reliability'' could be applied arbitrarily to restrict access to information by persons deemed to have interests in opposition to the NRC or the nuclear industry. This commenter also expressed concern that the procedure by which the ``comprehensive background check'' would be conducted is not clear. Another commenter expressed the opinion that the ``definition of trustworthiness and reliability does not clearly address how its requirements will be uniformly applied for all classes of individuals, nor is it clear as to whether there is a necessity for continued monitoring, nor is it clear what process an individual who is not a utility employee and does not have unescorted access must undergo to satisfy the criteria.'' A third commenter suggested that the definition of trustworthiness and reliability should include a link to Sec. Sec. 73.56 and 26.10 such that a positive conclusion for access authorization and fitness for duty would allow a licensee to conclude an individual is trustworthy and reliable; however, unescorted access should not be a requirement for ``trustworthiness and reliability.'' Finally, along similar lines, one commenter questioned whether elements in Sec. Sec. 73.56 and 26.10 must be completed in order to determine trustworthiness and reliability. If that is the case, the commenter suggested that it should be specified. The commenter also expressed concerns that such a definition would be challenging to administer, especially for contract engineering firms who are never at the site. Response: Ultimately, the decision whether an individual is sufficiently trustworthy and reliable to receive SGI is made by the person granting access based on a background check. The background check must be sufficient to support the trustworthiness and reliability determination so that the person granting access and the Commission have reasonable assurance that granting an individual access to SGI does not constitute an unreasonable risk to the public health and safety or the common defense and security. The general elements of a background check are defined in the revised proposed rule and discussed briefly above. Not all persons who would be subject to this rule will have fitness for duty or access authorization programs, so the revised proposed rule does not include cross-references to trustworthiness and reliability requirements in Sec. Sec. 26.10 or 73.56. Trustworthiness and reliability determinations required by those regulations may inform or serve as the trustworthiness and reliability determination that would be required under this revised proposed rule, if those determinations are based on a background check that also meet the requirements of this rule. The NRC staff plans to issue further guidance that will include discussion of acceptable background checks to support a licensee's trustworthiness and reliability determinations. There is no requirement in this revised proposed rule that an individual determined to be trustworthy and reliable undergo a periodic background check to confirm or monitor trustworthiness and reliability. However, should a licensee learn of information that would reasonably call into question the trustworthiness and reliability of an individual authorized access to SGI or SGI-M, the licensee should re-evaluate the individual. In the case of NRC adjudicatory proceedings where subsequent requests for access are made, a new determination may be required depending on the length of time that has elapsed between requests. The trustworthiness and reliability determination based on a background check that would be required does not necessarily satisfy the trustworthiness and reliability objectives of other regulations. For example, determining trustworthiness and reliability under 10 CFR 73.56 requires not only a background investigation, but a psychological assessment and behavioral observation as well. Determining trustworthiness and reliability under 10 CFR 26.10 requires chemical and alcohol testing under a fitness-for-duty program. Those requirements are separate from the requirements of this rule. The Commission realizes that the trustworthiness and reliability requirement could be difficult to administer. But the same is true of many requirements aimed at monitoring the behavior and character of individuals. That does not make the requirement any less essential to ensuring safety and security. Determining trustworthiness and reliability is crucial to minimizing the risk that SGI will be compromised, and the Commission expects persons making trustworthiness and reliability determinations to do so in a fair and reasoned way. Section 73.21 Protection of Safeguards Information: Performance Requirements Comment: One commenter suggested that Sec. 73.21 be revised to require SGI protection for information associated with the transportation of spent nuclear fuel (SNF) or high level waste (HLW) in greater quantities than 15 grams in order to be consistent with the NRC's fissile exemption limit for transportation purposes found in Sec. 71.15(b). As a conforming change, the commenter also proposed that Sec. 73.2 be revised to include definitions for ``spent nuclear fuel,'' ``high-level radioactive waste,'' and ``irradiated nuclear fuel,'' and that Sec. 73.72 should be revised in the final rule to refer to advance notifications of shipments of greater than 15 grams of SNF or HLW. Response: The Commission believes that the physical protection measures for shipments involving 100 grams or more of irradiated reactor fuel are appropriately controlled as SGI per Sec. 73.22. Detailed security measures, physical security plans and procedures for the transportation of source, byproduct, and SNM in greater than or equal to Category 1 quantities of concern are designated as SGI-M pursuant to Sec. 73.23(a)(2)(i). Those quantities cover the lower threshold for material as proposed by the commenter. NRC orders issued to persons transporting such materials require protection of such information and material when in transit. In response to the comment requesting definitions of the terms ``spent nuclear fuel,'' ``high-level radioactive waste,'' and ``irradiated nuclear fuel,'' the Commission noted that the first two terms are defined in 10 CFR 72.3 and the third term is described in Sec. 73.37. Therefore, separate definitions of these terms in part 73 are unnecessary. Section 73.21(a)(1) Comment: Two commenters suggested that the use of the terms ``fuel cycle facilities required to implement security measures'' in Sec. 73.21(a)(1)(i) and ``fuel cycle facilities'' in the introductory language of Sec. 73.22 are unclear. The commenters requested clarification on whether this is meant to apply to all fuel cycle facilities, or only those authorized to possess a formula quantity of special nuclear material, and not low strategic significance fuel cycle facilities, where SGI-M requirements might apply. Response: The Commission has changed the text of the new proposed rule by deleting the phrase ``fuel cycle facilities'' and replacing it with ``uranium hexafluoride production [[Page 64015]] facilities, fuel fabrication facilities, and uranium enrichment facilities.'' Fuel cycle licensees authorized to possess a formula quantity of SSNM remain subject to the requirements of Sec. 73.22 as originally proposed. Section 73.21(a)(2) Comment: Two commenters proposed that Sec. 73.21(a)(2) be amended to state that information protection procedures employed by Federal law enforcement agencies are also deemed to meet the general performance requirement, as some licensee facilities are located on Federal lands and Federal law enforcement officers respond to security events. Response: In response to this comment, the proposed Sec. 73.21(a)(2) is being modified to provide that information protection procedures employed by law enforcement agencies are presumed to meet the general performance requirements included in that section. Section 73.22 Protection of Safeguards Information: Specific Requirements Section 73.22(a) Information To Be Protected Comment: One comment recommended that the NRC should specify all the types of information and documents that are part of the ``expansion'' of what is considered to be SGI. Clarification is needed as to the meaning and application of undefined terms such as ``additional security measures,'' ``protective measures,'' and ``interim compensatory measures.'' Response: Both the definition of SGI and the description of the specific types of information to be protected as SGI provide sufficient details as to what information constitutes SGI. Any other information to be designated as SGI would be set forth in an order or regulation, in compliance with Section 147 of the AEA. Additionally, the terms ``additional security measures,'' ``protective measures,'' and ``interim compensatory measures,'' are being deleted from the text of Sec. 73.22(a), and therefore need not be defined. Section 73.22(a)(1) and 73.23(a)(1) Physical Protection Comment: A commenter suggested that Sec. Sec. 73.22(a)(1) and 73.23(a)(1) should be narrowed to those documents that contain sufficient detail on the licensee's actual strategies or procedures that, if inadvertently disclosed, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of material or a facility. The commenter indicated that it is unnecessary to categorize documents as SGI or SGI-M unless the information is specific to the facility or its protective strategy, or unless the protective features cannot be readily observed by an unauthorized individual from outside the Protected Area. Response: Proposed Sec. Sec. 73.22 and 73.23 would not protect all information related to the materials and facilities described in those sections. Sections 73.22 and 73.23 are explicitly limited to the protection of SGI and SGI-M. By definition, SGI and SGI-M is information the unauthorized disclosure of which could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of source, byproduct, or SNM. Sections 73.22(a)(1) and 73.23(a)(1) do not expand that limited scope. No changes have been made to the revised proposed rule. The Commission disagrees that SGI should include only information specific to a facility or its defensive strategy. While such information clearly requires protection, so does certain generic information, such as the design basis threat implementing guidance, which describe in detail the specific operational and tactical capabilities of the hypothetical adversary force more generally described in the design basis threat rule. Those details, which are generically applicable to a number of licensees, could be used to identify licensee security measures, and if disclosed, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of material or a facility. Comment: One commenter suggested that Sec. 73.22(a)(1)(ii) be amended to clarify the term ``substantially represent the final design features.'' The commenter suggests, for example, that the language ``substantially represent the final design features such that an engineer or security professional could detect vulnerabilities'' would provide the necessary clarity. Response: The Commission does not believe the language the commenter proposes would clarify this provision because the inclusion of the phrase ``such that an engineer or security professional could detect vulnerabilities'' adds an unnecessary level of complexity. Determining ``which site specific drawings, diagrams, sketches, or maps substantially represent final design features of the physical security system,'' as stated in the revised proposed rule text, is less subjective. In addition, SGI need not contain information limited to vulnerabilities. Comment: A commenter recommended that Sec. 73.22(a)(1)(ii) be modified to exclude from the SGI designation site specific drawings, diagrams, sketches, or maps that substantially represent the final design features of the physical security system which are accessible to members of the public. According to the commenter, information relating to security features such as fences, barriers, guard posts, and certain security cameras are in plain view and therefore not appropriate for designation as SGI. The commenter also proposed a similar change to Sec. 73.22(1)(a)(iii) that would apply to alarm system layouts showing the location of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power sources, and duress alarms which are accessible to the public. Response: In response to these comments, the paragraphs cited above are being changed to add the phrase ``not clearly discernible by members of the public'' at the end of each paragraph. Comment: Two commenters felt that the meaning of ``emergency power sources'' in Sec. Sec. 73.22(a)(1)(iii) and 73.23(a)(1)(ii) is not sufficiently clear as to whether it included emergency power sources for alarm systems only or any and all emergency power systems. One commenter proposed changing the language to read: ``As installed details of alarm system layouts, location, and electrical design, that if disclosed, could facilitate gaining unauthorized access to special nuclear material, nuclear facilities, or Safeguards Information''. Response: The Commission has modified the revised proposed rule text in response to this comment by inserting the additional words ``for security equipment'' after the term ``emergency power sources''. Comment: Two commenters noted, with respect to Sec. 73.22(a)(1)(iv), that not all written physical security orders and procedures need to be SGI, as some security procedures are general or administrative and do not require SGI protection. Moreover, the commenters stated, designation of all security procedures as SGI would delay training new employees in the security force. Therefore, the commenters proposed that Sec. 73.22(a)(1)(iv) be modified to allow flexibility in the control of security procedures. Another commenter proposed amending [[Page 64016]] Sec. 73.22(a)(1)(iv) to read ``[w]ritten physical security protective strategy orders and procedures for members of the security organization, duress codes, and patrol routes''. Response: In response to these comments, the phrase ``Written physical security orders and procedures for members of the security organization, duress codes, and patrol schedules'' is modified in the revised proposed rule to read ``Physical security orders and procedures issued by the licensee for members of the security organization detailing duress codes, patrol routes and schedules, or responses to security contingency events''. Comment: A commenter suggested that it is unnecessary to classify documents as SGI or SGI-M unless the information is specific to the facility and its protective strategy. Therefore, the commenter proposed changing Sec. 73.22(a)(1)(v) to read ``[s]ite-specific design features or evaluations of site-specific plant radio and telephone communications systems revealing vulnerabilities or limitations in operating capability'' in order to narrow the scope of documents to those that contain sufficient detail on the licensee's actual strategies or procedures that, if disclosed, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of material or a facility. Response: In response to this comment, the language of Sec. 73.22(a)(1)(v) has been changed in the revised proposed rule to read ``Site specific design features of plant security'' at the beginning of the section. These modifications to the text are not meant to address the broader concern already addressed in response to comments on Sec. 73.22(a)(1) and Sec. 73.23(a)(1). In addition, and as previously stated, the incorporation of such language in this section of the rule does not exclude certain generic information applicable to a number of licensees. Such information could be used, for example, to identify a specific licensee's security measures. Comment: One comment stated that Sec. Sec. 73.22(a)(1)(vii), 73.22(a)(1)(viii), and 73.22(a)(1)(ix) reference the safeguards contingency plan and training and qualification plan. The commenter then pointed out that these are now part of the composite security plan that was submitted as a result of the April 29, 2003 Order. Response: Before the April 2003 Order, power reactor licensees were required to have the following three separate plans: ``physical security plan'', ``safeguards contingency plan'', and ``guard training and qualification plan''. In response to that order, power reactor licensees chose to consolidate these three separate plans into a single ``security plan''. The original proposed rule text has been revised in response to the comment to make clear that the composite physical security plan is considered SGI under Sec. 73.22(a)(1)(i). Comment: One commenter suggests modifying Sec. 73.22(a)(1)(ix) to read ``[a]ll portions of the composite facility guard qualification and training program that addresses the licensee's protective strategy'', which would delete the language ``plan disclosing features of the physical security system or response procedures'' from the end of that paragraph. The commenter further suggests that, given that most training and qualification plans do not include detailed information, these plans be ``decontrolled'' by the NRC. Response: In response to this comment, the beginning of Sec. 73.22(a)(1)(ix) has been changed in the revised proposed rule to delete the phrase ``all portions of [the composite facility guard qualification and training plan]''. The Commission acknowledges that there may be some non-SGI in various licensee security plans and accordingly is deleting the phrase ``all portions''. It is not entirely clear what this commenter means in seeking to have this category of information ``decontrolled''. To the extent the commenter wants training and qualification plans to no longer be considered SGI, the Commission is not taking that action. Contrary to what is asserted in support of this request, this category of information includes details warranting protection against unauthorized disclosure. Comment: One commenter proposes changing the word ``identity'' in Sec. 73.22(a)(1)(x) to ``agency'' or ``organization'' to eliminate any potential confusion that ``identity'' could refer to identification of specific individuals. In addition, the commenter proposes replacing ``safeguards or security emergencies'' with ``security contingency events'' and making clear that ``armament'' refers specifically to the armament of response forces. To have ``armament'' apply to licensees would seem to require licensees to protect as SGI each purchase order for weapons. The commenter further proposes eliminating ``information concerning'' language and using the current part 73 language, and therefore having the subsection read ``[r]esponse plans to specific threats detailing size, disposition, response times, and armament of responding forces.'' Response: The Commission is changing the language of this provision in the revised proposed rule by deleting the phrase ``safeguards or security emergencies'' and inserting the phrase ``security contingency events.'' As so worded, the section emphasizes that the requirement is security-related and also maintains consistency with other regulatory provisions. Also, the word ``identity'' is being deleted from the phrase to avoid the implication that this provision refers to the identification of specific individuals. Finally, the phrase ``of response forces'' is added after the word ``armament'' in the revised proposed rule. The Commission is retaining the language in this paragraph connoting that there could be features of response forces related to or derived from those specified in the rule text which also warrant protection as SGI. The Commission also declines to adopt the commenter's proposed language that would replace the term ``response forces'' with ``response plans'' because security-related plans are addressed elsewhere in Sec. Sec. 73.22(a)(1). Comment: One commenter suggested modifying Sec. 73.22(a)(1)(xi) to delete the language ``including the tactics and capabilities required to defend against that threat'' because this is covered elsewhere in the regulations. In addition, the commenter suggested deleting ``or other information'' as it leaves too much room for interpretation. Another commenter suggested deleting references to the design basis threat in this subsection and elsewhere, or creating more prescribed provisions for exactly what is to be covered with respect to design basis threat information, as such information is important to public participation and knowledge. Response: The phrase ``or other information'' is deleted and the section is reworded to clarify which information related to the design basis threat would be considered SGI. Specifically, the Adversary Characteristics Document and other design basis threat implementing guidance, which describe in detail the specific operational and tactical capabilities of the hypothetical adversary force more generally described in the design basis threat rule, are considered SGI. The phrase ``including the tactics and capabilities required to defend against the threat'' is deleted from the revised proposed rule because it is not necessary. Those tactics and capabilities are described in licensee security plans which are considered to be SGI. [[Page 64017]] Comment: Several commenters expressed the concern that language in Sec. 73.22(a)(1)(xii) would include engineering and safety analyses and emergency planning procedures or scenarios within SGI protection, and this would suppress information of significant concern to the public. Commenters also suggested that the criterion found in Sec. 73.22(a)(1)(xii) was not sufficiently precise so as to alert a licensee as to the type of information to be protected, that the proposed language ``exposes such a licensee to second-guessing or enforcement action.'' One commenter representing a public interest watchdog group stated that the public has a ``right to know what risks they face from nearby nuclear facilities'' and that ``public participation has proven an effective tool for improving facility performance and safety.'' The commenter expressed concern that if the public does not know what is going on at a facility, it cannot effectively engage the facility and advocate for safety improvements and that if the public was not aware of emergency planning procedures, it would be at risk from an accident or a possible attack against a facility. In addition, the commenter proposes that the NRC should retain the current rule language that allows only ``portions of'' documents to be protected as SGI, in order to maximize the amount of information that the public receives without divulging any protected information. Another commenter similarly stated that ``it is crucially important that the public has access to information regarding protective measures taken by operators to defend their facilities so that they may be held accountable'' and that the ``broad category of information that is included in these sections, including, especially, safety analyses, emergency planning procedures, and any other information related to the security of a nuclear facility, sharply hinders the public's ability to judge the competency of nuclear operators and the adequacy of their programs to protect their facilities and materials.'' Another commenter expressed concerns that Sec. 73.22(a)(1)(xii) could be used to ``suppress faulty assumptions as the basis for engineering and safety analyses, which is a significant concern to public safety policy analysts and intervenors.'' Other commenters also provided comments with regard to Sec. Sec. 73.22(a)(1)(xii) and 73.22(a)(2)(viii). One commenter proposed that it should be clear that ``engineering and safety analyses'' mean only such analyses pertinent to physical security and not plant safety, as that information is already public. Industry commenters expressed concern that control of emergency planning procedures as SGI would make coordination with local and state agencies difficult, as well as affected non-governmental entities, and could jeopardize effective and safe operation of a plant. More specifically, one commenter notes broad interpretation of these requirements would require state and local governmental entities who are not in law enforcement but are involved in emergency planning to be verified as ``trustworthy and reliable'' by the licensee in order for the licensee to comply with 10 CFR part 50, Appendix E IV.B. One commenter recommends revising the wording at the end of Sec. 73.22(a)(1)(xii), proposed as ``by significantly increasing the likelihood of theft, diversion, or sabotage of material or a facility,'' to ``significantly increasing the likelihood of radiological sabotage or theft or diversion of source, byproduct, or special nuclear material,'' in order to correspond to the wording used in the definition of SGI. Response: In response to these comments, the phrase ``related to'' at the beginning of Sec. 73.22(a)(1)(xii) is being changed in the revised proposed rule to ``revealing site specific details of''. The phrase ``unauthorized disclosure of such information'' is changed to ``unauthorized disclosure of such analyses, procedures, scenarios, and information''. These revisions clarify that the analyses, procedures, scenarios, and other information described in this section are considered to be SGI only if they reveal ``site specific details'' about the physical protection of the facility or source material, byproduct material, or SNM. To clarify the fact that ``emergency planning procedures or scenarios'' should remain publicly available, to the extent possible, that phrase is being changed here and elsewhere in the rule text, to ``security-related procedures or scenarios''. However, security-related information, wherever it occurs, including security information that is found within a specific emergency preparedness procedure, could potentially need to be protected as SGI. Also, in order to provide greater specificity in the revised proposed rule text, the phrase ``material or facility'' at the end of the revised proposed rule text is changed to ``source, byproduct, or special nuclear material''. Certain sections of the current rule language, as well as sections of the revised proposed rule text, refer to ``portions of'' documents to be protected as SGI. For example, current Sec. 73.21(b)(3)(i) designates, in pertinent part, ``[p]ortions of safeguards inspection reports'' to be SGI. Similarly, in the revised proposed rule text, Sec. 73.22(a)(3)(i) refers to ``portions of'' inspection reports as constituting SGI. Therefore, it is not correct that the current rule only allows protection of portions of documents or information as SGI. Because the Commission is revising the original proposed rule to more closely track the language of Section 147 of the AEA, the Commission is declining to make the suggested change to the end of Sec. 73.22(a)(1)(xii) by substituting ``radiological sabotage'' for the statutory language of ``sabotage.'' The relevant portions of Section 147 refer simply to ``sabotage'' and the Commission is using that term in the revised proposed rule. The Commission's intent in revising the requirements in part 73 for protection of SGI is not to deprive the public of information or to suppress faulty assumptions in engineering analyses and safety analyses, as some commenters assert. One of the main purposes of these proposed amendments is to provide in 10 CFR part 73 the breadth of information that Section 147 of the AEA requires the Commission to protect. The Commission determined that unauthorized release of this information could result in harm to the public health and safety or the common defense and security. Comment: One commenter noted that, ``as proposed, Sec. 73.22(a)(1)(xiii) requires `Information required by the Commission pursuant to 10 CFR 73.55(c)(8) and (9)' to be protected as SGI without explicitly identifying what must be protected as SGI''. The commenter suggested that there is no apparent reason to protect this information as SGI and the requirement should therefore be deleted. Response: The Commission is deleting this paragraph because the information described in this paragraph would be protected in Sec. 73.22(a)(1)(xi). Section 73.22(a)(2) Physical Protection in Transit Comment: One commenter stated that Sec. Sec. 73.22(a)(2) and 73.23(a)(2) would cover transportation related information that is under the DOT's regulations in 49 CFR part 15, ``Protection of Sensitive Security Information (SSI)''. If implemented in its current form, the commenter continues, these regulations will require licensees to handle, at a minimum, transportation security plan risk assessments as both SSI and SGI or SGI-M, duplicative requirements that [[Page 64018]] add no discernible benefit. Furthermore, the commenter states, classification of certain transportation related information as SGI will be unworkable. Therefore, the commenter proposes, all of the regulatory agencies should reach consensus on what information should be protected, reduce the number of classifications, and develop a single cohesive nationwide set of information security protection standards that includes a clear definition of each classification. If the NRC does impose duplicative requirements for protection of transportation security-related information in addition to DOT's regulations, the commenter further suggests, the NRC should replace ``transportation physical security plan'' with ``transportation security plan'' to be consistent with DOT regulations, or provide a definition of ``transportation physical security plan.'' Response: The NRC recognizes that transportation of radioactive material may be subject to the requirements of both the DOT and the NRC with respect to protective markings, SSI, SGI, and SGI-M. However, requirements for the protection SSI are not as strict as NRC SGI or SGI-M protection requirements. The NRC believes that the information described in Sec. 73.22(a)(2)(i) requires the higher protection afforded by the designation SGI. Similarly, the information set forth in Sec. 73.23(a)(2)(i) must be protected as SGI-M. Finally, as noted previously, the Commission has replaced the phrase ``transportation physical security plan'' with ``composite physical security plan for transportation'' to distinguish NRC-required plans from others. Comment: One commenter contended that the new language of Sec. 73.22(a)(2)(ii), ``Routes and quantities for shipments of spent fuel are not withheld from public disclosure,'' no longer assures public access to route and quantity information for shipments of byproduct or source material or nuclear waste. The commenter expresses concern that the NRC does not have the authority to limit access to this information, for which Congress has specifically protected public disclosure in the AEA. The commenter therefore proposes that the NRC ensure that the language in the final rule does not undermine the AEA by narrowing disclosure requirements. Response: The revised proposed rule would not designate shipping routes and quantities as SGI or SGI-M. However, the rule would designate schedules and itineraries as SGI and SGI-M. Schedules and itineraries combine route and quantity information with specific information about the timing and security of a shipment to create information that, if disclosed, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of nuclear material. Section 147a.(3) of the AEA provides in part that ``[n]othing in this Act shall authorize the Commission to prohibit the public disclosure of information pertaining to routes and quantities of shipments of source material, by-product material, high level nuclear waste, or irradiated nuclear reactor fuel.'' The revised proposed rule text has been revised to be more consistent with the language of Section 147a.(3) of the AEA. Comment: One commenter proposed removing Sec. 73.22(a)(2)(vii) on the grounds that it is extremely vague and would allow the NRC to protect from public disclosure any ``information concerning the tactics and capabilities required to defend against attempted radiological sabotage, or theft and diversion of formula quantities of special nuclear material, or related information.'' The commenter expressed concern over the NRC's use of ``vague terms'' such as ``any information concerning'' and ``related information'' and suggested that this provision could be used to conceal information about a town's capabilities to respond to an attack on a rail car passing through it. Response: The language ``related information'' portion of this section has been deleted from the text of the revised proposed rule because it is redundant of the language at the beginning of this section (``information concerning''). The text of the rule does not include the phrase ``any information concerning'' as stated in the comment. Comment: Commenters expressed concerns that Sec. 73.22(a)(2)(viii) would exempt safety analyses, emergency planning procedures, or other information about the protection of transported materials from public disclosure as SGI. Accordingly, commenters recommended revising or removing Sec. 73.22(a)(2)(viii) in order to ensure that the public has access to emergency procedures and safety analyses information they need to protect their community. A commenter proposed removing the proposed Sec. Sec. 73.22(a)(2)(viii) and 73.23(a)(2)(iv) and (v) on the grounds that these proposed changes would prevent communities from learning what steps are being taken to protect them and from participating in the process of keeping the community safe. The commenter expressed concerns that these provisions are overly vague in what information may be protected from public disclosure and could result in too much information being concealed from the public. Response: The Commission recognizes that the public needs information about safety and emergency planning and will continue to make much of that information publicly available. Therefore, the phrase ``emergency planning procedures or scenarios'' is being changed to ``security-related procedures or scenarios''. But a limited amount of safety and emergency planning-related information, if publicly disclosed, could be used to identify security measures for the protection of nuclear facilities and materials, thereby significantly increasing the likelihood of sabotage or theft and diversion. For example, emergency planning information that specifies response times for local law enforcement, or identifies the size, tactics, and capabilities of first responders to a radiological event could be very useful to a potential adversary in planning an attack. Accordingly, that information could conceivably need to be protected as SGI. The Commission's intent is not to prevent public knowledge of vital safety and emergency information. Hence, the revised proposed rule has been changed in response to comments that it was too broadly worded as originally proposed. The protection required for engineering and safety analyses and security-related procedures or scenarios under Sec. 73.23(a)(1)(x) would be appropriately limited to information that could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source material, byproduct material, or SNM. Section 73.22(a)(3) Inspections, Audits, and Evaluations Comment: A commenter objected to what it saw as the broadening of Sec. 73.22(a)(3) and stated that the proposed change lacks specificity and could potentially conceal public health, safety, security, and environmental concerns from public disclosure. The commenter expressed concern that the provision could be interpreted to include and suppress information that rightfully should be brought to the attention of the public and policy makers. Response: The Commission has eliminated references to specific licensees from the revised proposed rule. This clarifies the scope of the rule [[Page 64019]] and simplifies the text. The commenter provides no basis for the assertion that the Commission would use revised Sec. 73.22(a)(3) to conceal information from public disclosure. The regulations provide access to individuals who have a ``need to know'' the information and who are trustworthy and reliable. Protecting SGI and SGI-M from unauthorized disclosure does not equate to concealing or suppressing information that should be in the public domain. Comment: Another commenter suggested that the NRC restore the provision in proposed Sec. 73.22(a)(3)(i) to allow the release of information developed in inspections, audits, and evaluations concerning weaknesses and problems that have been corrected. This paragraph retains the provision in current Sec. 73.21(b)(3)(i) which designates as SGI portions of safeguards inspection reports, evaluations, audits, or investigations that contain details of a licensee's or applicant's physical security system or that disclose uncorrected defects, weaknesses, or vulnerabilities in a licensee's or applicant's physical security system. This provision implies that corrected defects, weaknesses, or vulnerabilities will be released. Response: In response to this comment, the proposed rule is revised in part, to carry over the portion of Sec. 73.21 that provides for the release of information regarding defects, weaknesses, or vulnerabilities after corrections have been made. However, as stated in the revised text, the disclosure of such information is not automatic, and is subject to an assessment taking into account such factors as the results of trend analyses and the impacts of disclosures on other licensees having similar physical security systems. The partial revision of the proposed rule text is consistent with the policy to increase the amount of public information released pursuant to the Security Oversight Process. Section 73.22(a)(5) Comment: Two commenters suggested that Sec. 73.22(a)(5) lacked specificity. One commenter expressed concerns that Sec. 73.22(a)(5) was not specific enough to ``allay growing public concerns that the agency could arbitrarily and capriciously further conceal or subordinate significant public health, safety, and security issues to economically shield and benefit the nuclear industry.'' Another commenter suggested that the language of Sec. 73.22(a)(5) was an ``incredible expansion of government secrecy that could allow instances of extreme operational incompetence to go unnoticed by the public.'' That commenter suggested deleting the ``other information'' language to narrow and clarify the rule. Another commenter proposed making Sec. 73.22(a)(5) reflect the preamble of Sec. 73.22 by stating that orders will only be used to classify information in an emergency when rulemaking is not available. Response: Section 147 of the AEA explicitly authorizes the Commission to proceed by order or regulation to prohibit the unauthorized disclosure of SGI. Nothing in the AEA limits the use of the Commission's ordering authority to emergency situations. Such a restriction could hinder security and safety in the event the Commission needs to act quickly to protect SGI not already identified in the regulations. The Commission declines to adopt such a limitation. However, the Commission has changed the revised proposed rule language to clarify that any information that would be categorized as SGI under Sec. 73.22(a)(5) would have to be within the scope of Section 147 of the AEA, and would be imposed by a new order or rulemaking. Section 73.22(b) Conditions for Access Comment: One commenter remarked that, in the context of Sec. 73.22(b), there is no benefit from imposing different access authorization requirements for nuclear power reactors as compared to other licensees. Response: In the original proposed rule, access requirements varied depending on whether an individual is to be granted access by a nuclear power reactor licensee or applicant, as set forth in Sec. 73.22(b)(1)(i)(A) or by other licensees or applicants covered by Sec. 73.22, pursuant to Sec. 73.22(b)(1)(i)(B). Such variation was based on Section 149 of the AEA, which required each licensee or applicant for a license to operate a nuclear power reactor to fingerprint each individual permitted access to SGI. The EPAct, however, amended Section 149 to authorize fingerprinting all individuals engaged in an activity subject to regulation by the Commission, licensees, all applicants for a license to engage in Commission-regulated activities, and all individuals who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission. Fingerprints would be submitted to the U.S. Department of Justice for a criminal history check, which would be assessed as part of the background check that provides the basis for a trustworthiness and reliability determination. Section 73.22(b)(1) Comment: Several comments stated that Sec. Sec. 73.22(b)(1)(i)(B) and 73.23(b)(1)(i) in the original proposed rule were unclear as to what is meant by ``comprehensive background check or other means as approved by the Commission.'' One commenter noted that requiring a background investigation has proven to be challenging for transportation companies, because the time required for background investigations has often prevented transportation companies from bidding on some jobs. That commenter suggested that the NRC specify the ``other means'' that would be acceptable for entities implementing an SGI-M program. Another commenter expressed concern that if the ``comprehensive background check'' was similar to the ``Q'' or ``L'' access authorization investigations or checks of 10 CFR part 25, it would impose an intolerable burden because of the time and resources necessary for the completion of such a check, particularly for those entities developing new SGI or SGI-M programs. Response: As previously discussed, a definition of ``background check'' is now included Sec. 73.2. NRC staff plans to issue further guidance that will include a discussion of acceptable background checks that would satisfy the rule requirements by ``other means'' and support a licensee's trustworthiness and reliability determinations. The requirements for access to SGI are different from the provisions for access to classified information (part 25) or for access under part 95 to Classified National Security Information and/or, Restricted Data, and/or Formerly Restricted Data. Comment: A commenter expressed the concern that Sec. 73.22(b)(1)(ii)-(vi) in the original proposed rule in combination with Sec. 73.22(b)(2) appears to require licensees to perform a Federal Bureau of Investigation (FBI) criminal history check for NRC personnel. If this is not the case, the commenter proposed that (b)(2) of both sections should be modified to state: ``The individuals described in paragraph (b)(1)(i) through (vi).'' Response: The Commission does not interpret the cited provisions of the original proposed rule set forth by the commenter as requiring licensees to perform FBI criminal history checks for NRC personnel. Section 73.22(b)(3) would exempt governmental individuals from the requirement for a [[Page 64020]] determination of trustworthiness and reliability, including NRC employees. Comment: One commenter stated that Sec. 73.22(b)(1)(vii) would require a licensee to demonstrate trustworthiness and reliability for an individual to whom disclosure is ordered pursuant to 10 CFR 2.709(f). The commenter noted that a licensee should not bear the responsibility for making this finding for an intervenor. The commenter also noted that the rule was not clear as to when a presiding officer would have the responsibility to make this determination--when an intervenor wants access to SGI or only if an intervenor appeals a party's determination. For these reasons, the commenter suggested rethinking the application of these criteria to adjudicatory hearing matters and resolving such issues in a separate rulemaking or by issuing Commission orders in each case where controlling the dissemination and use of SGI might be an issue. Response: The rule is not intended to require licensees to determine whether intervenors in an adjudicatory proceeding are trustworthy and reliable to receive SGI or SGI-M. Presiding officers have the authority to make determinations about information disclosures if a dispute over access to SGI or SGI-M documents arises. Section 73.22(b)(4) and 73.23(b)(4) have been added to the revised rule to make this clear. Sections 2.709(f) and 2.1010(b)(6) have been revised and new Sec. Sec. 2.336(f) and 2.705(c)(2) have been added to the revised proposed rule to specify procedures to be followed in the event of such a dispute. Under the procedures set forth in these provisions, when a party or participant in an adjudicatory proceeding seeks production of SGI from another party or participant that refuses to produce it, the presiding officer has the authority to decide the dispute. The presiding officer will make the first determination necessary for access to SGI, which is whether the individual seeking access has the requisite ``need to know'', as defined in 10 CFR 73.2. If so, the presiding officer may order production of the SGI after the second determination is made, namely whether the individual to be authorized access to SGI has been found to be trustworthy and reliable by the NRC Office of Administration, based on a background check (including a criminal history records check and fingerprinting). Procedurally, the presiding officer may issue an order that designates the information as necessary and relevant and that requires the party or participant seeking access to SGI or SGI-M to designate those individuals who would receive it. The order would also require the NRC Office of Administration to determine the trustworthiness and reliability of those individuals designated to receive SGI in accordance with the provisions of Sec. Sec. 73.22(b) or 73.23(b), as appropriate. If the NRC Office of Administration concludes that the designated individuals are trustworthy and reliable to receive SGI, the presiding officer would issue a second order requiring production of the SGI or SGI-M under the provisions of a protective order. Presiding officers have the authority to hear appeals on the NRC Office of Administration's trustworthiness and reliability determination. If parties or participants in an adjudicatory proceeding agree that an intervenor has a ``need to know'' and are willing to share the SGI or SGI-M without seeking a determination on ``need to know'' from the presiding officer, then the parties or participants may do so, provided that a protective order has been issued by the presiding officer and a trustworthiness and reliability determination has been made by the NRC Office of Administration. If the SGI sought by the intervenor is held solely by the licensee or applicant, and not the NRC, the licensee or applicant may provide the SGI to the intervenor under the terms of the protective order. If the SGI is held by both the licensee or applicant and the NRC (``dual holders''), the NRC will provide the SGI to the intervenor, under the terms of the protective order. Section 73.22(c)(1) Protection While in Use or Storage Comment: Commenters proposed that Sec. 73.22(c)(1) be amended to authorize SGI to be stored in the Reactor Control Room not in a locked security storage container. The basis for this request is that control rooms are continuously manned and this change would allow rapid access, if necessary, to pertinent SGI material (e.g., controlled operating procedures). Response: In response to these comments, Sec. Sec. 73.22(c)(1) and 73.23(c)(1) are being changed to delete the phrase ``Safeguards Information within alarm stations, manned guard posts or ready rooms need not be locked in a locked security storage container.'' A new phrase is being added to state ``Safeguards Information within alarm stations, or rooms continuously occupied by individuals need not be stored in a locked security storage container.'' Section 73.22(c)(2) Comment: One commenter proposed that Sec. 73.22(c)(2) be modified to allow licensees to mark containers as containing SGI, because this practice ensures that the importance of those containers is clearly understood and because those containers are typically located in areas with no public access. Response: The Commission is declining to adopt the change proposed by the commenter because marking locked security storage containers to indicate they contain SGI may assist in identifying the location of SGI. The fact that such containers may typically be located in areas without public access is irrelevant because not all individuals in such areas are authorized for access to SGI. An unauthorized individual seeking access to SGI might be aided by such markings, regardless of whether the SGI is stored in areas without public access. Section 73.22(d)(1) Comment: One commenter proposed that the term ``first page'' in Sec. 73.22(d)(1) be changed to ``first page or cover sheet'' to allow licensees to continue with current practice which meets the intent of the revised proposed rule. Response: The Commission is not modifying Sec. 73.22(d)(1) as the commenter suggests because the information specified in Sec. 73.22(d)(1)(i) through (iii) should be noted on the first page of the document itself rather than in a separate document, such as a cover sheet. The Commission does not expect that licensees or applicants must go back and mark documents for which a cover sheet was used for the required information instead of the first page of the document, as set forth in Sec. 73.22(d)(1). Comment: One commenter suggested that the requirement in Sec. 73.22(d)(1)(i), and a similar provision in Sec. 73.23(d)(1)(i), regarding ``the individual authorized to make a * * * [SGI] determination, and who has determined that the document contains'' SGI is not clear, for example, as to whether training is required or whether a SGI or SGI-M determination requires one or two individuals. Response: The commenter is correct that the rule does not prescribe specific qualifications for persons who will determine whether or not particular information is SGI or SGI-M. Licensees have an incentive to select and train competent persons to make these determinations, because a finding that a document contains SGI or SGI-M will add to the licensee's document-handling [[Page 64021]] burdens. At the same time, the Commission recognizes that when there is any doubt about whether information is or is not SGI or SGI-M, there is an incentive to mark it as SGI. This ``err on the safe side'' tendency could lead to unnecessary burdens and over-use of the SGI or SGI-M designations. The Commission will consider making appropriate additions or changes to resolve this problem if it should arise. Such changes might include specifying qualifications for persons who make SGI or SGI-M determinations if experience shows this to be necessary. The number of individuals necessary to make these designations may vary from one licensee to another. The Commission expects that the individual(s) who are ``authorized to make a Safeguards Information determination'' are the same as the individual(s) who ``determined that the document contains Safeguards Information.'' In other words, the individual or individuals making the determination must be authorized to do so. Comment: A commenter suggested that the requirement to designate the individual making the SGI determination is ``redundant and unnecessary'' for pleadings. The commenter stated that the determination can be attributed to the individual signing the pleading. Response: The Commission disagrees with this comment, as oftentimes the person making an SGI determination will not be the signatory of a pleading. Section 73.22(d)(1) ensures that the identity of the person making the SGI determination--be it the individual signing the pleading or some other individual--is clear. If the signatory also makes the SGI determination, the document should be marked in accordance with Sec. 73.22(d)(1). The Commission does not view this as redundant or unnecessary and declines to adopt the commenter's suggestion. Section 73.22(d)(3) Comment: A commenter questioned whether pleadings filed in an adjudicatory proceeding would be considered correspondence to the NRC requiring portion marking pursuant to Sec. 73.22(d)(3). The commenter stated that SGI in a pleading is ``usually integral to the entire pleading such that removal of such information would render the remainder [of the pleading] of marginal or no use, if released.'' The commenter indicated that substantial effort would be required to portion-mark pleadings containing SGI. Additionally, the commenter concluded that intervenors have a general reluctance to designate a particular piece of information as non-SGI because they ``will be second-guessed by the licensee or NRC staff.'' For these reasons, the commenter stated that there appeared to be little utility added by this requirement. Response: Pleadings filed in an adjudicatory proceeding before the NRC are considered correspondence and therefore would require portion marking in accordance with Sec. 73.22(d)(3). Attachments and exhibits to pleadings, however, are not considered to be correspondence and, therefore, do not require portion marking. For example, a pleading may attach portions of a security plan as an exhibit. The attached plan would not be required to be portion marked, but instead can be treated in its entirety as SGI. The NRC uses portion marking to ensure that the pleading is made public without the portion-marked SGI. Although the Commission acknowledges that additional effort will be required by participants in adjudicatory proceedings to portion mark pleadings, the Commission does not believe that the burden is undue, especially when compared with the potentially adverse consequences of a malevolent adversary obtaining SGI. Finally, the Commission disagrees with the commenter's conclusions about intervenors' reluctance to designate information as non-SGI. The Commission declines to change Sec. 73.22(d) in response to these comments. Comment: Several comments were received to the effect that the portion marking requirements of Sec. Sec. 73.22(d)(3) and 73.23(d)(3) for ``Engineering and safety analyses, emergency planning procedures or scenarios'' would be burdensome and that the portion marking of documents sent to the NRC would impose an unnecessary burden on licensees and should therefore not be required. One commenter noted that the portion marking requirements would be unnecessary because licensees control entire documents as SGI and that the administrative benefit to the NRC would not be worth the substantial burden on licensees. Response: This comment refers to burden on licensees to portion mark ``Engineering and safety analyses emergency planning procedures or scenarios'' when such information is included in correspondence to or from the NRC. For the reason previously stated, the designation of ``Engineering and safety analyses emergency planning procedures or scenarios'' as SGI has been changed throughout the rule text to ``security-related procedures or scenarios.'' Because many commenters otherwise requested clarification of this category of information, these sections also have been revised to clarify that the analyses, procedures, scenarios, and other information described in this section would be considered SGI only if they reveal ``site-specific details'' about the physical protection of the facility or source, byproduct, or SNM. Licensees and applicants would only be required to portion mark analyses, procedures, or scenarios that contain SGI when included in transmittal documents for correspondence with the NRC. Comment: Another commenter proposed modifying Sec. 73.22(d)(3) to provide flexibility on portion marking of correspondence to and from the NRC as follows: ``Portion marking of documents or other information is allowed for correspondence to and from the NRC,'' which would replace ``required'' with ``allowed.'' The commenter suggested that this would allow licensees to designate entire documents as SGI without having to mark each paragraph if appropriate. Another commenter suggested that a document containing SGI should be marked as SGI in its entirety, and that when it is appropriate to produce documents that contain both SGI and non-SGI, attempts should then be made to segregate the SGI into separate sections. The commenter noted that in such cases, it would be reasonable to require portion marking but not in all cases. Therefore, the commenter proposed, the rule must reflect that portion marking is only to be required for documents transmitted to or from the NRC in which significant portions of the document are clearly non-SGI. Response: In response to comments, Sec. 73.22(d)(3) is being modified to replace the phrase ``Portion marking of documents or other information is required for correspondence to and from the NRC'' with the phrase ``Portion marking is required only for correspondence to and from the NRC (i.e., cover letters, but not attachments) that contains Safeguards Information.'' The NRC declines, however, to amend the revised proposed rule so that portion marking of correspondence to and from the NRC would be optional. Portion marking of such correspondence allows the NRC to release non-SGI to the public. Sections 73.22(d)(4) and 73.23(d)(3) Comment: Four commenters suggested that Sec. Sec. 73.22(d)(4) and 73.23(d)(3) should not require the marking of documents and other matter containing SGI in the hands of contractors and agents of licensees that were produced within one year prior to the effective date of this rule. One commenter suggested that to the extent [[Page 64022]] that these new requirements are different from the existing ones, the differences are minor and that, therefore, the regulation should not require the conduct of an extensive review of documents produced within the last year prior to the promulgation of a final rule. Another commenter similarly proposed that marking requirements should only be applied to documents generated after the effective date of a final rule and should not be applied retroactively to previously generated documents. One commenter suggested that Sec. 73.22(d)(4) implies that if the document is taken out of storage, even if more than a year old, it must be marked. Response: The requirement that documents and other matter containing SGI in the hands of contractors and agents of licensees be marked if they were produced within one year prior to the effective date of the rule has been removed from the rule in response to comments. Therefore, the marking requirements set forth in this rule would apply only to documents generated after the effective date of a final rule. Section 73.22(d)(5) Comment: Two commenters proposed that Sec. 73.22(d)(5) should be eliminated, as it is redundant to, but inconsistent with, Sec. 73.22(d)(1), which requires material to be marked ``Safeguards Information'' at the top and bottom of each page. One commenter noted that the ``Safeguards Information'' designation required in Sec. 73.22(d)(5) may not alert someone who is not familiar with that initialism to the fact that it is SGI and, therefore, that inconsistency between Sec. Sec. 73.22(d)(5) and 73.22(d)(1) should be eliminated. Response: The revised proposed rule has been changed to eliminate the redundancies and inconsistencies identified by the commenter. Section 73.22(d)(5) in the original proposed rule has been renumbered as Sec. 73.22(d)(4) in the revised proposed rule. Section 73.22(e) Reproduction of Matter Containing Safeguards Information Comment: One commenter suggested that the new requirement prohibiting digital copiers connected to a network, found at Sec. Sec. 73.22(e) for SGI and 73.23(e) for SGI-M, is difficult in today's electronic office environment. Another commenter proposed that Sec. 73.22(e) should not prohibit the use of a copier, printer, or scanner connected to the closed network in the ``stand alone'' computer system allowed in Sec. 73.22(g). Response: The revised proposed rule has been modified to be less prescriptive and more performance-based. Under the revised proposed rule, any equipment may be used to reproduce SGI, provided unauthorized individuals cannot gain access to SGI by accessing, using, or manipulating the equipment (for example, by gaining access to retained memory or using network connectivity to access SGI). Sections 73.22(f) and 73.23(f) External Transmission of Documents and Material Comment: One comment noted that the double packaging requirement for external transmittal of SGI, found in Sec. Sec. 73.22(f) and 73.23(f), although not onerous, is akin to the protection afforded to classified matter. Another commenter proposed that Sec. 73.22(f)(2) be rewritten to state that SGI may be transported by any commercial delivery or courier company that provides service with tracking features, rather than any commercial delivery company that provides ``nationwide overnight service with computer tracking features'' as the original proposed rule reads. The commenter suggests that this would allow licensees to continue to use current trusted local delivery services. Response: The double packaging requirements of the original proposed rule are necessary to prevent unauthorized individuals from readily identifying that the package contains SGI while in transit, and to prevent recipients from inadvertently disclosing SGI to unauthorized individuals upon receipt. The double packaging requirements have not been changed in the revised proposed rule. However, the Commission agrees that local delivery services, so long as the carriers have computer tracking capabilities, may be permitted to transport SGI. Computer tracking capabilities are necessary to aid in quickly determining the location of the information so that the risk of unauthorized disclosure may be minimized. Sections 73.22(f)(2) and 73.23(f)(2) have been changed to reflect that nationwide, overnight service would not be a requirement for a commercial delivery company to transport SGI. Section 73.22(g) Processing of Safeguards Information on Electronic Systems Comment: One commenter proposed that Sec. 73.22(g) contain a provision permitting transfer of encrypted SGI over a computer network, similar to the proposed Sec. 73.23(g)(2). In addition, a comment received noted that the DOE has an SGI protection plan that was approved by the NRC to satisfy current Sec. 73.21(h) and has a need to retain capabilities for handling SGI as approved, due to a distanced- managed site. This commenter therefore proposes adding a provision to Sec. 73.22(g) to allow the use of other protective measures approved by the NRC pursuant to old Sec. 73.21(h) or new Sec. 73.22(g). Response: Section 73.22(f)(3) permits electronic transmission of SGI by protected telecommunications circuits (including facsimile) or encryption (Federal Information Processing Standard [FIPS] 140-2 or later). Section 73.21(b)(1) of the revised proposed rule would explicitly preserve the Commission's authority to require different SGI protection requirements in individual cases. If alternative protection methods can be devised that provide an equivalent level of protection for SGI, the Commission would consider approving those methods on a case-by-case basis. Section 73.22(i) Destruction of Matter Containing Safeguards Information Comment: Two commenters expressed concern over Sec. 73.22(i), which contains requirements for the destruction of matter containing SGI. One commenter suggests that Sec. 73.22(i) seemingly permits the use of ``strip shredders'' for destruction if pieces are one-half inch or less and mixed. The commenter states that this is inconsistent with advice given by NRC staff members who believe that a cross-cut shredder must be utilized and proposes that the rule clarify whether the use of ``strip shredders'' is permissible. Another commenter suggested that the wording of Sec. 73.22(i) be modified to specify pieces one-half inch or smaller on a side to provide important clarification of how small the pieces would have to be to constitute destruction. Response: The revised proposed rule has been changed in response to this comment. The rule would allow the use of strip shredders and other shredders that shred pieces no wider than a quarter of an inch if the pieces are thoroughly mixed. Sec. 73.23 Protection of Safeguards Information--Modified Handling: Specific Requirements Comment: A commenter suggested that establishment and implementation of the SGI-M program by licensees with an existing SGI program is unnecessary. Response: Persons who establish, implement, and maintain handling, access, and control procedures for SGI described in Sec. 73.22 would have a program sufficient to protect SGI-M [[Page 64023]] described in Sec. 73.23 and would not need to establish a second or separate SGI-M program. However, special attention would be required when transmitting SGI to ensure proper document marking and handling. A primary difference between the SGI protection requirements in Sec. Sec. 73.22 and 73.23 is in the marking of the information. SGI in the former category is marked ``Safeguards Information'' while the latter category is marked ``Safeguards Information--Modified Handling.'' The different markings are associated with different storage requirements. SGI described in Sec. 73.22 must be stored in a locked security storage container, but SGI described in Sec. 73.23 and marked as SGI-M has a less stringent storage requirement--the information must be stored in a locked file drawer or cabinet. A person who possesses both types of SGI--i.e., that described in Sec. Sec. 73.22 and 73.23--and who always stores SGI in a locked security storage container under Sec. 73.22(c)(2) would be in compliance with the regulations because that person would achieve the maximum level of protection required by the regulations. But not everyone will possess both types of SGI--some will only possess SGI falling under Sec. 73.23, in which case a locked security storage container would not be required. Thus, when a person with a Sec. 73.22 program sends SGI to a person with only a Sec. 73.23 program, proper document marking would be essential. Proper marking is necessary when SGI is communicated so that the recipient does not receive a document with markings that would require storage in a container that the recipient does not possess. Without the appropriate document markings, the sender could cause a violation of the regulations. This commenter implies that the SGI-M designation means the information will be held ``secret,'' which is not the case. Individuals with a ``need to know'' the information who are determined to be trustworthy and reliable may be granted access to SGI. Access to ``secret'' National Security Information is beyond the scope of this rulemaking and is governed by separate requirements. Comment: One commenter stated that if the NRC believes that information associated with less than 15 grams of SNF or HLW should be protected as SGI, it should be designated as ``SGI-M.'' The commenter also proposed that information associated with the transportation of 15 grams of SNF or HLW should be protected as SGI pursuant to Sec. Sec. 73.21 and 73.22. Response: The Commission did not propose to protect the information identified by the commenter as SGI or SGI-M. If in the future the Commission establishes physical security requirements for the transportation of the materials referred to by the commenter, the Commission will determine whether to also require protection of security-related information as SGI or SGI-M in accordance with Sec. Sec. 73.21(b)(1) and (2). Comment: A commenter recommended against the creation of the SGI-M category because the category is overly broad, the need for restrictions on such material has not been clearly established, and the risks associated with the release of such information do not justify secrecy. This commenter expressed concerns that holding less-dangerous SGI-M information as secret will decrease accountability and eliminate the public's ability to be aware of and participate in safety matters that concern their communities. Response: The Commission disagrees that protection of the SGI described in Sec. 73.23 is unnecessary. The information that would be protected under Sec. 73.23 describes security measures and physical protection information related to radioactive materials that could be used in a radiological dispersion device. Securing those materials is vital to the public health and safety and the common defense and security. Protecting detailed information about how those materials are secured is equally vital. This rulemaking is not intended to decrease the Commission's accountability or unduly burden the public's ability to participate in NRC proceedings. Members of the public are always free to submit their views on safety and security matters by filing a petition for rulemaking under 10 CFR 2.802, by filing a request to institute proceedings to modify, suspend, or revoke a license under 10 CFR 2.206, and by attending public meetings or writing letters to the NRC. In addition, members of the public may comment on rulemakings and environmental impact statements, and where appropriate, file a petition to intervene and/or request a hearing in an adjudicatory matter. Comment: A commenter questioned the appropriateness of a statement in the original proposed rule implying that the risk of theft of materials covered by Sec. 73.23, particularly special nuclear material, could be low. Response: Special nuclear material would be addressed by Sec. Sec. 73.22 and 73.23 and would require different levels of protection based on its form and quantity. The Commission believes that a graded approach based on risk and associated consequences is appropriate. As a result, a higher risk of disclosure or higher consequence due to a malevolent act requires commensurate levels of protection. The same is true whether the assets are source, byproduct, or special nuclear materials. Comment: One commenter suggested that the NRC, in its final rule, provide greater detail on the criteria for deciding access to SGI-M material. In addition, the commenter suggested that, because of the lower risk status of SGI-M material, the NRC should allow greater access to SGI-M by establishing less rigorous restrictions and easier procedures for public access. Response: The Commission agrees that SGI-M material presents lesser risks if publicly disclosed than SGI material, but the risks are still significant. Because of those risks, broad public access is not permitted. Only trustworthy and reliable individuals who have a ``need to know'' the information may be authorized access to SGI-M. The revised proposed rule defines ``background check'' and ``trustworthiness and reliability'' to clarify the Commission's general expectations for granting access to SGI or SGI-M. Specifying discrete qualifying or disqualifying factors is not possible because trustworthiness and reliability determinations and need-to-know determinations must be made on a case-by-case basis after considering all relevant information. To implement the amendments to section 149 of the AEA contained in the Energy Policy Act of 2005, the revised proposed rule would require fingerprinting and Federal Bureau of Investigation criminal history checks, which would constitute part of the background check used to determine trustworthiness and reliability, before access to SGI. Comment: One commenter proposed that the NRC modify the preamble to define the exact materials and quantities to which the SGI-M requirements of Sec. 73.23 would apply. Response: The introductory text to Sec. 73.23 has been revised to define exactly the facilities, materials, and quantities for which the SGI-M requirements of Sec. 73.23 apply. The section would apply to panoramic and underwater irradiators, defined in 10 CFR 36.2, that possess greater than 370 TBq (10,000 Ci) of byproduct material in the form of sealed sources; manufacturers and distributors of items containing source, byproduct, or special nuclear material in greater than or equal to Category 2 quantities of concern; research and test reactors that possess less than a formula quantity of strategic [[Page 64024]] special nuclear material; and transportation of greater than or equal to Category 1 quantities of concern. Comment: One commenter stated that Sec. 73.23 would conflict with existing requirements in 49 CFR part 15 with respect to the protection of information associated with transporting radioactive materials. The commenter suggests that if the rule is adopted as proposed, licensees may be contending with two sets of regulations. Response: The NRC's regulations are not in conflict with DOT regulations. DOT regulations in 49 CFR 172.804 provide that DOT- required security plans ``that conform to regulations, standards, protocols, or guidelines issued by other Federal agencies * * * may be used to satisfy the requirements in this subpart, provided such security plans address requirements specified in this subpart''. Thus, security plans required by the NRC can be developed so that they also comply with DOT requirements. DOT information protection requirements for transportation security plans are less stringent than the SGI and SGI-M requirements established by this rule. As a general matter, the Commission does not intend that transportation security plans required by the DOT be protected under this rule. However, licensees subject to this rule who would be required by NRC regulations or orders to implement transportation security measures would be required to protect those measures and plans as SGI or SGI-M, as appropriate. Licensees that incorporate NRC-required security measures and procedures into existing DOT-required transportation security plans would be required to protect portions of the transportation security plan under this revised proposed rule. To avoid that result, licensees may wish to keep descriptions of their NRC-required security measures and procedures separate from DOT-required security plans. Section 73.23(a) Information To Be Protected Section 73.23(a)(1) Physical Protection Comment: One commenter objected to Sec. 73.23(a)(1)(i) as too broad in its use of the term ``all portions'' with respect to the NRC's authority to restrict physical security plans that are labeled as SGI- M. The commenter suggested that Sec. 73.23(a)(1)(i) creates an ``unnecessary level of secrecy'' and contends that establishing ``such intense secrecy for a brand new and less dangerous category of information seems completely unwarranted.'' The commenter recommended instead that if portions of the physical security plans can be released to the public, the agency should be permitted to disclose those portions. Response: The Commission agrees that some portions of a licensee's physical security plan or procedures may be non-SGI and has deleted the phrase ``all portions of'' from revised proposed rule. The Commission disagrees that protection of the SGI described in Sec. 73.23 is unnecessary. The information protected under Sec. 73.23 describes security measures and physical protection programs for radioactive materials that could be used in a radiological dispersion device. Securing those materials is vital to the public health and safety and the common defense and security. Protecting detailed information about how those materials are secured is equally vital. Comment: One commenter proposed that the NRC clarify the identification of emergency power sources in Sec. 73.23(a)(1)(iii) to apply only to alarm system power sources. Response: The revised proposed rule would protect information in alarm system layouts and is intended to protect information that identifies emergency power sources for alarm systems. The revised proposed rule text has been changed to clarify this point. Comment: One commenter suggested that the NRC revise Sec. 73.23(a)(1)(vii) to agree with the wording in Sec. 73.22(a)(1)(ix). Response: The Commission agrees with the comment and the revised proposed rule has been revised to add the word ``composite'' to Sec. 73.23(a)(1)(vii). Comment: One commenter proposed the deletion of Sec. 73.23(a)(1)(viii) as it is redundant with other Sec. 73.23(a)(1) subsections. Response: The commenter did not identify a specific redundancy or point out how the proposed language would cause confusion or other harm. Retaining the provision affords protection for SGI that might not fit squarely under other categories. Consequently, the Commission has not changed the provision in the revised proposed rule. Comment: Two commenters proposed replacing the phrase ``safeguards or security emergencies'' in Sec. 73.23(a)(1)(ix) with ``security contingency events,'' which is used more frequently. Another commenter suggested that the words ``Information concerning'' in Sec. 73.23(a)(1)(ix) were unclear and suggested that the NRC specify what information concerning response forces qualifies as SGI-M. Response: The Commission has changed the revised rule to make consistent use of the phrase ``security contingency events.'' The phrase ``information concerning'' in Sec. 73.23(a)(1)(ix) has been changed to ``information relating to.'' The original proposed rule adequately describes the types of information that would be protected by Sec. 73.23(a)(1)(ix) by giving a number of examples of the information the Commission seeks to protect, including response force size, armament of the response forces, and arrival times. Similar information about the operational and tactical capabilities of response forces would be protected by Sec. 73.23(a)(1)(ix). The revised proposed rule has not been revised to provide further examples. Comment: Three commenters provided comments on Sec. 73.23(a)(1)(x). Two commenters recommended revising the wording at the end of the paragraph to read: ``by significantly increasing the likelihood of radiological sabotage or theft or diversion of source, byproduct, or special nuclear material,'' in order to correspond to the phrase used in the definition of ``SGI'' in the proposed Sec. 73.2. One commenter suggested that withholding such information from disclosure as SGI-M would prevent public knowledge of safety and emergency information that would directly impact nearby communities in the event of an accident, and doing so under the SGI-M provisions would ``allow the agency to apply vague and broad secrecy authority to an already broad and undefined category since NRC does not detail precisely which facilities and materials SGI-M covers.'' Therefore, this commenter recommends that the NRC eliminate this provision and not allow emergency planning and safety reports to be protected from public disclosure under the new SGI-M category. Response: The revised proposed rule text has been changed in response to the first comment. The wording at the end of Sec. 73.23(a)(1)(x) now corresponds with the definition of SGI in Sec. 73.2. The Commission disagrees that Sec. 73.23(a)(1)(x) is overly broad, or that it would prevent public knowledge of vital safety and emergency information. The protection that would be required for engineering and safety analyses and emergency planning information under Sec. 73.23(a)(1)(x) is appropriately limited to information that could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and [[Page 64025]] security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material. The Commission recognizes that the public needs information about safety and emergency planning and will continue to make much of that information publicly available. But a limited amount of safety and emergency planning related information, if publicly disclosed, could be used to identify security measures for the protection of nuclear facilities and materials, thereby significantly increasing the likelihood of radiological sabotage or theft and diversion. For example, emergency planning information that specifies response times for local law enforcement, or identifies the size, tactics, and capabilities of first responders to a radiological event could be useful to a potential adversary in planning an attack. Section 73.23(a)(2) Physical Protection in Transit Comment: One commenter suggests that, in the final rule, Sec. 73.23(a)(2)(i) use the term ``transportation security plan'' for consistency, rather than ``transportation physical security plan'' as the original proposed rule reads. Another commenter suggests that Sec. 73.23(a)(2)(i) is too broad in that it does not specify what information falls into this category. This commenter recommends that at least some portion of transportation security plans should be available to communities to foster awareness about the safety measures applied to nuclear materials shipments passing through their towns. In addition, the commenter proposes that Sec. 73.23(a)(2)(i) be reworded to clarify that the public will retain access to all information to which it is entitled by the AEA. Response: The phrase ``transportation physical security plan'' does not appear in the revised proposed rule. The revised proposed rule would require protection of ``the composite physical security plan for transportation'' in Sec. 73.22(a)(2)(i) and ``information regarding transportation security measures, including physical security plans and procedures'' in Sec. 73.23(a)(2)(i). The revision was made in part because not all licensees subject to the rule are explicitly required to have a ``transportation physical security plan.'' The revised proposed rule is intended to protect information detailing the physical security measures and procedures used to protect source, byproduct, and special nuclear material in transit, whether or not those measures and procedures are contained in a document labeled ``transportation security plan.'' Therefore no definition of ``transportation security plan'' or its revised formulations is needed. The NRC frequently shares general transportation security information with communities and other stakeholders. Licensees may be able to share general information about their security procedures as well, however, the Commission strongly cautions against this practice to avoid an inadvertent disclosure of SGI. The Commission disagrees that Sec. 73.23(a)(2)(i) needs to be reworded to make clear that the public will retain access to all information to which it is legally entitled. The comment states a truism that need not be incorporated into NRC regulations. Comment: One commenter suggested that Sec. Sec. 73.23(a)(2)(ii) and (iii) are not clear in what is considered SGI, for example, if the regulation pertains to a specific shipment or only to the general arrangements for all shipments that may be affected. The commenter stated that, if specific to the shipment, it is burdensome in that it requires face-to-face meetings when such arrangements are normally made over the telephone. In addition, the commenter stated that the phrase ``limitations of communication during transport'' in Sec. 73.23(a)(2)(iii) was not sufficiently clear. Response: These sections apply to information related to the protection of shipments of certain quantities of source material, byproduct material, and SNM in greater than or equal to Category 1 quantities of concern. The information described in Sec. 73.23(a)(2)(ii) concerns arrangements with and capabilities of local police response forces, and locations of safe havens, whether related to a specific shipment or arrangements for shipments that may be affected. The handling requirements for SGI-M do not mandate ``face-to- face'' meetings. With respect to telephone conversations, Sec. 73.23(f)(3) provides that SGI-M must be transmitted electronically only by protected telecommunications circuits or encryption approved by the NRC except under emergency or extraordinary conditions. To the extent that the commenter is referring to arrangements regarding scheduling and itinerary information, the revised proposed rule text specifies that such information is not considered SGI-M. See 10 CFR 73.23(a)(2)(i). The phrase ``limitations of communication during transport'' in Sec. 73.23(a)(2)(iii) of the original proposed rule (now Sec. 73.23(a)(2)(iv)) has been deleted and replaced by the phrase ``Details of alarm and communication systems, communication procedures, and duress codes.'' Comment: One commenter expressed concerns that Sec. 73.23(a)(2)(v) would exempt safety analyses, emergency planning procedures, or other information about the protection of transported materials from public disclosure as SGI-M. The commenter recommended revising Sec. 73.23(a)(2)(v) in order to ensure that the public has access to emergency procedures and safety analyses information needed to protect communities. Response: In response to this and other comments, the phrase ``emergency planning procedures or scenarios'' has been changed to ``security-related procedures or scenarios''. The Commission recognizes that the public needs information about safety and emergency planning and will continue to make much of that information publicly available. But a limited amount of safety and emergency planning-related information, if publicly disclosed, could be used to identify security measures for the protection of nuclear facilities and materials, thereby significantly increasing the likelihood of sabotage or theft and diversion. For example, emergency planning information that specifies response times for local law enforcement, or identifies the size, tactics, and capabilities of first responders to a radiological event could be useful to a potential adversary in planning an attack. The Commission disagrees that this revised proposed rule would prevent public knowledge of vital safety and emergency information. The protection required for the information designated under Sec. 73.23(a)(1)(x) would be appropriately limited to information that could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or SNM. Section 73.23(a)(3) Inspections, Audits, and Evaluations Comment: One commenter expressed concerns over the proposed Sec. 73.23(a)(3) and recommended that the NRC add current regulations that allow the public to access SGI-M information about defects and weaknesses at nuclear facilities after they have been corrected. The commenter suggested that the existing provision is useful and logical in maintaining accountability and public confidence, particularly given the lower risk associated with material [[Page 64026]] in the new SGI-M category. The commenter noted that the NRC proposes to eliminate this provision with respect to SGI information and recommends that the NRC add the provision to the SGI-M regulations. Response: The Commission agrees with this comment and has revised the proposed rule in part, accordingly. However, as stated in the revised text, the disclosure of such information is not automatic, and is subject to an assessment taking into account such factors as the results of trend analyses and the impacts of disclosures on other licensees having similar physical security systems. The partial revision of the proposed rule text is consistent with the policy to increase the amount of public information released pursuant to the Security Oversight Process. Section 73.23(h) Decontrolling Information Comment: One commenter stated that the decision to decontrol information would be a difficult assessment if consideration has to be given to using it in combination with non-SGI, and that detailed guidance and/or training would need to be given. The rule says that the approval to decontrol information can be made by three options: (1) Only by the NRC; or (2) the licensee with NRC approval; or (3) in consultation with the individual that made the original determination, if possible. The commenter stated that having these three options does not make sense, as there should be one ultimate authority that states whether it is permissible to decontrol the information so that there is no ambiguity and all licensees use the same method. Response: The Commission agrees that the decision to remove information from the SGI category can be difficult. Consideration must be given not only to the nature of the information itself, but to whether public disclosure of that information would identify other SGI. If so, the information should not be decontrolled. Persons in possession of SGI who are considering decontrolling the information should consult with the NRC, although the revised proposed rule would not require it in every case. Information could be decontrolled without NRC approval after consulting with the individual or organization that originally made the SGI determination, provided the information no longer meets the criteria of this rule. Retaining this option gives licensees and others a measure of flexibility in their SGI-protection procedures. SGI generated by the NRC would only be decontrolled with NRC approval. This would ensure that NRC orders, guidance, and other regulatory documents would not be inconsistently decontrolled. Part 76: Certification of Gaseous Diffusion Plants Comment: One commenter suggested that Sec. 76.113(c) should be revised to provide that information on the security of CAT I SSNM should be protected under 10 CFR parts 25 and 95 as classified information. Response: The rule language in Sec. Sec. 73.21 and 73.22 clearly indicates that it would only apply to information that is not classified as Restricted Data or National Security Information. If the specific information is considered to be Restricted Data or National Security Information it would be protected as such and the SGI provisions would not apply. However, the Commission recognizes that the current language in Sec. 76.113(c), which suggests that security information related to formula quantities of strategic special nuclear material would be protected as SGI, may be perceived as inconsistent with the NRC's general practice of treating that information as classified Restricted Data or National Security Information. The revised proposed rule text has been changed to provide clarity. Comment: One commenter recommended that changes to Sec. Sec. 76.115(d) and 76.117(c) should be deleted from the revised proposed rule because documents transmitted to gaseous diffusion plants (GDP) by the NRC are protected as classified material and because the classified matter protection program at each GDP already meets or exceeds the protection requirements for SGI, both current and proposed. Therefore, the commenter believes that the current programs at the GDPs provide for adequate protection of sensitive information, that application of the proposed SGI requirements to the GDPs will cause the expenditure of resources with little additional protection of sensitive information, and that, therefore, the proposed revision to Sec. Sec. 76.115(d) and 76.117(c) is not necessary. Two commenters suggest that Sec. Sec. 76.115 and 76.117 should refer to Sec. Sec. 73.21 and 73.23, not Sec. 73.22. Response: The NRC Staff believes that the proper category for security-related information at the GDPs is SGI. While the GDPs are protecting their security plans and other related documents as classified material, other persons that might obtain the information would have no obligation to protect the security-related information as SGI or as classified material. The NRC does not believe that protection of the security-related information as proprietary under Sec. 2.390 provides adequate protection, particularly if a third party were to somehow obtain the information. The GDPs may continue to protect the security-related information covered by the rule as classified material, however, the information should be properly marked as SGI. This is consistent with the treatment of similar information for part 70 licensees. No changes to the revised proposed rule text are necessary. Comment: One commenter proposed that Sec. 76.113 be revised to specify whether NRC certificate holders should protect DOE's Unclassified Controlled Nuclear Information (UCNI) information to a level equivalent to SGI or SGI-M. The commenter supports protection of UCNI to an SGI-equivalent level. Response: Section 76.133 has been changed in the revised proposed rule to make it clear that the information would be protected in accordance with DOE requirements. Part 150 Exemptions and Continued Regulatory Authority in Agreement States and in Offshore Waters Under Section 274 Comment: One commenter suggested that a provision be added to Sec. 150.15 to indicate that persons in Agreement States remain under the jurisdiction of the NRC's regulations for control of SGI, as the current rule by its terms only provides that persons in Agreement States remain under the jurisdiction of NRC regulations for control of SGI-M, not SGI. The commenter recommends that the NRC should retain full authority over all SGI regulations and therefore recommends that Sec. 150.15(a)(9) be revised in the final rule to include Sec. 73.22. Response: There are no Agreement State licensees that would possess SGI, only SGI-M. However, the NRC has added Sec. 73.22 to the revised proposed rule to cover the possibility that an Agreement State licensee in the future might need to possess SGI. Other or Related Issues Comment: One commenter suggested that although the original proposed rule states that the purpose of the rule is to ``[e]xpand the types of security information covered by the definition of SGI in Sec. 73.21 to include access authorization for background screening'' there is no associated requirement that can be found in either Sec. Sec. 73.22 or 73.23 for background screening information to be protected as SGI. Another commenter noted that it would fully support changes in regulations on SGI that would preserve access authorizations for appropriate persons when needed, as [[Page 64027]] well as allow union leadership access to applicable safeguarded information. Response: The commenter is correct about the lack of an explicit requirement in either Sec. Sec. 73.22 or 73.23 for ``access authorization for background screening.'' Detailed background screening requirements for determining trustworthiness and reliability are set forth in a licensee's or an applicant's composite physical security plan, which is included in Sec. Sec. 73.22(a)(1)(i) and 73.23(a)(1)(i) as a type of SGI. As to the second comment, authorization for access to SGI always considers need because one criterion for granting such access is an established ``need-to-know''. The revised proposed rule preserves the application of the ``need to know'' criterion as a requirement in Sec. Sec. 73.22(b) and 73.23(b). The issue of access to SGI by agents representing employees of NRC licensees in employment-related grievances has previously been addressed in response to an earlier comment on that subject. Comments on Information Collection Requirements Comment: The Office of Management and Budget (OMB) received two comment letters on the proposed information collection requirements associated with Sec. Sec. 73.21, 73.22, and 73.23. An industry commenter stated that the estimate of the total number of hours needed annually to complete the requirement or request (5,926 or an average of nine hours per recordkeeper) is incorrect. The commenter estimates that initially thousands of hours will be required of each recordkeeper to review and mark the additional SGI or SGI-M documents as required in Sec. Sec. 73.22(a)(1)(xii) and 73.23(a)(1)(x). In addition, the ongoing requirement of the original proposed rule would also exceed nine hours per recordkeeper. Response: The average number of hours that would be needed annually to complete the information collection requirement in the original proposed rule of 9 hours per respondent was an average that covered a wide range of entities from nuclear power reactors to irradiators. The calculation of the 9 hours accounted for the range of those affected by the information collection requirement by assuming larger entities would have a larger number of documents to mark than smaller entities. The average burden of 9 hours seems low because there are many more smaller entities in the calculation than larger entities. The burden for power reactors, including implementation and ongoing burden, was approximately 26 hours annually for each power reactor site. It is expected that the information collection burdens for the revised proposed rule will change to reflect the requirements in the revised rule. Comment: The commenter also disagreed with the following statement in the Abstract portion of the Paperwork Reduction Act Statement in the Federal Register notice for the original proposed rule: ``The proposed amendments would be consistent with Commission practices reflected in previously issued orders and advisories.'' According to the commenter, this statement is incorrect because the NRC has not previously directed that all of the information specified in proposed 10 CFR 73.22 be protected as SGI. Response: The original proposed amendments reflected Commission practices set forth in previously issued orders and advisories, results of the Commission's comprehensive review of security policies and requirements, and comments received in the original proposed rulemaking. Any increased information collection burdens associated with the revised proposed amendments will be accounted for in the calculation of the burden estimate in a new OMB clearance package. Comment: A commenter suggested that eliminating portion marking requirements for documents containing SGI, and allowing the entire document to be marked as SGI, was a way to minimize the information collection burden. Response: Under Sec. Sec. 73.22(d)(3) and 73.23(d)(3), portion marking would only be required for transmittal documents for correspondence with the NRC. For example, cover letters that transmit a security plan or license application are required to be portion marked, but the attached plan or application is not. The burden associated with portion marking these documents is small, and would be outweighed by the benefit of being able to make correspondence with the NRC publicly available. Comment: A commenter provided two burden estimates for nuclear power reactor implementation of the original proposed rule. The first estimate assumed that the commenter's ``comments or similar clarifications'' would not be accounted for in the final rule. The second estimate assumed the commenter's ``comments or similar clarifications'' would be accounted for in the final rule. The commenter concluded that the estimates showed a ``great and expansive potential for misinterpretation'' of the original proposed rule. Response: The NRC has revised the original proposed rule language so that potential for misinterpretation would be minimized. The NRC has revised the number of recordkeepers in the OMB clearance package associated with power reactors from 104 to 64. The decrease in recordkeepers reflects multiple reactors at one site sharing SGI documents. The NRC has not included the cost of a dedicated copy machine and dedicated computers for reproducing and processing SGI documents. These costs are not requirements of the revised proposed rule and therefore will not be included in the OMB clearance package. Comment: One commenter requested that an accurate regulatory analysis and backfit analysis be completed and made available for public comment before the rule is finalized. Response: The regulatory analysis for the original proposed rule was available for public comment. It has been revised where appropriate in response to those comments and is being made available for comment with this revised proposed rule. A backfit analysis is not required because the requirements of this revised proposed rule that are not in the current 10 CFR 73.21 are being proposed as a matter of adequate protection. Comment: A commenter requested that the NRC develop a rulemaking associated with the transportation of certain types and quantities of radioactive materials with the DOT. Response: A coordinated rulemaking with the DOT is not possible given the expedited rulemaking required for the protection of the common defense and security. Comment: A public meeting was requested by industry to ensure that the NRC staff understands certain concerns, such as the impacts on licensees of implementation of the rule, due to the large number of documents and the breadth of information held by a greater number of licensees. Response: The expedited rulemaking schedule did not allow the NRC time to hold a public meeting. However, NRC staff had several telephone conversations with the commenter in order to understand the commenter's concerns regarding the OMB clearance package and the regulatory analysis. Comments on Regulatory Analysis Comment: One comment stated that the full-compliance baseline assumption in the main analysis of the regulatory analysis is incorrect because it is assumed that all licensee costs were incurred under Commission orders that were never imposed and that this does not account for licensee costs incurred under the rule. In addition, under the ``Pre-Order Analysis'' in the regulatory analysis, the period of compliance is [[Page 64028]] assumed to be ten years. This time period is too short given the perpetual nature of the rule. Response: The NRC concurs with the comment that the full-compliance baseline assumption of the main analysis does not capture the costs associated with the rule that have not already been incurred under the current regulation at 10 CFR 73.21 or under Commission orders. Accordingly, the regulatory analysis has been revised to capture these costs under the main analysis. The NRC also concurs that the assumed ten year period of compliance is not long enough for some licensees, such as nuclear power reactors. Therefore, the NRC has calculated the annual costs for nuclear power reactors over a 33-year period. This is the approximate length of plant life remaining for power reactors assuming 100 percent license renewal. Comment: A commenter stated that the assertion in the regulatory analysis that the original proposed rule would increase public confidence in the NRC and its licensees is not supported by data, nor is there a basis for such a subjective judgment. Response: In response to the comment that there is no basis for the qualitative benefit of increased public confidence resulting from the revised proposed rule, the NRC has revised the regulatory analysis to exclude either a qualitative value or impact related to public confidence in the NRC or its licensees. Comment: Another comment on the regulatory analysis is that the backfit analysis in Section XIV only considers the ``main'' analysis and therefore does not consider the perpetual and substantial costs to licensees associated with the rule. Response: A backfit analysis is not required because the requirements of this rule that are not in the current 10 CFR 73.21 are being proposed as a matter of adequate protection. Comment: A commenter suggested that the rule be delayed until an accurate regulatory analysis and backfit analysis are completed. Response: The NRC believes that the revised regulatory analysis is an accurate analysis of the values and impacts associated with the revised proposed rule. The original regulatory analysis was available for public comment and has been revised where appropriate in response to comments. As stated above, a backfit analysis is not required. Comment: The regulatory analysis should consider the actual substantial cost of implementing the rule and should also quantify the need for SGI-M under Sec. 73.23. Response: The regulatory analysis accounts for the costs of implementing the revised proposed rule. Assigning a quantitative value to the need for SGI-M under Sec. 73.23 is not possible. However, as discussed in the regulatory analysis, there are substantial qualitative benefits associated with protecting SGI-M under Sec. 73.23. C. Section-by-Section Analysis Table 1.--Changes to the Original Proposed Rule Text and Explanation of Changes [Additional details regarding the changes may be found in the responses to comments.] ------------------------------------------------------------------------ Changes from the 10 CFR section original proposed Explanation of rule text changes ------------------------------------------------------------------------ 2.4......................... A new definition of A definition of Safeguards Safeguards Information is Information has added to Sec. been added to this 2.4: Safeguards section in the Information means revised proposed information not rule because the classified as term is used in National Security this part. This Information or definition also Restricted Data appears in Sec. which specifically 73.2. identifies a licensee's or applicant's detailed control and accounting procedures for the physical protection of special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; detailed security measures (including security plans, procedures, and equipment) for the physical protection of source, byproduct, or special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; security measures for the physical protection and location of certain plant equipment vital to the safety of production or utilization facilities; and any other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, the unauthorized disclosure of which, as determined by the Commission through order or regulation, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of source, by product, or special nuclear material. 2.336(f)(1)................. The following This paragraph is paragraph is added added to the to Sec. 2.336, revised proposed ``General rule in response to discovery.'' ``In comments regarding the event of a discovery of dispute over Safeguards disclosure of Information in NRC documents and adjudicatory records including proceedings. Safeguards Section 2.336(f)(1) Information applies only in a referred to in dispute over Sections 147 and disclosure of 181 of the Atomic Safeguards Energy Act, as Information. In the amended, the absence of a presiding officer dispute over may issue an order disclosure, requiring participants in an disclosure if-- adjudicatory ``[the requirements proceeding may in Sec. exchange 2.336(f)(1)(i) information, through (iv) are including met]. Safeguards Information. However, such disclosures would be subject to a protective order issued by the presiding officer of the proceeding to protect against the unauthorized disclosure of the information. [[Page 64029]] 2.336(f)(1)(i).............. The following This paragraph makes paragraph is added: clear that: (1) ``The presiding ``Need to know,'' officer finds that as defined in Sec. the individual 73.2, applies in seeking access to NRC adjudicatory Safeguards proceedings, and Information to (2) the presiding participate in an officer of the NRC adjudication proceeding makes has the requisite the ``need to ``need to know'', know'' as defined in Sec. determination for 73.2;'' access to SGI in a dispute over the ``need to know'' determination. In other words, access to Safeguards Information always requires a ``need to know.'' In the specific instance of a dispute over ``need to know'' in an NRC adjudicatory proceeding, the presiding officer makes the ``need to know'' determination as defined in Sec. 73.2. 2.336(f)(1)(ii)............. The following This paragraph paragraph is added: requires that ``The individual individuals seeking has undergone an access to FBI criminal Safeguards history check, Information in unless exempt under order to Sec. Sec. participate in an 73.22(b)(3) or NRC adjudicatory 73.23(b)(3), as proceeding must applicable, by undergo an FBI submitting criminal history fingerprints to the check, including NRC Office of fingerprinting, Administration, unless they are Security Processing exempt from this Unit, Mail Stop T- requirement under 6E46, U.S. Nuclear Sec. Sec. Regulatory 73.22(b)(3) or Commission, 73.23(b)(3). Those Washington DC 20555- provisions cross- 0001, and otherwise reference Sec. following the 73.59, which lists procedures in Sec. categories of 73.57(d) for individuals who are submitting and exempt from the FBI processing criminal history fingerprints. and background However, before an check requirements adverse for access to determination by Safeguards the NRC Office of Information by Administration on virtue of their an individual's occupational criminal history status. This check, the paragraph also individual shall be extends the afforded the protections protections of Sec. provided by Sec. 73.57;'' 73.57 to participants in NRC adjudicatory proceedings before an adverse determination is made by the NRC Office of Administration on their criminal history check. 2.336(f)(1)(iii)............ The following This paragraph paragraph is added: requires that ``The NRC Office of individuals seeking Administration has access to found, based upon a Safeguards background check, Information in that the individual order to is trustworthy and participate in an reliable, unless NRC adjudicatory exempt from the proceeding must background check undergo a requirement background check pursuant to Sec. for trustworthiness Sec. 73.22(b)(3) and reliability or 73.23(b)(3), as unless exempt from applicable. that requirement However, before under Sec. Sec. adverse 73.22(b)(3) or determination by 73.23(b)(3), which the NRC Office of cross-reference Administration on Sec. 73.59. This an individual's paragraph extends background check the protections for trustworthiness provided by Sec. and reliability, 73.57 to the individual participants in NRC shall be afforded adjudicatory the protections proceedings before provided by Sec. an adverse 73.57.'' determination by the NRC Office of Administration on their background checks for trustworthiness and reliability. 2.336(f)(1)(iv)............. Participants, This paragraph potential establishes witnesses, and detailed procedures attorneys for whom for participants, the NRC Office of potential Administration has witnesses, and made a final attorneys to appeal adverse a final adverse determination on determination by trustworthiness and the NRC Office of reliability may Administration on request the an individual's presiding officer trustworthiness and to review the reliability adverse determination for determination. The access to SGI. request may also Participants, seek to have the potential Chairman of the witnesses, and Atomic Safety and attorneys may Licensing Board request that the Panel designate an Chairman of the officer other than Atomic Safety and the presiding Licensing Board officer of the Panel designate an proceeding to officer other than review the adverse the proceeding determination. For officer of the purposes of review, proceeding to the adverse review the NRC determination must Office of be in writing and Administration's set forth the adverse grounds for the determination. determination. The In addition, this request for review paragraph contains shall be served on the following the NRC staff and requirements: may include Documentation by additional the Office of information for Administration of review by the an adverse presiding officer. determination and The request must be the time periods filed within 15 for filing and days after receipt service of the of the adverse request for review, determination by and issuance by the the individual presiding officer against whom the of a decision on adverse the request for determination has review. The been made. Within standard for 10 days of receipt reversal by the of the request for presiding officer review and any of the Office of additional Administration's information, the adverse NRC staff will file determination is a a response finding that the indicating whether determination the request and constitutes an additional abuse of information has discretion. caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination. 2.336(f)(2)................. The following This provision paragraph is added: authorizes the ``The presiding presiding officer officer may include to prescribe terms in an order any and conditions protective terms necessary and and conditions appropriate to (including ensure that affidavits of non- disclosure of disclosure) as may Safeguards be necessary and Information is appropriate to limited to limit the authorized disclosure to individuals. parties in the proceeding, to interested States and other governmental entities participating under Sec. 2.315(c), and to their qualified witnesses and counsel.'' [[Page 64030]] 2.336(f)(3)................. The following This paragraph paragraph is added: extends ``When Safeguards requirements for Information the protection of protected from Safeguards unauthorized information in Sec. disclosure under Sec. 73.21, Section 147 of the 73.22, and 73.23, Atomic Energy Act, as applicable, to as amended, is anyone in received and possession or possessed by a receipt of participant other Safeguards than the NRC staff, Information. it must also be protected according to the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable.'' 2.336(f)(4)................. The following This paragraph paragraph is added: authorizes the ``The presiding presiding officer officer may also of the proceeding prescribe to prescribe additional measures in procedures to addition to those effectively described in Sec. safeguard and Sec. 73.21, prevent disclosure 73.22, and 73.23, of Safeguards as applicable, to Information to prevent the unauthorized disclosure of persons with Safeguards minimum impairment Information to of the procedural unauthorized rights which would individuals. be available if Safeguards Information were not involved.'' 2.336(f)(5)................. The following This paragraph paragraph is added: authorizes civil ``In addition to penalties for any other sanction disclosure of that may be imposed Safeguards by the presiding Information in officer for violation of a violation of an presiding officer's order issued protective order or pursuant to this orders. paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under Sec. 2.205.'' 2.336(f)(6)................. The following This paragraph paragraph is added: authorizes criminal ``For the purpose penalties for of imposing the disclosure of criminal penalties Safeguard contained in Information in Section 223 of the violation of a Atomic Energy Act, presiding officer's as amended, any protective order or order issued orders. pursuant to this paragraph with respect to Safeguards Information is considered to be an order issued under Section 161b of the Atomic Energy Act.'' 2.705(c)(2)................. The following This paragraph is paragraph is added added to the to Sec. 2.705, revised proposed ``Discovery--additi rule in response to onal methods.'' comments regarding ``In the case of discovery of SGI in documents and NRC adjudicatory records including proceedings. The Safeguards paragraph Information authorizes the referred to in presiding officer Sections 147 and to issue an order 181 of the Atomic requiring Energy Act, as disclosure of amended, the certain documents presiding officer and records, may issue an order including requiring Safeguards disclosure if--''. Information, provided that the requirements noted and discussed below are met. 2.705(c)(2)(i).............. The following This provision makes paragraph is added: clear that a ``need ``The presiding to know,'' as officer finds that defined in Sec. the individual 73.2, applies to an seeking access to individual seeking Safeguards access to SGI in Information in order to order to participate in an participate in an NRC proceeding. The NRC proceeding has presiding officer the requisite `` of the proceeding need to know,'' as makes the ``need to defined in Sec. know'' 73.2''; determination for access to SGI in a dispute over the ``need to know'' determination. In other words, access to Safeguards Information always require a ``need to know.'' In the specific instance of a dispute over the ``need to know'' in an NRC adjudicatory proceeding, the presiding officer makes the ``need to know'' determination as defined in Sec. 73.2. 2.705(c)(2)(ii)............. The following This paragraph paragraph is added: requires that ``The individual individuals seeking has undergone an access to FBI criminal Safeguards history check, Information in unless exempt under order to Sec. Sec. participate in an 73.22(b)(3) or NRC adjudicatory 73.23(b)(3), as proceeding must applicable, by under go an FBI submitting criminal history fingerprints to the check, including NRC Office of fingerprinting, Administration, unless they are Security Processing exempt from this Unit, Mail Stop T- requirement under 6E46, U.S. Nuclear Sec. Sec. Regulatory 73.22(b)(3) or Commission, 73.23(b)(3). Those Washington, DC provisions cross- 20555-0001, and reference Sec. otherwise follow 73.59, which lists the procedures in categories of Sec. 73.57(d) for individuals who are submitting and exempt from the FBI processing criminal history fingerprints. and background However, before an check requirements adverse for access to determination by Safeguards the NRC Office of Information by Administration on virtue of their an individual occupational criminal history status. This check, the paragraph also individual shall be extends the afforded the protections protections of provided by Sec. 73.57; and'' 73.57 to participants in NRC adjudicatory proceedings before an adverse determination is made by the NRC Office of Administration on their FBI criminal history check. [[Page 64031]] 2.705(c)(2)(iii)............ The following This paragraph paragraph is added: provides that ``NRC Office of individuals seeking Administration has access to found, based upon a Safeguards background check, Information in that the individual order to is trustworthy and participate in an reliable, unless NRC adjudicatory exempt Sec. Sec. proceeding must 73.22(b)(3) or under go a 73.23(b)(3) background check However, before an for trustworthiness adverse and reliability determination by unless exempt from the NRC Office of this requirement Administration on under Sec. Sec. an individual's 73.22(b)(3) or background check 73.23(b)(3). Those for trustworthiness provisions cross- and reliability, reference Sec. the individual 73.59, which lists shall be afforded categories of the protections individuals who are provided by Sec. exempt from the FBI 73.57.'' criminal history check and background check requirements for access to SGI by virtue of their occupational status. This paragraph also extends the protections provided by Sec. 73.57 before an adverse determination by the NRC Office of Administration on a background check for trustworthiness and reliability. 2.705(c)(2)(iv)............. The following This paragraph paragraph is added: establishes ``An individual detailed procedures seeking to for an individual participate in an seeking access to NRC adjudicatory SGI in order to proceeding for whom participate in an the NRC Office of NRC adjudicatory Administration has proceeding to made a final appeal a final adverse adverse determination on determination by trustworthiness and the NRC Office of reliability may Administration on request the trustworthiness and presiding officer reliability for to review the access to SGI. The adverse paragraph contains determination. For the following purposes of review, requirements: the adverse Documentation by determination must the Office of be in writing and Administration of set forth the an adverse grounds for the determination and determination. The the time periods request for review for filing and shall be served on service of the the NRC staff and request for review, may include responding to the additional request, and for information for issuance of a review by the decision by the presiding officer. presiding officer The request must be on a request for filed within 15 review. The days after receipt presiding officer of the adverse may reverse the determination by Office of the individual Administration's against whom the final adverse adverse determination only determination has if the officer been made. Within finds, based on all 10 days of receipt the information the request for submitted, that the review and any adverse additional determination information, the constitutes an NRC staff will file abuse of a response discretion. indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination.'' 2.705(c)(3)................. The following This provision paragraph is added: authorizes the ``The presiding presiding officer officer may include to prescribe terms in an order any and conditions protective terms necessary and and conditions appropriate to (including ensure that affidavits of non- disclosure of disclosure) as may Safeguards be necessary and Information is appropriate to limited to limit the authorized disclosure to individuals. parties in the proceeding, to interested States and other governmental entities participating under Sec. 2.315(c), and to their qualified witnesses and counsel.'' 2.705(c)(4)................. The following This paragraph paragraph is added: extends ``When Safeguards requirements for Information protection of protected from Safeguards unauthorized Information in Sec. disclosure under Sec. 73.21, Section 147 of the 73.22, and 73.23, Atomic Energy Act, as applicable, to as amended, is anyone in received and possession of possessed by a Safeguards party other than Information. the NRC staff, it must also be protected according to the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable.'' 2.705(c)(5)................. The following This paragraph paragraph is added: authorizes the ``The presiding presiding officer officer may also of the proceeding prescribe to prescribe additional measures in procedures to addition to those effectively described in Sec. safeguard and Sec. 73.21, prevent disclosure 73.22, and 73.23, of Safeguards as applicable, to Information to prevent disclosure unauthorized of Safeguards persons with Information to minimum impairment unauthorized of the procedural individuals. rights which would be available if Safeguards Information were not involved.'' 2.705(c)(6)................. The following This paragraph paragraph is added: authorizes civil ``In addition to penalties for any other sanction disclosure of that may be imposed Safeguards by the presiding Information in officer for violation of a violation of an presiding officer's order issued protective order or pursuant to this orders. paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under Sec. 2.205.'' [[Page 64032]] 2.705(c)(7)................. The following This paragraph paragraph is added: authorizes criminal ``For the purpose penalties for of imposing the disclosure of criminal penalties Safeguards contained in Information in Section 223 of the violation of a Atomic Energy Act, presiding officer's as amended, any protective order or order issued orders. pursuant to this paragraph with respect to Safeguards Information is considered to be an order issue under section 161b of the Atomic Energy Act.'' 2.709(f).................... This subsection of This paragraph has Sec. 2.709, been revised in ``Discovery against response to the NRC staff'' has comments regarding been revised and discovery of SGI in subdivided as noted NRC adjudicator below. proceedings. It has been subdivided in the revised proposed rule for clarity. This paragraph continues to apply to discovery documents and records including Safeguards Information, against the NRC staff. 2.709(f)(1)................. This paragraph This paragraph sets reads: ``In the forth the case of requested circumstances in documents and which Sec. records, (including 2.709(f) applies. Safeguards As in the original Information proposed rule, Sec. referred to in 2.709(f) Section 147 and 181 establishes of the Atomic procedures for the Energy Act, as discovery against amended) exempt the NRC staff of from disclosure documents and under Sec. 2.390, records, including the presiding Safeguards officer may issue Information, which an order disclosure are exempt from to the Executive disclosure under Director of Sec. 2.390, Operations or ``Public delegate of the inspections, Executive Director exemptions, for Operations, to requests for produce the withholding.'' documents or records (or any other order issued ordering productions of the document or records) if--'' 2.709(f)(1)(i).............. The following is This paragraph makes added: ``The clear that: (1) presiding officer ``Need to know,'' finds that the as defined in Sec. individual seeking 73.2, applies in access to NRC adjudicatory Safeguards proceedings, and Information to (2) the presiding participate in an officer of the NRC adjudication proceeding makes has the requisite the ``need to ``need to know'', know'' as defined in Sec. determination for 73.2;'' The phrase access to SGI in a ``but whose dispute over the disclosure is found ``need to know'' by the presiding determination. In officer to be other words access necessary to a to Safeguards proper decision in Information always the proceeding'' requires a ``need has been deleted to know.'' In the from Sec. specific instance 2.709(f). of a dispute over ``need to know'' in an NRC adjudicatory proceeding, the presiding officer makes the ``need to know'' determination as defined in Sec. 73.2. 2.709(f)(1)(ii)............. The following This paragraph makes paragraph is added: clear that ``The individual individuals seeking has undergone an access to FBI criminal Safeguards history check, Information in unless exempt Sec. order to Sec. 73.22(b)(3) participate in an or Sec. NRC adjudicatory 73.23(b)(3), by proceeding must submitting undergo an FBI fingerprints to the criminal history NRC Office of check, including Administration, fingerprinting, Security Processing unless they are Unit, Mail Stop T- exempt from this 6E46, U.S. Nuclear requirement under Regulatory Sec. Sec. Commission, 73.22(b)(3) or Washington DC 20555- 73.23(b)(3), which 0001, and otherwise cross-reference following the Sec. 73.59. procedures in Sec. Section 73.59 lists 73.57(d) for categories of submitting and individuals who are processing exempt from the FBI fingerprints. criminal history However, before an and background adverse check requirements determination by for access to the NRC Office of Safeguards Administration on Information by an individual's virtue of their criminal history occupational check the status. This individual shall be paragraph extends afforded the the protections protections provided by Sec. provided by Sec. 73.57 to 73.57; and'' participants in NRC adjudications before an adverse determination by the NRC Office of Administration on their FBI criminal history check. 2.709(f)(1)(iii)............ The following This paragraph makes paragraph is added: clear that ``The NRC Office of individuals seeking Administration access to finds, based upon a Safeguards background check, Information in that the individual order to is trustworthy and participate in an reliable, unless NRC adjudicatory exempt under Sec. proceeding must Sec. 73.22(b)(3) undergo a or 73.23(b)(3), as background check applicable. for trustworthiness However, before an and reliability adverse unless exempt from determination by this requirement the NRC Office of under Sec. Sec. Administration on 73.22(b)(3) or an individual's 73.23(b)(3), as background check applicable. These for trustworthiness provisions cross- and reliability, reference Sec. the individual 73.59, which lists shall be afforded categories of the protections individuals who are provided by Sec. exempt from the FBI 73.57.'' criminal history check and background check requirements for access to SGI by virtue of their occupational status. This paragraph extends the protections provided by Sec. 73.57 to participants in NRC adjudications before an adverse determination by the NRC Office of Administration on their background checks. [[Page 64033]] 2.709(f)(1)(iv)............. The following This paragraph paragraph is added: establishes Participants, detailed procedures potential for participants, witnesses, and potential attorneys for whom witnesses, and the NRC Office of attorneys to appeal Administration has a final adverse made a final determination by adverse the NRC Office of determination on Administration on trustworthiness and an individual's reliability may trustworthiness and request the reliability presiding officer determination for to review the access to SGI. adverse Participants, determination. The potential request may also witnesses, and seek to have the attorneys may Chairman of the request that the Atomic Safety and Chairman of the Licensing Board Atomic Safety and Panel designate an Licensing Board officer other than Panel designate an the presiding officer other than officer of the the proceeding proceeding to officer of the review the adverse proceeding to determination. For review the NRC purposes of review, Office of the adverse Administration's determination must adverse be in writing and determination. set forth the In addition, this grounds for the paragraph contains determination. The the following request for review requirements: shall be served on Documentation by the NRC staff and the Office of may include Administration of additional an adverse information for determination and review by the the time periods presiding officer. for filing and The request must be service of the filed within 15 request for review, days after receipt and issuance by the of the adverse presiding officer determination by of a decision on the individual the request for against whom the review. The adverse standard for determination has reversal by the been made. Within presiding officer 10 days of receipt of the NRC Office of the request for of Administration's review and any final adverse additional determination is a information, the finding that the NRC staff will file determination a response constitutes an indicating whether abuse of the request and discretion. additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination. 2.709(f)(2)................. The following This provision paragraph is added: authorizes the ``The presiding presiding officer officer may include to prescribe terms in an order any and conditions protective terms necessary and and conditions appropriate to (including ensure that affidavits of non- disclosure of disclosure) as may Safeguards be necessary and Information is appropriate to limited to limit the authorized disclosure to individuals. parties in a proceeding, to interested States and other governmental entities participating under Sec. 2.315(c), and to their qualified witnesses and counsel.'' 2.709(f)(3)................. The following This paragraph paragraph is added: extends ``When Safeguards requirements for Information protection of protection from Safeguards unauthorized Information in Sec. disclosure under Sec. 73.21, Section 147 of the 73.22, and 73.23, Atomic Energy Act, as applicable, to as amended, is anyone in received and possession of possessed by a Safeguards participant other Information. than the NRC staff, it must also be protected according to the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable.'' 2.709(f)(4)................. The following This paragraph paragraph is added: authorizes the ``The presiding presiding officer officer may also of the proceeding prescribe to prescribe additional measures in procedures to addition to those effectively described in Sec. safeguard and Sec. 73.21, prevent disclosure 73.22, and 73.23, of Safeguards as applicable to Information to prevent disclosure unauthorized of Safeguards persons with Information to minimum impairment unauthorized of the procedural individuals. rights which would be available if Safeguards Information were not involved.'' 2.709(f)(5)................. The following This paragraph paragraph is added: authorizes civil ``In addition to penalties for any other sanction disclosure of that may be imposed Safeguards by the presiding Information in officer for violation of a violation of an presiding officer's order issued protective order or pursuant to this orders. paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under Sec. 2.205.'' 2.709(f)(6)................. The following This paragraph paragraph is added: authorizes criminal ``For the purpose penalties for of imposing the disclosure of criminal penalties Safeguards contained in Information in Section 223 of the violation of a Atomic Energy Act, presiding officer's as amended, any protective order or order issued orders. pursuant to this paragraph with respect to Safeguards Information is considered to be an order under Section 161b of the Atomic Energy Act.'' 2.1010(b)(6)................ This paragraph of This paragraph is Sec. 2.1010, revised in response ``Pre-License to comments application regarding discovery presiding officer'' of SGI in NRC has been adjudicatory reorganized and proceedings. It has subdivided. The been subdivided for paragraph begins as clarity. As in Sec. follows: ``Whether 2.1010(b)(6) of the material should the original be disclosed under proposed rule, this a protective order paragraph containing such authorizes the Pre- protective terms License Application and conditions Presiding Officer (including to resolve disputes affidavits of over disclosure of nondisclosure) as Safeguards may be necessary Information. and appropriate to limit the disclosure to potential parties, interested government participants, and parties in a proceeding, or to their qualified witnesses and counsel.'' [[Page 64034]] 2.1010(b)(6)(i)............. The following This paragraph paragraph is added: authorizes the Pre- ``The Pre-License License Application Application Presiding Officer Presiding Office to issue an order may issue an order requiring requiring disclosure of disclosure of Safeguards Safeguards Information if the Information if--'' requirements in the subsequent provisions are met. 2.1010(b)(6)(i)(A).......... The following This paragraph makes paragraph is added: clear that (1) ``The Pre-License ``need to know'', Application as defined in Sec. Presiding Officer 73.2, applies in finds that the the context of NRC individual seeking adjudicatory access to proceedings, and Safeguards (2) the presiding Information in officer of the order to proceeding makes participate in an the ``need to NRC adjudication know'' has the requisite determination for ``need to know,'' access to SGI in a as defined in Sec. dispute over the 73.2''; ``need to know'' determination. In other words, access to Safeguards Information always requires a ``need to know.'' In a dispute over ``need to know'' in an NRC adjudicatory proceeding, the presiding officer makes the ``need to know'' determination as that term is defined in Sec. 73.2. 2.1010(b)(6)(i)(B).......... The following This paragraph paragraph is added: requires that ``The individual individuals seeking has undergone an access to FBI criminal Safeguards history check, Information in unless exempt under order to Sec. Sec. participate in an 73.22(b)(3) or NRC adjudicatory 73.23(b)(3), as proceeding must applicable by undergo an FBI submitting criminal history fingerprints to the check, including NRC Office of fingerprinting, Administration, unless they are Security Processing exempt from this Unit, Mail Stop T- requirement under 6E46, U.S. Nuclear Sec. Sec. Regulatory 73.22(b) or Commission, 73.23(b). Those Washington D.C. provisions cite 20555-0001, and Sec. 73.59, which otherwise following lists categories of the procedures in individuals who are Sec. 73.57(d) for exempt from the FBI submitting and criminal history processing check and fingerprints. background However, before an requirements for adverse access to determination by Safeguards the NRC Office of Information by Administration on virtue of their an individual's occupational criminal history status. This check, the paragraph also individual shall be extends the afforded the protections protections of Sec. provided by Sec. 73.57;'' 73.57 to participants in NRC adjudications before an adverse determination by the NRC Office of Administration on their FBI criminal history checks. 2.1010(b)(6)(i)(C).......... The following This paragraph makes paragraph is added: clear that ``A finding by the individuals seeking NRC Office of access to Administration, Safeguards based upon a Information in background check, order to that the individual participate in an is trustworthy and NRC adjudicatory reliable, unless proceeding must exempt under Sec. undergo a Sec. 73.22(b)(3) background check or 73.23(b)(3), as for trustworthiness applicable. and reliability However, before an unless exempt from adverse this requirement determination on an under Sec. Sec. individual's 73.22(b)(3)(b)(3) background check or 73.23(b)(3). for trustworthiness Those provisions and reliability, contain a cross- the individual reference to Sec. shall be afforded 73.59, which lists the protections categories of provided by Sec. individuals who are 73.57.'' exempt from the FBI criminal history check and background check requirements for access to Safeguards Information by virtue of their occupational status. This paragraph extends the protections provided by Sec. 73.57 to participants in NRC adjudications before an adverse determination by the NRC Office of Administration on their background checks for trustworthiness and reliability. 2.1010(b)(6)(i)(D).......... Participants, This paragraph potential establishes witnesses, and detailed procedures attorneys for whom for participants, the NRC Office of potential Administration has witnesses, and made a final attorneys to appeal adverse a final adverse determination on determination by trustworthiness and the NRC Office of reliability may Administration on request the an individual's presiding officer trustworthiness and to review the reliability adverse determination for determination. The access to SGI. request may also Participants, seek to have the potential Chairman of the witnesses, and Atomic Safety and attorneys may Licensing Board request that the Panel designate an Chairman of the officer other than Atomic Safety and the presiding Licensing Board officer of the Panel designate an proceeding to officer other than review the adverse the proceeding determination. For officer of the purposes of review, proceeding to the adverse review the NRC determination must Office of be in writing and Administration's set forth the adverse grounds for the determination. In determination. The addition, this request for review paragraph contains shall be served on the following the NRC staff and requirements: may include documentation by additional the Office of information for Administration of review by the an adverse presiding officer. determination and The request must be the time periods filed within 15 for filing and days after receipt service of the of the adverse request for review, determination by responding to the the individual request, and for against whom the issuance of a adverse decision by the determination has presiding officer. been made. Within The standard for 10 days of receipt reversal by the of the request for presiding officer review and any of the NRC Office additional of Administration's information, the final adverse NRC staff will file determination made a response by the NRC Office indicating whether of Administration. the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination. [[Page 64035]] 2.1010(b)(6)(ii)............ The following This provision provision is added: authorizes the Pre- ``The Pre-License License Application Application Presiding Officer Presiding Officer to prescribe terms may include in an and conditions order any necessary to insure protective terms that disclosure of and conditions Safeguards (including Information is affidavits of non- limited to disclosure) as may authorized be necessary and individuals. appropriate to limit the disclosure to parties in the proceeding, to interested States and other governmental entities participating under Sec. 2.315(c) and to their qualified witnesses and counsel.'' 2.1010(b)(6)(iii)........... The following This paragraph paragraph is added: extends ``When Safeguards requirements for Information protection of protected from Safeguards unauthorized Information in Sec. disclosure under Sec. 73.21, Section 147 of the 73.22, and 73.23, Atomic Energy Act as applicable, to of 1954, as anyone in amended, is possession of received and Safeguards possessed by a Information. party other than the NRC staff, it must also be protected according to the requirement of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable.'' 2.1010(b)(6)(iv)............ The following This paragraph paragraph is added: authorizes the Pre- ``The Pre-License License Application Application Presiding Officer Presiding Officer to prescribe may also prescribe measures in additional addition to those procedures as will described in Sec. effectively Sec. 73.21, safeguard and 73.22, and 73.23 as prevent disclosure applicable, to of Safeguards prevent disclosure Information to of Safeguards unauthorized Information to persons with unauthorized minimum impairment individuals. of the procedural rights which would be available if Safeguards Information were not involved.'' 2.1010(b)(6)(v)............. The following This paragraph paragraph is added: authorizes civil ``In addition to penalties for any other sanction disclosure of that may be imposed Safeguards by the Pre-License Information in Application violation of a Presiding Officer protective order or for violation of an orders. order issued pursuant to this paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act of 1954, as amended, may be subject to a civil penalty imposed under Sec. 2.205.'' 2.1010(b)(6)(vi)............ The following This paragraph paragraph is added: authorizes criminal ``For the purpose penalties for of imposing the disclosure of criminal penalties Safeguards contained in Information in Section 223 of the violation of a Atomic Energy Act protective order or of 1954, as orders. amended, any order issued pursuant to this paragraph with respect to Safeguards Information is considered to be an order under Section 161b of the Atomic Energy Act of 1954, as amended.'' 30.32(j).................... The following The deletions are phrases are made to simplify deleted: ``in the original quantities proposed rule text determined by the and make clear that Commission through applicants must order or regulation protect all SGI and to be significant SGI-M, not just to the public that contained in health and safety physical security or the common plans, security defense and procedures for security who emergencies, or prepares a physical guard qualification security plan, and training security procedures procedures. The for emergencies, or addition to the guard qualification text makes clear and training that not all procedures,'' and applicants for a ``the plans, part 30 license procedures, and would be subject to other related.'' physical security The phrase or information ``subject to the security requirements of requirements. part 73 of this chapter'' is added. 30.34(i).................... The following phrase This change conforms is deleted: this section with ``physical security the requirements of plans, security Sec. 30.32(j). procedures for emergencies, guard qualification and training procedures, and other related.'' The word ``are'' is changed to ``is.'' 40.31(m).................... A new first sentence This change is added: ``Each clarifies that applicant for a applicants for license for the licenses for the possession of production of source material at uranium a facility for the hexafluoride would production of be required to uranium protect security hexafluoride shall information as SGI protect Safeguards in accordance with Information against Sec. Sec. 73.21 unauthorized and 73.22. Other disclosure in source material accordance with the licensees must requirements in protect SGI and SGI- Sec. Sec. 73.21 M in accordance and 73.22 of this with Sec. Sec. chapter, as 73.21, 73.22, and applicable.'' A new 73.23, as second sentence is applicable. added: ``Each applicant for a license for source material subject to the requirements of part 73 of this chapter shall protect unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements in Sec. 73.22 or Sec. 73.23 of this chapter, as applicable.'' 40.41(h).................... The phrase The change corrects ``physical security a verb tense and plans, security also simplifies the procedures for text to make clear emergencies, guard that applicants qualification and would be required training to protect all SGI procedures, and and SGI-M not just other related'' is that contained in removed. The word physical security ``are'' is changed plans, security to ``is.'' procedures for emergencies, or guard qualification and training procedures. 50.34(e).................... The section is This change is made revised to read to simplify the ``Each applicant revised proposed for a license to rule text and make operate a clear that production or applicants would be utilization required to protect facility shall all SGI and SGI-M, protect Safeguards not just that Information against contained in unauthorized physical security disclosure in plans, security accordance with the procedures for requirements in emergencies, or Sec. 73.21 and guard qualification the requirements in and training Sec. 73.22 or procedures. Sec. 73.23 of this chapter, as applicable.'' [[Page 64036]] 50.54(v).................... The following phrase This change is to is deleted: conform with the ``Physical change in Sec. security, 50.34(e). safeguards contingency and guard qualification and training plans and other related.'' The word ``are'' is changed to ``is.'' 52.17(d).................... The addition of this This change is made section requires in concert with the applicants for change to Sec. early site permits Sec. 52.47 and under this part to 52.79 to require protect Safeguards applicants for Information against standard design unauthorized certifications and disclosure in combined licenses accordance with the to protect SGI from requirements in unauthorized Sec. Sec. 73.21 disclosure. and 73.22 of this chapter, as applicable. 60.21(d).................... The word ``as'' is This change is made deleted. The phrase to simplify the ``the detailed revised proposed security measures rule text and make for physical clear that protection of high- applicants would be level radioactive required to protect waste, including all SGI and SGI-M, the design for not just that physical contained in protection, the physical security, safeguards safeguards contingency plan, contingency, or the security guard qualification organization and training plans. personnel training The change also and qualification reflects that plan, and other applicants under related security Part 60 would be information'' is required to protect replaced with ``and classified shall protect information. classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.'' 60.42(d).................... The phrase ``the This change conforms detailed security this section to the measures for requirements of physical protection Sec. 60.21(d). of high-level radioactive waste, including the design for physical protection, the safeguards contingency plan, the security organization personnel training and qualification plan, and other related security information'' is replaced with ``Safeguards Information.'' A new sentence is added: ``The licensee shall ensure that classified information is protected in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.'' 63.21(d).................... A cross-reference to This change is made Sec. 73.23 is in concert with the added. The word change to part 60 ``as'' is deleted. to reflect The phrase ``the protection of the detailed security same type of measures for information for physical protection part 60 and part 63 of high-level applicants. radioactive waste, including the design for physical protection, the safeguards contingency plan, and the security organization personnel training and qualification plan, and other related Safeguards Information'' is replaced with ``as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.'' 63.42(e).................... A cross-reference to This change conforms Sec. 73.23 is this section to the added. The phrase requirements of ``the detailed Sec. 63.21(d). security measures for physical protection of high- level radioactive waste, including the design for physical protection, the safeguards contingency plan, and security organization personnel training and qualification plan, and other related'' is removed. The phrase ``and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable'' is added. 70.22(l).................... The section is This change is made revised to read to simplify the ``Each applicant rule text and make for a license shall clear that all SGI protect Safeguards and SGI-M would Information against have to be unauthorized protected, not just disclosure in that contained in accordance with the physical security, requirements in safeguards Sec. 73.21 and contingency, or the requirements of guard qualification Sec. 73.22 or and training plans. Sec. 73.23 of The change also this chapter, as reflects that applicable, and applicants under shall protect part 70 would be classified required to protect information in classified accordance with the information. requirements of parts 25 and 95 of this chapter, as applicable.'' 70.22(o).................... This paragraph is This paragraph is deleted. eliminated as it is no longer necessary in light of the change to Sec. 70.22(l). Sec. 70.32(j)............ The phrases ``a The deletions are formula quantity of made to simplify strategic'' and the revised ``physical proposed rule text security, and make clear that safeguards all SGI and SGI-M contingency, and would have to be guard qualification protected, not just and training plans SGI or SGI-M and other related'' contained in are deleted. The physical security, word ``are'' is safeguards changed to ``is.'' contingency, or The phrase ``and guard qualification shall protect and training plans. classified There is also a information in change to correct accordance with the verb tense. The requirements of deletions are made parts 25 and 95 of to simplify the this chapter, as revised proposed applicable'' is rule text and make added. clear that all SGI and SGI-M would have to be protected, not just SGI or SGI-M contained in physical security, safeguards contingency, or guard qualification and training plans. 70.32(l).................... The paragraph is This paragraph is deleted. eliminated as it is no longer necessary in light of the change to Sec. 70.32(j). 71.11....................... The phrase ``spent This change corrects fuel'' is changed a grammatical error to ``irradiated and makes the reactor fuel.'' The terminology word ``a'' is added consistent with before ``critical that used in 10 CFR mass.'' part 73. [[Page 64037]] 72.212(b)(5)(v)............. The phrase This change ``receives, recognizes that transfers, and generally licensed possesses power independent spent reactor spent fuel, fuel storage power reactor- installations are related Greater not authorized to than Class C (GTCC) transfer SNF waste, and other'' pursuant to Sec. is changed to 72.120, nor are ``receives and such facilities possesses power authorized to reactor spent fuel possess Greater and other.'' than Class C waste. 73.2........................ Definitions of the The term new terms ``background ``background check'' replaces check'' and the term ``quantities of ``comprehensive concern'' are background check'' added. The revised to more clearly proposed rule distinguish the states; background check ``Background check requirements for includes, at a access to SGI from minimum, a criminal other regulations history check, requiring a verification of ``background identify, investigation'' for employment history, other purposes (10 education, and CFR 73.56, personal ``Personnel access references. authorization Individuals engaged requirements for in activities nuclear power subject to plants). In regulation by the additional criminal Commission, history check, applicants for including licenses to engage fingerprinting, is in Commission- included as part of regulated the background activities, and check because the individuals who background check have notified the establishes the Commission in overall writing of an trustworthiness and intent to file an reliability of an application for individual for licensing, access to SGI. The certification, response to permitting, or comments on the approval of a definition of product or activity ``background subject to check'' contains regulation by the more details on Commission are this definition. required under Sec. 73.57 to conduct criminal history checks before granting access to Safeguards Information. A background check must be sufficient to support the trustworthiness and reliability determination so that the person performing the check and the Commission have assurance that granting individuals access to Safeguards Information does not constitute an unreasonable risk to the public health and safety or the common defense and security.'' The definition of The term ``quantities of ``quantities of concern'' reads: `` concern'' is being `Quantities of added to the Concern' means the revised proposed quantities of the rule because the radionuclides term now appears in meeting or new ``Appendix I to exceeding the part 73, Category 1 threshold limits and Category 2 set forth in Table Radioactive I-1 of Appendix I Materials, Table I- of this part.'' 1--Quantities of Concern Threshold Limits.'' As defined, the term would mean the quantities of the radionuclides meeting or exceeding the threshold limits set forth in the table. The revised proposed The definition of rule would amend the term ``need to definition of know'' is amended ``need to know'' to to make clear that read: `` `Need to the term applies to know' means a licensees, determination by a applicants, person having certificate responsibility for holders, and protecting participants in Safeguards adjudications. Information that a proposed recipient's access to Safeguards Information is necessary in the performance of official, contractual, licensee, applicant, or certificate holder employment.'' In an adjudication, The definition of ``need to know'' ``need to know'' means a has two parts to determination by add specificity to the originator of the definition. The the information first part defines that (a) the ``need to know'' information is determinations necessary to enable outside of the proposed adjudications. The recipient to second part defines proffer and/or ``need to know'' adjudicate a determinations in specific contention the context of in that proceeding, adjudications. and (b) the proposed recipient of the specific Safeguards Information possesses demonstrable knowledge, skill, training, or education to effectively utilize the specific Safeguards Information in the proceeding. Where the information is in the possession of the originator and the NRC staff (dual possession), whether in its original form or incorporated into another document by the recipient, the NRC staff makes the determination. In the event of a dispute regarding ``need to know'' determination, the presiding officer of the proceeding makes the determination. 73.2 Cont................... The definition of The definition of ``Safeguards ``SGI'' is changed Information'' is in order to provide amended to add the clarification that phrases SGI is information ``licensee's or that identifies a applicant's,'' ``licensee's or ``the physical applicant's'' protection of,'' detailed control and ``within the and accounting scope of Section procedures for the 147 of the Atomic physical protection Energy Act of 1954, of special nuclear as amended,'' to material and change the phrase includes only ``radiological information sabotage'' to ``within the scope ``sabotage,'' and of Section 147 of to remove the word the Atomic Energy ``otherwise.'' Act of 1954, as amended. The definition of The definition of ``trustworthiness ``trustworthiness and reliability'' and reliability'' has been revised by is changed in deleting the response to original proposed comments that it definition and was not substituting sufficiently clear. ``Trustworthiness and reliability are characteristics of an individual considered dependable in judgment, character, and performance, such that disclosure of Safeguards Information to that individual does not constitute an unreasonable risk to the public health and safety or common defense and security.'' [[Page 64038]] 73.8(b)..................... Section (b) is This paragraph is updated to read: updated to include ``The approved all of the approved information information collection collection requirements requirements contained in this contained in part part appear in Sec. 73. Sec. 73.5, 73.20, 73.21, 73.22, 73.23, 73.24, 73.25, 73.26, 73.27, 73.37, 73.40, 73.45, 73.46, 73.50, 73.55, 73.56, 73,57, 73.60, 73.67, 73.70, 73.71, 73.72, 73.73, 73.74, and appendices B, C, and G.'' 73.21(a)(1)(i).............. This paragraph is This paragraph is reorganized and changed in response edited to read: to comments to more ``Establish, clearly set out implement, and which facilities, maintain an materials, and information licensees are protection system subject to the that includes the requirements of applicable measures Sec. 73.22. The for Safeguards paragraph is Information reorganized for specified in Sec. clarity. 73.22 related to: Power reactors; a formula quantity of strategic special nuclear material; transportation of or delivery to a carrier for transportation of a formula quantity of strategic special nuclear material or more than 100 grams of irradiated reactor fuel; uranium hexafluoride production facilities; fuel fabrication facilities; uranium enrichment facilities; independent spent fuel storage installations; and geologic repository operations areas.'' 73.21(a)(1)(ii)............. This paragraph is This subsection is reorganized and changed in response edited to read: to comments to more ``Establish, clearly set out implement, and which facilities, maintain an materials, and information licensees are protection system subject to the that includes the requirements of applicable measures Sec. 73.23. The for Safeguards paragraph is Information reorganized for specified in Sec. clarity. This 73.23 related to: paragraph has been Panoramic and drafted to be underwater consistent with irradiators that orders previously possess greater issued by the than 370 TBq Commission, e.g., (10,000 Ci) of Panoramic and byproduct material Underwater in the form of Irradiator Security sealed sources; Orders, RAMQC manufacturers and Transportation distributors of Orders, items containing Manufacturer and source, byproduct, Distributor or special nuclear Security Orders, material in greater Increased Controls than or equal to Orders. Category 2 quantities of concern; research and test reactors that possess special nuclear material of moderate strategic significance or special nuclear material of low strategic significance; and transportation of greater than or equal to Category 2 quantities of concern.'' 73.21(a)(2)................. The word ``Federal'' In response to a is added to the comment, this list of law paragraph is enforcement amended to provide officials and the that information cross reference is protection changed from ``Sec. procedures used by 73.21(a)(i)'' to Federal police are ``Sec. presumed to meet 73.21(a)(1).'' The the general word ``deemed'' is performance changed to requirement of Sec. ``presumed.'' 73.21(a)(1). The word ``deemed'' is changed to ``presumed'' to be consistent with Sec. 73.21(b)(1), which preserves the Commission's authority to impose different SGI handling requirements on any person who produces, receives, or acquires SGI. The cross-reference to Sec. 73.21(a)(i) is changed to Sec. 73.21(a)(1) to correct a typographical error. 73.21(b)(1)................. The phrase This change ``Safeguards clarifies that the Information Commission may handling impose information requirements'' is protection changed to requirements ``Safeguards different from or Information in addition to protection those specified in requirements.'' The part 73 on any phrase ``or in person who addition to'' is produces, receives, added. The cross- or acquires SGI, reference to Sec. provided the Sec. 73.21(a)(1) Commission's action and (2) are deleted is within the scope and reference to of its authority ``this part'' is under Section 147 substituted. of the Atomic Energy Act of 1954, as amended. 73.21(b)(2)................. A new section is This paragraph is added: ``The added to indicate Commission may that the Commission require, by may impose the regulation or requirements of order, that part 73 on information within facilities or the scope of materials not Section 147 of the specifically Atomic Energy Act described in Sec. of 1954, as amended Sec. 73.21, related to 73.22, or 73.23, facilities or provided the materials not Commission's action specifically is within the scope described in Sec. of Section 147 of Sec. 73.21, 73.22 the Atomic Energy or 73.23 be Act of 1954, as protected under amended. this part.'' 73.22....................... The phrase The introductory ``licensees text to Sec. authorized to 73.22 is changed to possess'' is conform with the deleted. The phrase changes in Sec. ``and fuel cycle 73.21(a)(1)(i). The facilities'' is change specifically deleted and identifies which replaced with fuel cycle ``uranium facilities are hexafluoride subject to the production requirements of facilities, fuel Sec. 73.22. fabrication facilities, and uranium enrichment facilities; independent spent fuel storage installations; and geologic repository operations areas.'' 73.22(a).................... The phrase ``non- The first change public'' is added. clarifies that only The phrase non-public security- ``protective related measures, interim requirements are to compensatory be protected as measures, SGI. The second additional security change more closely measures, and the tracks the current following as rule language in applicable'' is Sec. 73.21(b)(1). deleted. 73.22(a)(1)................. The section is References to revised to read specific licensees ``Information not are eliminated. The classified as original proposed Restricted Data or rule language National Security inappropriately Information related limited the scope to physical of the section. The protection, revision clarifies including: '' the scope of the revised proposed rule and simplifies the rule text. [[Page 64039]] 73.22(a)(1)(i).............. The phrase ``All This paragraph, portions of'' is which, as deleted. originally proposed, would have protected ``all portions'' of a composite physical security plan for a site, is amended in response to comments that such plans may contain a mix of safeguards and non- SGI. The NRC acknowledges that there may be some non-SGI in various licensee security plans and accordingly has deleted the phrase ``all portions'' in the revised proposed rule text. 73.22(a)(1)(ii)............. The phrase ``not The phrase ``not easily discernible easily discernible by members of the to members of the public'' is added. public'' is added to reflect that aspects of a licensee's or applicant's physical security system that can be readily observed by members of the public are not necessarily considered SGI. 73.22(a)(1)(iii)............ The phrases ``for The phrase ``for security security equipment'' and equipment'' is ``not easily added in response discernible by to comments members of the requesting public'' are added. clarification of which emergency power sources are referred to in the rule. The phrase ``not easily discernible to members of the public'' is added to reflect that aspects of a licensee's or applicant's alarm system layouts that can be readily observed by members of the public are not necessarily considered SGI. 73.22(a)(1)(iv)............. The phrase ``Written This paragraph, physical security which, as orders and originally procedures for proposed, covered members of the only written security physical security organization, orders and duress codes, and procedures, is patrol schedules'' amended so that it is revised to read would not be ``Physical security limited to written orders and security orders and procedures issued procedures. The by the licensee for paragraph is also members of the changed to clarify security that it would apply organization to physical detailing duress security orders and codes, patrol procedures written routes and by the licensee. In schedules, or addition, the responses to revised proposed security rule replaces contingency ``patrol routes'' events''; with ``patrol routes and schedules.'' The phrase ``safeguards or security emergencies'' is changed to ``security contingency events'' to emphasize that the requirement is security-related, and to maintain consistency with other regulatory provisions. 73.22(a)(1)(v).............. The phrase ``On-site This paragraph, and off-site which, as communications originally systems in regard proposed, would to their use for have protected security purposes'' ``[o]n-site and off- is revised to read site communications ``Site-specific systems in regard design features of to their use for plant security security communications purposes,'' is systems.'' amended in the revised proposed rule to read ``[s]ite-specific design features of plant security communications systems,'' in response to a comment that licensees cannot and should not control information describing off-site communications systems. The revised proposed rule would require protection only of information regarding on-site communications systems. 73.22(a)(1)(vii)............ The phrase This change uses ``physical security broader language so plans, safeguards that SGI protection contingency plans'' is not limited to is changed to formal security ``security plans, plans or contingency contingency plans. measures.'' Not all licensees will have formally designated plans. The goal is to protect information about the physical security system and security procedures, whether or not they are contained in a single written plan. 73.22(a)(1)(viii)........... The phrase ``All This paragraph, portions of'' is which, as proposed, deleted. The phrase would have ``safeguards protected ``all contingency plan'' portions'' of a is changed to composite ``safeguards safeguards contingency plan/ contingency plan, measures.'' is amended in response to comments that such plans may contain a mix of safeguards and non-SGI. The NRC acknowledges that there may be some non-SGI in various licensee security plans and accordingly deleted the phrase ``all potions.'' The revision also protects information about contingency measures not contained in a formal contingency plan. 73.22(a)(1)(ix)............. The phrase ``All This paragraph, portions of'' is which, as deleted. The phrase originally ``guard proposed, would qualification and have protected training plan'' is ``all portions'' of changed to ``guard a composite guard qualification and qualification and training plan/ training plan, is measures.'' amended in response to comments that such plans may contain a mix of safeguards and non- SGI. The NRC acknowledges that there may be some non-SGI in various licensee security plans and accordingly deleted the phrase ``all portions.'' The revised proposed rule would also protect information about guard training not contained in a formal training and qualification plan. [[Page 64040]] 73.22(a)(1)(x).............. The phrase This paragraph is ``Information reworded slightly concerning onsite for clarification. or offsite response The phrase forces, including ``safeguards or size, identity, security armament, and emergencies'' is arrival times of changed to such forces ``security committed to contingency respond to security events'' to emergencies'' is emphasize that the revised to read requirement is ``Information security-related, relating to onsite and to maintain or offsite response consistency with forces, including other regulatory size, armament of provisions. response forces, and arrival times of such forces committed to respond to security contingency events;'' 73.22(a)(1)(xi)............. The phrase ``The As originally elements and proposed, this characteristics of section referred the Design Basis generically to Threat in a level ``information that of detail greater would disclose the than as specified details of the in Sec. 73.1 or Design Basis other information Threat.'' The that would disclose section has been the Design Basis reworded to Threat, including explicitly identify the tactics and the information capabilities that would be required to defend protected under the against that revised proposed threat'' is revised rule. The Design to read: ``The Basis Threat is set Adversary out in its entirety Characteristics in Sec. 73.1. The Document or other information implementing protected is the guidance associated Adversary with the Design Characteristics Basis Threat in Document and other Sec. 73.1;'' Design Basis Threat implementing guidance, which contain detailed descriptions of the operational and tactical capabilities of the hypothetical adversary force more generally described in the Design Basis Threat rule. 73.22(a)(1)(xii)............ The phrase ``related This paragraph is to the physical revised in response protection'' at the to comments that beginning of the the section was too original proposed broadly-worded as rule text is proposed. The changed to revision clarifies ``revealing site- that the analyses, specific details.'' procedures, The phrase scenarios, and ``unauthorized other information disclosure of such described in this information'' is section are changed to considered SGI only ``unauthorized if they reveal disclosure of such ``site-specific analyses, details'' about the procedures, physical protection scenarios, or other of the facility or information.'' In source, byproduct, addition, the or special nuclear phrase ``emergency material. The planning'' is substitution of deleted and is ``security- replaced with related'' for ``security- ``emergency related.'' The planning'' is made phrase ``material to clarify that or a facility'' at emergency the end of the preparedness plans original proposed should remain rule text is publicly available, changed to unless a specific ``source, emergency byproduct, or preparedness special nuclear procedure contains material.'' information which could potentially need to be protected as SGI. 73.22(a)(1)(xiii)........... This paragraph is This paragraph is deleted. deleted as unnecessary. The information this section would have protected is protected under Sec. 73.22(a)(1)(xi). 73.22(a)(2)................. The word The words ``otherwise'' and ``protection of'' the phrase are deleted to ``protection of'' correct a are deleted. grammatical error in the original proposed rule. The word ``otherwise'' is deleted to simplify the revised proposed rule text. 73.22(a)(2)(i).............. The phrase ``All This paragraph, portions of the which, as proposed, composite would have transportation protected ``all physical security portions'' of a plan'' is changed composite physical to ``The composite security plan for physical security transportation, is plan for amended in response transportation;'' to comments that such plans may contain a mix of SGI and non-SGI. The NRC acknowledges that there may be some non-SGI in various licensee security plans and accordingly deleted the phrase ``all portions.'' 73.22(a)(2)(ii)............. The section is This section has revised to read been changed to ``Schedules and more closely track itineraries for the relevant specific shipments statutory language of source material, in Section 147 of byproduct material, the AEA, and to high-level nuclear reflect the NRC's waste, or practice of irradiated reactor decontrolling fuel. Schedules for shipment schedules shipments of source and itineraries material, byproduct after completion of material, high- the shipment. level nuclear waste, or irradiated reactor fuel are no longer controlled as Safeguards Information 10 days after the last shipment of a current series''; 73.22(a)(2)(vi)............. The phrase This paragraph is ``safeguards or reworded slightly security for clarification. emergencies'' is The phrase changed to ``safeguards or ``security security contingency emergencies'' is events.'' changed to ``security contingency events'' to emphasize that the requirement is security-related, and to maintain consistency with other regulatory provisions. 73.22(a)(2)(vii)............ The phrase The word ``radiological ``radiological'' is sabotage'' is deleted because the changed to definition of SGI ``sabotage.'' The relates broadly to phrase ``irradiated sabotage, not only reactor fuel'' is ``radiological added. sabotage.'' The addition of ``irradiated reactor fuel'' makes the terminology of this paragraph consistent with that used elsewhere in 10 CFR part 73. 73.22(a)(2)(viii)........... The phrase ``and This paragraph is other information'' revised in response is added. The to comments that phrase the section was too ``unauthorized broadly worded as disclosure of such proposed. The information'' is revision clarifies changed to that the analyses, ``unauthorized procedures, disclosure of such scenarios, and analyses, other information procedures, described in this scenarios, or other section are information.'' The considered SGI only phrase ``such if they reveal site- material'' at the specific details end of the original about the physical proposed rule text protection of the is changed to facility or source, ``source, byproduct, or byproduct, or special nuclear special nuclear material. material.'' [[Page 64041]] 73.22(a)(3)................. The section is References to revised to read specific licensees ``Information not are eliminated. The classified as original proposed National Security rule language Information or inappropriately Restricted Data limited the scope pertaining to of the section. The safeguards and revisions clarify security the scope of the inspections and revised proposed reports, rule and simplify including:'' the rule text. 73.22(a)(3)(ii)............. The phrase ``after This paragraph is the investigation changed to reflect has been that NRC will completed'' is release general changed to ``after investigation corrective actions reports after have been corrective action completed.'' has been taken, unless the information is properly withheld under the Freedom of Information Act. Reports of investigation will not be released before corrective action is taken because the reports could be used to exploit security deficiencies. 73.22(a)(4)................. The word This paragraph is ``paragraph'' is changed to correct changed to a grammatical ``section.'' The error. words ``as defined'' are changed to ``as set forth.'' 73.22(a)(5)................. The phrase ``Other This paragraph is information'' is changed in response changed to ``Other to comments that it information within was too broadly- the scope of worded as proposed. Section 147 of the The change makes Atomic Energy Act clear that the of 1954, as Commission retains amended.'' The the authority to phrase ``material issue further or a facility'' at orders or the end of the regulations original proposed requiring the rule text is protection of changed to categories of ``source, information not byproduct, or described in the special nuclear regulations, material or a provided the facility.'' information still falls within the cope of Section 147 of the Atomic Energy Act of 1954, as amended. 73.22(b).................... This paragraph has The structure of been revised and this paragraph has reorganized in the been revised for revised proposed clarification. rule for clarity. These revisions are However, the intended to make conditions of clear that no one access to SGI-- would have access established need to to SGI without know, FBI criminal first establishing history check, and a ``need to know''. background check to They are intended determine to make clear that trustworthiness and unless an reliability--have individual is not changed. The exempt by virtue of background check to his or her determine occupational status trustworthiness and all individuals reliability would be required contained in Sec. to undergo an FBI 73.22(b)(1)(i)(A) criminal history of the original check and a proposed rule is in background check to Sec. 73.22(b)(2) determine of the revised trustworthiness and proposed rule. The reliability before exemptions from obtaining access to criminal history SGI. and background checks contained in Sec. 73.22(b)(1)(i)-(vi) are cross- referenced in Sec. 73.22(b)(3) of revised proposed rule. The specific exemptions are listed in Sec. 73.59. 73.22(b)(1)................. This section has This paragraph has been revised and been revised to simplified. It now require an reads in its established ``need entirety: ``Except to know'' and an as the Commission FBI criminal may otherwise history check authorize, no before access to person may have SGI. There would be access to no exception to the Safeguards `need to know' Information unless requirement. All the person has an exemptions to the established ``need FBI criminal to know'' for the history and information and has background check undergone a Federal requirements are Bureau of now contained in Investigation Sec. criminal history 73.22(b)(3)(i)-(vii check using the ). procedures set forth in Sec. 73.57.'' 73.22(b)(2)................. This section now The paragraph has reads: ``In been revised to addition, a person clarify that to be granted individuals are access to SGI must subject to a be trustworthy and background check reliable, based on before they must be a background check granted access to or other means SGI. The approved by the determination that Commission.'' an individual is trustworthy and reliable would be based upon a background check. The background check for trustworthiness and reliability would be in addition the FBI criminal history check. The term ``background check'' is defined in Sec. 73.2. 73.22(b)(3)................. This section This paragraph provides that Sec. provides that Sec. 73.59 lists the 73.59 lists the categories of categories of individuals who are individuals who exempt from the would be exempt requirements of from a FBI criminal Sec. 73.22(b)(1) history check & (2) by virtue of requirement in Sec. their occupational 73.22(b)(1) and status. the background check to determine trustworthiness and reliability requirements in Sec. 73.22(b)(2) by virtue of their occupation status. These individuals are not exempt from the ``need to know'' requirement. 73.22(b)(4)................. This section has This paragraph was been added. It added to clarify reads: ``For when the need to persons know determination participating in an would be made and NRC adjudicatory who would determine proceeding other whether a than those participant in an identified in Sec. NRC adjudicatory 73.9, the ``need proceeding has a to know'' ``need to know.'' determination shall be made by the originator of the Safeguards Information upon receipt of a request for access to the Safeguards Information. Where the information is in the possession of the originator and the NRC staff (dual possession), whether in its original form or incorporated into another document by the recipient, the NRC staff makes the determination. In the event of a dispute regarding the ``need to know'' determination, the presiding officer of the proceeding shall determine whether the ``need to know'' findings in Sec. 73.2 can be made.'' [[Page 64042]] 73.22(b)(5)................. This paragraph was The change of the Sec. 73.22(b)(3) phrase ``as set in the original forth in paragraph proposed rule. The (b)(1)'' to ``as phrase ``except as set in this set forth in section'' results paragraph (b)(1)'' from the has been deleted restructuring of and replaced with Sec. 73.22(b). ``except as set forth in this section.'' 73.22(c)(1 The phrase This paragraph is ). ``Safeguards revised to make Information within clear that SGI alarm stations, could be left continuously manned outside of a locked guard posts or security storage ready rooms need container if not be locked in a attended by locked security individuals storage container'' authorized access is changed to to SGI. The ``Safeguards original proposed Information within rule could have alarm stations, or been interpreted to rooms continuously allow unauthorized occupied by persons access to authorized SGI. individuals need not be stored in a locked security storage container.'' 73.22(c)(2)................. The phrase ``so as The word to prevent ``unauthorized'' is disclosure to an removed because it unauthorized was redundant. The individual not word ``shall'' is authorized access replacing ``may'' to Safeguards because it is a Information'' is requirement that changed to ``so as locked security to prevent storage containers disclosure to an do not identify individual not contents as SGI. authorized access to Safeguards Information.'' The word ``may'' is changed to ``shall.'' 73.22(d)(1)................. The phrase ``must be This paragraph is marked `Safeguards revised in response Information' '' is to comments that changed to ``must the proposed be marked to document-marking indicate the language was too presence of such prescriptive. The information.'' The changes are phrase ``to intended to allow indicate the more flexibility in presence of document marking. protected The change from information'' is ``each'' to ``the'' deleted from the is to conform this end of the first paragraph with Sec. sentence. The word 73.23(d)(1). ``each'' in the last sentence is changed to ``the.'' 73.22(d)(1)(iii)............ The word ``would'' The word ``would'' is changed to is changed to ``will''. ``will.'' 73.22(d)(2)................. The phrase ``In This paragraph is addition to the revised in response `Safeguards to comments that Information' the proposed markings'' is language was too changed to ``In prescriptive. The addition to the changes are markings.'' The intended to allow phrase more flexibility in ``transmittal document marking. letters or memoranda'' is changed to ``any transmittal letters or memoranda to or from the NRC,'' and ``e.g.'' is changed to ``i.e.'' 73.22(d)(3)................. The phrase ``Portion This paragraph is marking of revised in response documents or other to comments seeking information is clarification of required for which documents correspondence to require portion and from the NRC'' marking. The intent is changed to of the revised ``Portion marking section is to is required only require portion for correspondence marking only for to and from the NRC cover letters and (i.e., cover similar documents letters, but not that transmit attachments) that correspondence to contains Safeguards or from the NRC. Information.'' The Attachments to the word transmittal ``transmittal'' is document do not added before need to be portion ``document.'' marked. This requirement would enable the NRC to better identify some of its security-related regulatory activities to the public because it will be administratively easier to redact and disclose portion-marked transmittal documents. 73.22(d)(4)................. This paragraph as This paragraph is proposed is deleted deleted from the and substituted revised proposed with a revision of rule in response to the proposed Sec. comments opposing 73.22(d)(5). The the requirement to revised proposed re-mark SGI that rule Sec. existed before the 73.22(d)(4) reads effective date of a ``Marking of final rule. documents containing or transmitting Safeguards Information shall, at a minimum include the words `Safeguards Information' to ensure identification of protected information for the protection of facilities and material covered by 10 CFR 73.22.'' 73.22(d)(5)................. The proposed The paragraph is paragraph was reworded and revised and moved renumbered as Sec. to Sec. 73.22(d)(4) in the 73.22(d)(4). revised proposed rule. The revision requires that future document markings include the words ``Safeguards Information'' ensure easy identification and a level of consistency among those required to mark such information. 73.22(e).................... The phrase ``If This paragraph is Safeguards revised to provide Information is more general reproduced on a instructions on digital copier that reproduction of would retain SGI. The original Safeguards proposed rule Information in its limited the memory, then the instructions to copier may not be digital copiers. connected to a The revision network'' is applies a changed to performance-based ``Equipment used to standard to any reproduce equipment used to Safeguards reproduce SGI. Information must be evaluated to ensure that unauthorized individuals cannot access Safeguards Information (e.g., unauthorized individuals cannot access SGI by gaining access to retained memory or network connectivity).'' 73.22(f)(2)................. The phrase This paragraph is ``nationwide revised so that overnight'' is commercial delivery deleted. companies transporting SGI do not have to provide nationwide overnight service. SGI may be transported by trusted, local carriers, so long as the carrier has computer tracking capabilities. [[Page 64043]] 73.22(f)(3)................. This paragraph has The paragraph has been revised to been revised and read: ``Except updated to more under emergency or accurately reflect extraordinary information conditions, security Safeguards requirements. Information shall be transmitted outside an authorized place of use or storage only by (a) NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or (b) electronic mail through the internet, provided that (i) the information is encrypted by the NRC-approved encryption modules and algorithms; (ii) the information is produced by a self contained secure automatic data process system; and (iii) transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission. Physical security events required to be reported pursuant to Sec. 73.71 are considered to be extraordinary conditions.'' 73.22(g)(1)................. The word ``may'' is The phrase ``shall changed to be'' is replacing ``shall'' in the ``may be'' to third sentence. clarify that stand- alone computers or computer systems are required not to be physically or in any other way connected to a network accessible by users who are not authorized access to SGI. 73.22(g)(3)................. The word The word ``automated'' is ``automated'' deleted. unnecessarily appeared in the original proposed rule and has been deleted. 73.22(i).................... The phrase ``tearing This paragraph is into small pieces'' revised to is deleted from the eliminate redundant second sentence. language and to The third sentence clarify that is change from document ``Piece sizes one destruction results half inch or in piece sizes no smaller composed of wider than one- several pages or quarter inch, documents and thoroughly mixed. thoroughly mixed Changing the word would be considered ``must'' to completely ``shall'' conforms destroyed'' to this paragraph with ``Piece sizes no Sec. 73.23(i). wider than one quarter inch composed of several pages or documents and thoroughly mixed are considered completely destroyed.'' The word ``must'' is changed to ``shall.'' 73.23....................... The first sentence This section is is deleted and changed in response replaced with to comments ``This section requesting that the contains specific rule more clearly requirements for set out which the protection of facilities, Safeguards materials, and Information related licensees and to panoramic and subject to the underwater requirements of irradiators that Sec. 73.23. It possess greater has been drafted to than 370 TBq be consistent with (10,000 Ci) of orders previously byproduct material issued by the in the form of Commission, e.g., sealed sources; Panoramic and manufactures and Underwear distributors of Irradiator Security items containing Orders, RAMQC source, byproduct, Transportation or special nuclear Orders, material in greater Manufacturer and than or equal to Distributor Orders, Category 2 Increased Control quantities of Orders. The word concern; ``handling'' is transportation of used to conform the more than 1000 TBq sentence with the (27,000 Ci) but paragraph. less than or equal to 100 grams of spent nuclear fuel; research and test reactors that possess special nuclear material of moderate strategic significance or special nuclear material of low strategic significance; and transportation of greater than or equal to Category 2 quantities of concern.'' In the second sentence, the word ``protection'' is replaced by ``handling.'' 73.23(a).................... The phrase ``non- The words ``non- public'' is added. public'' are added The phrase for clarification. ``Safeguards The phrase Information'' is ``Safeguards changed to Information'' is ``Safeguards changed to Information ``Safeguards designated as Information Safeguards designated as Information- Safeguards Modified Information- Handling.'' Modified Handling'' to better distinguish SGI-M, needing modified protection, from SGI for reactors and fuel cycle facilities that require a higher level of protection. 73.23(a)(1)................. This section is References to revised to read specific licensees ``Information not are eliminated. The classified as original proposed Restricted Data or rule language National Security improperly limited Information related the scope of the to physical section. The protection, revision clarify including:'' the scope of the revised proposed rule and simplify the rule text. 73.23(a)(1)(i).............. The phrase ``All This paragraph, portions of'' is which, as deleted. originally proposed, would have protected ``all portions'' of a composite physical security plan, is amended in response to comments that such plans may contain a mix of SGI and non- SGI. The NRC acknowledges that there may be some non-SGI in various licensee security plans and accordingly deleted the phrase ``all portions'' in the revised proposed rule. 73.23(a)(1)(ii)............. The phrase ``not The phrase ``not easily discernible easily discernible by members of the to members of the public'' is added. public'' is added to reflect that aspects of a licensee's or applicant's alarm system layouts that can be readily observed by members of the public are not necessarily considered SGI. [[Page 64044]] 73.23(a)(1)(iii)............ The phrases ``for The phrase ``for security security equipment'' and equipment'' is ``not easily added in response discernible by to comments members of the requesting public'' are added. clarification of which emergency power sources are referred to in the rule. The phrase ``not easily discernible to members of the public'' is added to reflect that aspects of a licensee's or applicant's alarm system layouts that can be readily observed by members of the public would not necessarily be considered SGI. 73.23(a)(1)(iv)............. The phrase ``Written This paragraph is physical security revised to clarify orders and that it applies to procedures for orders and members of the procedures issued security by the licensee organization, regarding certain duress codes, and security patrol schedules'' activities. is revised to read ``Physical security orders and procedures issued by the licensee for members of the security organization detailing duress codes, patrol routes and schedules, or responses to security contingency events''; 73.23(a)(1)(v).............. The phrase ``On-site This paragraph is and off-site revised in response communications to comments that systems in regard the original to their use for proposed rule was security purposes'' overly broad. This is revised to read paragraph now ``Site-specific requires protection design features of of site-specific plant security design features of communications facility systems''; communications systems. 73.23(a)(1)(vii)............ The words ``The This paragraph is composite'' are revised to more added at the closely track the beginning of the language in Sec. section. The phrase 73.22(a)(1)(ix). ``guard Also, the revision qualification and protects training information about procedures'' is guard training not changed to ``guard contained in a qualification and formal training and training plan/ qualification plan. measures.'' 73.23(a)(1)(ix)............. The phrase The paragraph is ``Information reworded slightly concerning offsite for clarification. response forces, The phrase including size, ``safeguards or identity, armament, security and arrival times emergencies'' is of such forces changed to committed to ``security respond to contingency safeguards or events'' to security emphasize that the emergencies'' is requirement is revised to read security-related, ``Information and to maintain relating to onsite consistency with or offsite response other regulatory forces, including provisions. size, armament of response forces, and arrival times of such forces committed to respond to security contingency events; and'' 73.23(a)(1)(x).............. The phrase ``related This paragraph is to the physical revised in response protection of'' at to comments that the beginning of the section was too the original broadly worded as proposed rule text proposed. The is changed to revision clarifies ``revealing site- that the analyses, specific details procedures, of.'' The phrase scenarios, and ``unauthorized other information disclosure of such described in this information'' is section are changed to considered SGI only ``unauthorized if they reveal disclosure of such ``site-specific analyses, details'' about the procedures, physical protection scenarios, and of the facility or information.'' In source, byproduct, addition, the or special nuclear phrase ``emergency material''. The planning'' is substitution of deleted and is ``security- replaced with related'' for ``security- ``emergency related.'' The planning'' is made phrase ``material to clarify that or a facility'' at emergency the end of the preparedness plans original proposed should remain rule text is publicly available, changed to unless a specific ``source, emergency byproduct, or preparedness special nuclear procedure contains material''. information which could potentially need to be protected as SGI. 73.23(a)(2)................. This section is The language is revised to read revised to more ``Information not precisely define classified as which types of Restricted Data or information would National be protected under Information related the revised to the physical proposed rule. The protection of word ``otherwise'' shipments of more is removed to than 1000 Tbq simplify the (27,000 Ci) but revised proposed less than or equal rule text. to 100 grams of spent nuclear fuel, source material and byproduct material in Category 2 quantities of concern, and special nuclear material in less than a formula quantity (except for those materials covered under Sec. 73.22), including:'' 73.23(a)(2)(i).............. The phrase This paragraph is ``security features revised so that it of a transportation more accurately physical security describes the type plan'' is changed of information that to ``transportation would be protected. security measures, The original including physical proposed rule would security plans and have required procedures, protection of a immobilization ``transportation devices, and escort physical security requirements, more plan,'' but not all detailed than NRC licensees subject regulations.'' The to this section phrase ``Scheduling will have such a and itinerary plan. The revised information may be language is broader shared with others and would cover on a ``need to ``information know'' basis and is regarding not designated as transportation Safeguards security measures, Information- including physical Modified Handling'' security plans and has been deleted procedures * * *'' from this paragraph of the revised proposed rule. [[Page 64045]] 73.23(a)(2)(ii)............. The text that This paragraph has appeared in this been added to paragraph of the include protection original proposed of information rule is renumbered associated with to Sec. transportation of 73.23(a)(2)(iii). radioactive In its place, the materials in following paragraph greater than or has been added: equal to Category 1 ``Scheduling and quantities of itinerary concern. information for shipments (scheduling and itinerary information for shipments that are inherently self- disclosing may be decontrolled after shipment departure. Scheduling and itinerary information for shipments that are not inherently self- disclosing may be decontrolled 2 days after the shipment is completed. Scheduling and itinerary information used for the purpose of preplanning, coordination, and advance notification may be shared with others on a ``need to know'' basis and need not be designated Safeguards Information- Modified Handling);'' 73.23(a)(2)(iii)............ Due to renumbering, This paragraph was this paragraph now renumbered from reads: (ii) to (iii). ``Arrangements with and capabilities of local police response forces, and locations of safe havens;'' The paragraph reading: ``Limitations of communications during transport,'' which appeared in this paragraph of the original proposed rule has been deleted. 73.23(a)(2)(iv)............. In the revised This paragraph has proposed rule this been added to paragraph reads: include protection ``Details of alarm of information and communication associated with the systems, transportation of communication radioactive procedures, and material in greater duress codes;'' than or equal to Category 1 quantities of concern. 73.23(a)(2)(v).............. The phrase This paragraph, ``safeguards or which as (iv) in security the original emergencies'' is proposed rule, is changed to reworded slightly ``security for clarification contingency events; in the revised and'' proposed rule. The phrase ``safeguards or security emergencies'' is changed to ``security contingency events'' to emphasize that the requirement is security-related, and to maintain consistency with other regulatory provisions. 73.23(a)(2)(vi)............. The phrase This paragraph is ``emergency revised in response planning'' is to comments that deleted and is the section was too replaced with broadly worded as ``security- proposed. The related.'' The revision clarifies phrase ``and other that the analyses, information'' is procedures, added after scenarios, and ``security-related other information procedures or described in this scenarios.'' The section are phrase considered SGI only ``unauthorized if they reveal disclosure of such ``site-specific information'' is details'' about the changed to physical protection ``unauthorized of the facility or disclosure of such source, byproduct, analyses, or special nuclear procedures, material. The scenarios, or other substitution of information.'' The ``security- phrase ``sabotage related'' for of such material'' ``emergency at the end of the planning'' is made original proposed to clarify that rule text is emergency changed to preparedness plans ``sabotage of should remain source, byproduct, publicly available, or special nuclear unless a specific material.'' emergency preparedness procedure contains information which could potentially need to be protected as SGI. 73.23(a)(3)................. The phrase This paragraph is ``relating to revised to more inspections and precisely define reports'' is its scope, simplify changed to the revised ``pertaining to proposed rule text, safeguards and and to be security consistent with inspections and Sec. 73.22(a)(2). reports.'' The words ``such as'' are changed to ``including,'' and the word ``otherwise'' is deleted. 73.23(a)(3)(ii)............. The phrase ``after This paragraph is the investigation changed to reflect has been that NRC would completed'' is release general changed to ``after investigation corrective actions reports after have been corrective action completed.'' has been taken, unless the information is properly withheld under the Freedom of Information Act. Reports of investigation would not be released before corrective action is taken because the reports could be used to exploit security deficiencies. 73.23(a)(4)................. The phrase The phrase ``Safeguards ``Safeguards Information'' is Information'' is changed to changed to ``Safeguards ``Safeguards Information--Modifi Information--Modifi ed Handling.'' The ed Handling'' to word ``defined'' is better distinguish changed to ``set between these forth.'' levels of safeguards information, which require different marking, storage, and handling requirements. 73.23(a)(5)................. The phrase ``Other This paragraph is information'' is changed in response changed to ``Other to comments that it information within was too broadly- the scope of worded as proposed. Section 147 of the The change makes Atomic Energy Act clear that the of 1954, as Commission retains amended.'' The the authority to phrase ``material issue further or a facility'' at orders or the end of the regulations original proposed requiring the rule text is protection of changed to categories of ``source, information not byproduct, or described in the special nuclear regulations, material or a provided the facility.'' information still falls within the scope of Section 147 of the Atomic Energy Act of 1954, as amended. [[Page 64046]] 73.23(b).................... This paragraph has This paragraph has been revised and been revised in the reorganized in the revised proposed revised proposed rule to implement rule. The revised Section 652 of the proposed rule adds Energy Policy Act the requirement of 2005, to clarify that before an the requirements individual may be for access to SGI- granted access to M, and to make the SGI-M the structure and individual must language this undergo an FBI section identical criminal history the structure and check. The FBI language of Sec. criminal history 73.22(b). Note that check is in pursuant to the addition to an Energy Policy Act established ``need of 2005, to know'' and a individuals to be background check granted access to for trustworthiness SGI-M would be and reliability. fingerprinted for purposes of an FBI criminal history check. 73.23(b)(1)................. The phrase The phrase ``Safeguards ``Safeguards Information'' is Information'' is changed to changed to ``Safeguards ``Safeguards Information--Modifi Information ed Handling.'' The designated as phrase ``a Safeguards determination of Information--Modifi trustworthiness and ed Handling'' to reliability'' is better distinguish changed to ``has between these undergone a Federal levels of Bureau of safeguards Investigation information, which criminal history require different check using the marking, storage, procedures set and handling forth in Sec. requirements. 73.57.'' Section The phrase ``and 73.23(b)(1) now undergo a Federal reads in its Bureau of entirety: ``Except Investigation as the Commission criminal history may otherwise check to the extent authorize, no required by 10 CFR person may have 73.57 before such access to access'' has been Safeguards added to this Information paragraph to designated as implement Section Safeguards 652 of the Energy Information--Modifi Policy Act 2005, ed Handling unless which amended the person has an Section 149 of the established ``need AEA. Under the to know'' for the revised proposed information and has rule, an FBI undergone a Federal criminal history Bureau of check, an Investigation established ``need criminal history to know'', and a check using the background check procedures set for trustworthiness forth in Sec. and reliability 73.57.'' would be required to access to SGI. 73.23(b)(2)................. This section now This paragraph has reads: ``In been revised to addition, a person clarify that to be granted individuals would access to SGI must subject to a be trustworthy and background check reliable, based on before they may be a background check granted access to or other means SGI. The approved by the determination that Commission.'' an individual is trustworthy and reliable is based upon a background check, or other means approved by the Commission. The requirement of a background check for trustworthiness and reliability is in addition to the FBI criminal history check requirement. The term ``background check'' is defined in Sec. 73.2. The requirement that individuals undergo a background check to determine their trustworthiness and reliability prior to access to SGI-M was in Sec. 73.23(b)(1)(i) of the original proposed rule. 73.23(b)(3)................. This section This paragraph is provides that Sec. revised to provide 73.59 lists the that Sec. 73.59 categories of lists the individuals exempt individuals who from the criminal would be exempt history and from the FBI background check criminal history requirements of check requirement Sec. in Sec. 73.23(b)(1)&(2) by 73.23(b)(1) and the virtue of their background check occupational for trustworthiness status. and reliability requirement in Sec. 73.23(b)(2) by virtue of their occupational status. 73.23(b)(4)................. The following This paragraph was paragraph has been added to clarify added: ``For when the ``need to persons know'' participating in an determination would NRC adjudicatory be made and who proceeding other would determine than those whether a specified in Sec. participant in an 73.59, the `need to NRC adjudicatory know' determination proceeding has a shall be made by ``need to know''. the originator of the Safeguards Information upon receipt of a request for access to the Safeguards Information. Where the information is in the possession of the originator and the NRC staff, whether in its original form or incorporated into another document by the recipient, the NRC staff shall make the determination. In the event of a dispute regarding the `need to know' determination, the presiding officer of the proceeding shall determine whether the `need to know' findings in Sec. 73.2 can be made.'' 73.23(b)(5)................. This paragraph was The change to this Sec. 73.23(b)(3) paragraph is the in the original results from the proposed rule. The restructuring of phrase ``except as Sec. 73.23(b). set forth in paragraph (b)(1)'' has been deleted and replaced with ``except as set forth in this section.'' 73.23(c)(1)................. The phrase This paragraph is ``Safeguards revised to make Information'' is clear that SGI can changed to be left outside of ``Safeguards a locked security Information storage container designated as if attended by Safeguards individuals Information-Modifed authorized access Handling.'' The to SGI. The phrase ``Safeguards original proposed Information within rule could have alarm stations, been interpreted to continuously manned allow unauthorized guard posts or persons access to ready rooms need SGI. The phrase not be locked in a ``Safeguards file drawer or Information'' is cabinet'' is changed to changed to ``Safeguards ``Safeguards Information--Modifi Information ed Handling'' to designated as better distinguish Safeguards between these Information-Modifed levels of Handling within safeguards alarm stations or information, which rooms continuously require different occupied by marking, storage, authorized and handling individuals need requirements. not be locked in a file drawer or cabinet.'' [[Page 64047]] 73.23(c)(2)................. The phrase The phrase ``Safeguards ``Safeguards Information'' is Information'' is changed to changed to ``Safeguards ``Safeguards Information--Modifi Information--Modifi ed Handling.'' The ed Handling'' to word ``may'' is better distinguish changed to between these ``shall.'' levels of safeguards information, which require different marking, storage, and handling requirements. The word ``shall'' is replacing ``may'' because it is a requirement that locked file drawers or cabinets do not identify contents as SGI-M. 73.23(d)(1)................. The phrase ``must be This paragraph is marked `SGI- revised in response Modified Handling' to comments that '' is changed to the proposed ``must be marked to document-marking indicate the language was too presence of prescriptive. The Safeguards changes are Information with intended to allow modified handling more flexibility in requirements.'' The document marking. phrase ``to The phrase indicate the ``Safeguards presence of Information'' is protected changed to information'' is ``Safeguards deleted from the Information--Modifi end of the first ed Handling'' to sentence. The better distinguish phrase ``Safeguards between these Information'' is levels of changed to safeguards ``Safeguards information, which Information require different designated as marking, storage, Safeguards and handling Information--Modifi requirements. ed Handling.'' 73.23(d)(1)(i).............. The second The phrase appearance of the ``Safeguards phrase ``safeguards Information'' is information'' is changed to deleted. The phrase ``Safeguards ``Safeguards Information--Modifi Information'' is ed Handling'' to changed to better distinguish ``Safeguards between these Information levels of designated as safeguards Safeguards information, which Information--Modifi require different ed Handling.'' The marking, storage, word and handling ``designation'' is requirements. The changed to word ``determination.'' ``designation'' was changed to ``determination'' to conform Sec. 73.23(d)(1)(i) to Sec. 73.22(d)(1)(i ). The second reference to safeguards information is removed because it was redundant. 73.23(d)(1)(iii)............ The word ``would'' The word ``would'' is changed to is changed to ``will''. ``will.'' 73.23(d)(2)................. The phrase ``In This paragraph is addition to the revised in response `SGI-Modified to comments that Handling' the proposed markings'' is language was too changed to ``In prescriptive. The addition to the changes are markings.'' The intended to allow phrase more flexibility in ``transmittal document marking. letter or The phrase memoranda'' is ``Safeguards changed to ``any Information'' is transmittal letters changed to or memoranda to or ``Safeguards from the NRC,'' Information--Modifi ``e.g.'' is changed ed Handling'' to to ``i.e.,'' and better distinguish ``must'' is changed between these to ``shall.'' The levels of phrase ``Safeguards safeguards Information'' is information, which changed to require different ``Safeguard marking, storage, Information and handling designated as requirements. The Safeguards word ``document'' Information--Modifi was added to ed Handling.'' The conform this word ``document'' paragraph to Sec. is added after 73.22(d)(2). ``transmittal.'' 73.23(d)(3)................. The phrase ``Portion This paragraph is marking of document revised in response or other to comments seeking information is clarification of required for which documents correspondence to require portion and from the NRC'' marking. The intent is changed to of the revised ``Portion marking section is to is required only require portion for correspondence marking only for to and from the NRC cover letters and (i.e., cover similar documents letters, but not that transmit attachments) that correspondence to contains Safeguards or from the NRC. Information--Modifi Attachments to the ed Handling.'' The transmittal last sentence of document do not the original need to be portion proposed rule text marked. This is deleted. The requirement would phrase ``Safeguards enable the NRC to Information'' is better identify changed to some of its ``Safeguards security-related Information regulatory designated as activities to the Safeguards public because it Information--Modifi will be ed Handling.'' The administratively word easier to redact ``transmittal'' is and disclose added before portion-marked ``document.'' transmittal documents. The phrase ``Safeguards Information'' is changed to ``Safeguards Information--Modifi ed Handling'' to better distinguish between these levels of Safeguards Information, which require different marking, storage, and handling requirements. 73.23(d)(4)................. This paragraph did This paragraph is not appear in the added to parallel original proposed the requirement in rule and is added Sec. 73.22(d)(4) to parallel the that documents be requirement in Sec. marked with some 73.22(d)(4). This minimum level of paragraph did not consistency. appear in the Consistency in original proposed document marking is rule and is added important to ensure to parallel the ready and proper requirement in Sec. identification of 73.22(d)(4). SGI, as well as consistent handling. 73.23(e).................... The phrase ``If This paragraph is Safeguards revised to provide Information is more general reproduced on a instructions on digital copier that reproduction of would retain SGI. The original Safeguards proposed paragraph Information in its limited the memory, then the instructions to copier may not be digital copiers. connected to a The revision network'' is applies a changed to performance-based ``Equipment used to standard to any reproduce equipment used to Safeguards reproduce SGI. The Information phrase ``Safeguards designated as Information'' is Safeguards changed to Information- ``Safeguards Modified Handling Information- must be evaluated Modified Handling'' to ensure that to better unauthorized distinguish between individuals cannot these levels of access the safeguards information (e.g., information, which unauthorized require different individuals cannot marking, storage, access SGI by and handling gaining access to requirements. retained memory or network connectivity).'' The phrase ``Safeguards Information'' is changed to ``Safeguards Information designated as Safeguards Information- Modified Handling.'' 73.23(f)(1)................. The phrase The phrase ``Safeguards ``Safeguards Information'' and Information'' is ``SGI--Modified changed to Handling'' are ``Safeguards changed to Information- ``Safeguards Modified Handling'' Information to better designated as distinguish between Safeguards these levels of Information- safeguards Modified information, which Handling.'' would require different marking, storage, and handling requirements. [[Page 64048]] 73.23(f)(2)................. The phrase The phrase ``Safeguards ``Safeguards Information'' is Information'' is changed to changed to ``Safeguards ``Safeguards Information Information- designated as Modified Handling'' Safeguards to better Information- distinguish between Modified these levels of Handling.'' The safeguards words ``nationwide information, which overnight'' are require different deleted. marking, storage, and handling requirements. The removal of the words ``nationwide overnight'' indicates that commercial delivery companies transporting SGI-M would not have to provide nationwide overnight service. SGI-M may be transported by trusted, local carriers, so long as the carrier has computer tracking capabilities. 73.23(f)(3)................. The words ``or The paragraph is later'' are added reworded slightly after ``Federal for clarification. Information The phrase Processing Standard ``safeguards or [FIPS] 140-2.'' The security event'' is phrase ``respond to changed to a security event'' ``security is changed to contingency event'' ``respond to a to emphasize that security the requirement is contingency security-related, event.'' The phrase and to maintain ``Safeguards consistency with Information'' is other regulatory changed to provisions. The ``Safeguards phrase ``or later'' Information is added to clarify designated as that encryption Safeguards technology that Information- meets future Modified Federal Information Handling.'' Processing Standards will be acceptable. The phrase ``Safeguards Information'' is changed to ``Safeguards Information- Modified Handling'' to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirement. 73.23(g)(1)................. The phrase ``Each The second sentence file containing is edited to be Safeguards more concise. The Information'' is phrase ``Safeguards changed to Information'' is ``Safeguards changed to Information ``Safeguards files.'' The phrase Information- ``Safeguards Modified Handling'' Information'' is to better changed to distinguish between ``Safeguards these levels of Information safeguards designated as information, which Safeguards require different Information- marking, storage, Modified and handling Handling.'' requirements. 73.23(g)(2)................. The phrase ``files This paragraph is shall be properly revised in response labeled as `SGI- to comments that Modified Handling' the proposed '' is changed to language was too ``files shall be prescriptive. The properly labeled to changes are indicate the intended to allow presence of more flexibility in Safeguards document marking. Information with The phrase modified handling ``Safeguards requirements.'' The Information'' is phrase ``Safeguards changed to Information'' is ``Safeguards changed to Information- ``Safeguards Modified Handling'' Information to better designated as distinguish between Safeguards these levels of Information- safeguards Modified information, which Handling.'' require different marking, storage, and handling requirements. 73.23(g)(3)................. The word The word ``automated'' is ``automated'' deleted. The phrase unnecessarily ``Safeguards appeared in the Information'' is original proposed changed to rule and is ``Safeguards deleted. The phrase Information ``Safeguards designated as Information'' is Safeguards changed to Information- ``Safeguards Modified Inforation-Modified Handling.'' Handling'' to better distinguish between these levels of safeguards information, which would require different marking, storage, and handling requirements. 73.23(h).................... The word ``must'' in The word ``must'' is the last sentence changed to is changed to ``shall'' to be ``shall.'' The consistent with phrase ``Safeguards Sec. 73.22(h). Information'' is The phrase changed to ``Safeguards ``Safeguards Information'' is Information changed to designated as ``Safeguards Safeguards Information- Information- Modified Handling'' Modified to better Handling.'' distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. 73.23(i).................... The phrase ``tearing This paragraph is into small pieces'' revised to is deleted from the eliminate redundant second sentence. language and to The third sentence clarify that is changed from document ``Piece sizes one destruction results half inch or in piece sizes no smaller composed of wider than one- several pages or quarter inch, documents and thoroughly mixed. thoroughly mixed The phrase would be considered ``Safeguards completely Information'' is destroyed'' to changed to ``Piece sizes no ``Safeguards wider than one Information- quarter inch Modified Handling'' composed of several to better pages or documents distinguish between and thoroughly these levels of mixed are Safeguards considered Information, which completely require different destroyed.'' The marking, storage, phrase ``Safeguards and handling Information'' is requirements. changed to ``Safeguards Information designated as Safeguards Information-Modifed Handling.'' 73.37(f)(2)(iv)............. This section is This change conforms revised to read ``A cross-references in statement that the part 73 with the information revised proposed described below in rule. Sec. 73.37(f)(3) is required by NRC regulations to be protected in accordance with the requirements of Sec. Sec. 73.21 and 73.22.'' 73.37(f)(3)(iii)............ This section is This change conforms revised to read cross-references in ``For the case of a part 73 with the single shipment revised proposed whose schedule is rule. not related to the schedule of any subsequent shipment, a statement that schedule information must be protected in accordance with the provisions of Sec. Sec. 73.21 and 73.22 until at least 10 days after the shipment has entered or originated within the State.'' [[Page 64049]] 73.37(f)(3)(iv)............. This section is This change conforms revised to read cross-references in ``For the case of a part 73 with the shipment in a revised proposed series of shipments rule. whose schedules are related, a statement that schedule information must be protected in accordance with the provisions of Sec. Sec. 73.21 and 73.22 until 10 days after the last shipment in the series has entered or originated within the State and an estimate of the date on which the last shipment in the series will enter or originate within the State.'' 73.37(g).................... This section is This change conforms revised to read cross-references in ``State officials, part 73 with the State employees, revised proposed and other rule. individuals, whether or not licensees of the Commission, who receive schedule information of the kind specified in Sec. 73.37(f)(3) shall protect that information against unauthorized disclosure as specified in Sec. Sec. 73.21 and 73.22.'' 73.57....................... The revised proposed The title of this rule would revise section would be the title of this changed to reflect section to read application of the ``Requirements for criminal history criminal history check requirement, checks of including individuals granted fingerprinting, to unescorted access employees of to a nuclear power entities engaged in facility or access an activity subject to Safeguards to regulation by Information.'' the Commission and entities who have provided written notice to the Commission of intent to file an application for licensing, certification, permitting, or approval of a product subject to regulation by the Commission. This change implements the Energy Policy Act of 2005. 73.57(a)(1)................. The revised proposed The original rule adds the proposed rule has phrase ``or to been revised to engage in an implement the activity subject to Energy Policy Act regulation by the of 2005's Commission'' to requirement that existing Sec. all individuals 73.57(a)(1). with access to Safeguards Information undergo an FBI criminal history check, including fingerprinting. 73.57(a)(2)................. The revised proposed The original rule adds the proposed rule has phrase ``to engage been revised to in an activity implement the subject to Energy Policy Act regulation by the of 2005's Commission, as well requirement that as each entity who all individuals has provided with access to written notice to Safeguards the Commission of Information undergo intent to file an an FBI criminal application for history check, licensing, including certification, fingerprinting. permitting, or approval of a product subject to regulation by the Commission'' to existing Sec. 73.57(a)(2). 73.57(b)(2)(i).............. The revised proposed The phrase ``or rule deletes the access to phrase ``or for Safeguards access to Information'' was Safeguards deleted so that Information.'' It this paragraph adds a reference to would only address Sec. 73.23. individuals exempt from Sec. 73.57(b) for purposes of unescorted access to nuclear power facilities. 73.57(b)(2)(ii)............. The revised proposed The list of rule revises the individuals exempt list of individuals from the exempt from Sec. requirements of 73.57(b)(1). The Sec. 73.57(b) for phrase ``Employees purposes of access of other agencies to SGI has been of the United revised to be States Government'' consistent with the is changed to ``An list of individuals employee of the exempt from the Commission or the criminal history Executive Branch of and background the United States check requirements Government.'' The for access to SGI phrase ``the in Sec. Sec. Governor of a State 73.22(b)(3) and or his or her 73.23(b)(3). designated employee Consistent with the representatives'' statement of is changed to ``The considerations Governor of a State accompanying Sec. or his or her 73.57 when it was designated State first promulgated employee (52 FR 6310; (March representative.'' 2, 1987)), the list The revised of exempt proposed rule adds individuals ``Representatives continues to be of the limited to International individuals who Atomic Energy have undergone the Agency (IAEA) same or similar engaged in criminal history activities and background associated with the checks as a U.S./IAEA condition of Safeguards employment or who Agreement who have have been certified been certified by by the NRC. the NRC,'' ``Federal, State or local law enforcement personnel,'' ``State Radiation Control Program Directors and State Homeland Security Advisors or their designated State employee representatives,'' and ``Any agent, contractor, or consultant of aforementioned persons who has undergone equivalent criminal history and background checks'' to the list of individuals exempt from Sec. 73.57(b)(1). The revised proposed rule deletes ``individuals to whom disclosure is ordered pursuant to Sec. 2.709(f)'' from the list. [[Page 64050]] 73.57(e)(3)................. The following This paragraph makes paragraph has been clear that an added: ``In individual addition to the participating in an right to obtain NRC adjudication records from the and seeking access FBI in paragraph to SGI for use in (e)(1) of this the adjudication, section and the may appeal to the right to initiate presiding officer a challenge final adverse procedures determination by inparagraph (e)(2) the NRC Office of of this section, an Administration on individual the individual's participating in an trustworthiness and NRC adjudication reliability. and seeking to obtain SGI for use in that adjudication may appeal a final adverse determination by the NRC Office of Administration to the Presiding Officer of the proceeding. Potential witnesses, participants without attorneys, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request that the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the Presiding Officer of the proceeding to review the adverse determination.'' 73.59....................... The title of this The changes in the section is changed title of this to: ``Relief from section is needed fingerprinting, because of changes identification and in the text to criminal history broaden its scope records checks and to include relief background checks from the for designated requirements for categories of background checks. individuals.'' The recently promulgated Sec. 73.59 did not relieve the specified categories of individuals from background checks because no requirement to perform background checks prior to granting access to SGI currently existed. Thus, no relief was needed. Relieving these categories of individuals from the fingerprinting requirements while at the same time subjecting them to background checks would not be consistent with the underlying premise that these categories of individuals are trustworthy and reliable by virtue of their occupational status. In addition, Sec. Section 73.59(a) is 73.59(a) would be being deleted in deleted in its its entirety entirety, including because that the definition of definition of SGI SGI. The remainder is captured in 10 of the section is CFR Sec. 73.2. redesignated to Instead, a cross- comply with Office reference to the of the Federal definition of SGI Register (and SGI-M) in Sec. requirements. 73.2 is made. including SGI-M within the scope of Sec. 73.59 is necessary is necessary to be consistent with the structure of the rest of the proposed SGI rule, which refers to both SGI and SGI-M. Section 73.59(d) is Section 73.59(d) is new and adds as a added because the category of Commission has individuals: ``The determined to grant Comptroller General relief under Sec. or an employee of 73.59 for the the Government Comptroller General Accountability or an employee of Office who has the Government undergone Accountability fingerprinting for Office who has a prior U.S. undergone Government criminal fingerprinting for history check.'' a prior U.S. Government criminal history check. Section 73.59(f) This revision is would be revised to necessary to refer to both reflect the change Safeguards in terminology in Information and the FRN clarifying Safeguards that SGI-M is Information Safeguards designated as Information. Safeguards Information- Modified Handling (SGI-M). Section 73.59(k) is New Sec. 73.59(k) also new and would carries over into exempt ``Any agent, the new proposed contractor, or rule the category consultant of the * of individuals * * persons who described in former have undergone the proposed Sec. Sec. equivalent criminal 73.22(b)(3)(vii) history and and background checks 73.23(b)(3)(vii). to those required by 10 CFR Sec. Sec. 73.22(b) or 73.23(b).'' 10 CFR part 73 Appendix I... A new Appendix I is In response to added that defines comments, the the quantities of Commission has concern described included a table of in the revised radionuclides and proposed rule. quantities that establishes the ``quantities of concern'' referenced in this revised proposed rule. The table is based on International Atomic Energy Agency recommendation in its Code of Conduct on the Safety and Security of Radioactive Sources, and has been used to determine the types and quantities of materials that warrant additional security requirements, some of which have already been issued by order. Other protective measures are under development based in part on the threshold quantities established in this table. Radium-226 is being Section 651(e) of added to the the Energy Policy listing of Act of 2005 amended radionuclides. Section 11e. of the Atomic Energy Act of 1954 to include in the definition of byproduct material ``any discrete source of radium-226 that is produced, extracted, or converted after extraction, before, on, or after the date of enactment of this paragraph for use for a commercial, medical, or research activity.'' [[Page 64051]] 76.113(c)................... The phrase ``and In response to parts 25 and 95 of public comment, this chapter'' is this paragraph has added to the end of been revised. As the first sentence. revised, The second sentence Unclassified reads: Controlled Nuclear ``Information Information would designated by the be protected in U.S. Department of accordance with DOE Energy (DOE) as requirements. Unclassified Controlled Nuclear Information must be protected in accordance with DOE requirements. 150.15(a)(9)................ A cross-reference to A cross-reference to Sec. 73.22 and Sec. 73.22 and the phrase ``as the words ``as applicable'' are applicable'' are added. added for completeness. ------------------------------------------------------------------------ D. Request for Specific Comment A background check, which would contain as an element, a criminal history check (including fingerprinting), is necessary for access to SGI, in all circumstances, unless specifically exempt in accordance with the concepts in Sec. 73.22(b)(3) and Sec. 73.23(b)(3). Those provisions contain cross-reference to Sec. 73.59, which describes categories of individuals who are exempt from the criminal history check and background check requirements by virtue of their occupational status. These exemptions are authorized by section 149(a)(4)(B) of the AEA, under which the Commission may, by rule, exempt or relieve individuals from the fingerprinting, identification, and criminal history check requirements. The exercise of such authority pursuant to section 149(a)(4)(B) requires a finding by the Commission that such action is consistent with its obligations to promote the common defense and security and to protect the health and safety of the public.'' In the final rule promulgating Sec. 73.59, the Commission made the required finding. The Commission is specifically seeking comment on the appropriateness of these revised provisions, as they apply to various categories of individuals. V. Criminal Penalties For the purpose of Section 223 of the Atomic Energy Act (AEA), the Commission is proposing to amend 10 CFR parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, and 150 under one or more of Sections 147, 161b., 161i., or 161o. of the AEA. Willful violations of the revised proposed rule would be subject to criminal enforcement. VI. Agreement State Issues The rule proposes changes to parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, and 150 would be considered to be Category NRC compatibility and therefore are areas of exclusive NRC authority. Nonetheless, the original proposed rule was provided to the Agreement States for their review and comment prior to its publication of draft rule text on the NRC Web site and the publication of the rule in the Federal Register. Agreement States had an opportunity to review the revised proposed rule prior to publication. The Agreement States of Illinois and Washington commented on the original proposed rule prior to publication in the Federal Register. Both states expressed concern about the breadth of rule text reflecting the Commission's authority to prohibit the unauthorized disclosure of SGI relating to such quantities of special nuclear material, source, and byproduct material as the Commission determines to be significant to the public health and safety or the common defense and security. In response to this concern, the Commission notes that it needs such broad authority to adequately protect SGI, and Section 147 of the AEA provides such authority to the Commission. The Commission has, however, modified certain aspects of the revised proposed rule, e.g. the definition of SGI, to more closely track the language in Section 147 of the AEA. An agency of the State of New York commented on the original proposed rule and asserted that the Commission lacks the statutory authority to impose regulations for the protection of SGI pertaining to Agreement State licensees. According to these comments, the term ``licensee's or ``applicant's'' [detailed information] in Section 147 cannot be construed as inclusive of State licensees or applicants. As explained previously in response to specific comments, the Commission does not agree with this commenter's interpretation of Section 147. VII. Voluntary Consensus Standards The National Technology Transfer Act of 1995 (Pub. L. 104-113), requires that Federal agencies use technical standards that are developed or adopted by voluntary consensus standards bodies unless the use of such a standard is inconsistent with applicable law or otherwise impractical. In this revised proposed rule, the NRC is using the following Government-unique standard: National Institute of Standards and Technology, Federal Information Processing Standard [FIPS] PUB-140- 2, ``Security Requirements for Cryptographic Modules,'' May 25, 2001. The NRC has determined that using this Government-unique standard is justified because no voluntary consensus standard has been identified that could be used instead. In addition, this Government-unique standard was developed using the same procedures used to create a voluntary consensus standard. VIII. Finding of No Significant Impact: Environmental Assessment The Commission has determined under the National Environmental Policy Act of 1969, as amended, and the Commission's regulations in subpart A of 10 CFR part 51, that this revised proposed rule, if adopted, would not constitute a major Federal action significantly affecting the quality of the human environment and, therefore, an environmental impact statement is not required. The basis for this determination is that the revised proposed rule relates to the designation, handling and protection of SGI and the collection of information on which a determination to grant individuals access to this information is based. The determination of this environmental assessment is that there would be no significant environmental impacts from this action. The NRC has sent a copy of the environmental assessment and the revised proposed rule to every State Liaison Officer and requested comments on the environmental assessment. No State provided comments on the draft environmental assessment. IX. Paperwork Reduction Act Statement This proposed rule amends information collection requirements that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). This rule has been submitted to the [[Page 64052]] Office of Management and Budget for review and approval of the information collection requirements. Type of submission, new or revision: Revision. The title of the information collection: 10 CFR part 73, ``Protection of Safeguards Information.'' The form number if applicable: Not applicable. How often the collection is required: On occasion. Any person (including an individual) or entity who is permitted access to SGI or Safeguards Information designated for modified handling (SGI-M) must undergo a background check, including fingerprinting, to establish trustworthiness and reliability. That determination is valid for a 5- year period. Licensees must mark and protect SGI or SGI-M information from unauthorized disclosure on a continuous basis. Who will be required or asked to report: Persons (including individuals) or entities who are licensed, certified, or permitted to engage in an activity subject to regulation by the Commission, including utilization facilities; vendors; individuals who have filed an application for a license or certificate to engage in Commission- regulated activities; and individuals who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission. An estimate of the number of annual responses: 485. The estimated number of annual respondents: 485. An estimate of the total number of hours needed annually to complete the requirement or request: 4,741 (9.78 hours per recordkeeper). Abstract: The NRC is proposing to amend its regulations for the protection of Safeguards Information (SGI) and add requirements for Safeguards Information for modified handling (SGI-M) to protect SGI and SGI-M from inadvertent release and unauthorized disclosure which might compromise the security of nuclear facilities and materials. The proposed amendments would affect certain licensees, information, and materials not currently subject to SGI regulations, but which are within the scope of Commission authority under the Atomic Energy Act of 1954, as amended (AEA). The NRC originally published the proposed rule in the Federal Register on February 11, 2005 (70 FR 7196). The NRC is again publishing the proposed rule on SGI in order to allow the public to comment on changes to the rule text. These changes are in response to public comments and amendments to the AEA in the Energy Policy Act of 2005 (EPAct) and Commission Orders issued to licensees authorized to possess and transfer items containing certain quantities of radioactive material. The U.S. Nuclear Regulatory Commission is seeking public comment on the potential impact of the information collections contained in this proposed rule and on the following issues: 1. Is the proposed information collection necessary for the proper performance of the functions of the NRC, including whether the information will have practical utility? 2. Is the estimate of burden accurate? 3. Is there a way to enhance the quality, utility, and clarity of the information to be collected? 4. How can the burden of the information collection be minimized, including the use of automated collection techniques? A copy of the OMB clearance package may be viewed free of charge at the NRC Public Document Room, One White Flint North, 11555 Rockville Pike, Room O-1 F21, Rockville, MD 20852. The OMB clearance package and rule are available at the NRC worldwide Web site: http://www.nrc.gov/public-involve/doc-comment/omb/index.html for 60 days after the signature date of this notice and are also available at the RuleForum site, http://ruleforum.llnl.gov. Send comments on any aspect of these proposed information collections, including suggestions for reducing the burden and on the above issues, by November 30, 2006 to the Records and FOIA/Privacy Services Branch (T-5 F52), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by Internet electronic mail to INFOCOLLECTS@NRC.GOV and to the Desk Officer, John A. Asalone, Office of Information and Regulatory Affairs, NEOB-10202, (3150-0002), Office of Management and Budget, Washington, DC 20503. Comments received after this date will be considered if it is practical to do so, but assurance of consideration cannot be given to comments received after this date. You may also e-mail comments to John_A._Asalone@omb.eop.gov or comment by telephone at (202) 395-4650. Public Protection Notification The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid OMB control number. X. Regulatory Analysis The Commission has prepared a revised regulatory analysis on this revised proposed rule. The revised analysis examines the costs and benefits of the alternatives considered by the Commission. The revised regulatory analysis is available for inspection in the NRC Public Document Room, 11555 Rockville Pike, Rockville, MD 20852. The revised regulatory analysis is also available electronically via the NRC rulemaking Web site at http://ruleforum.llnl.gov. Single copies of the revised analysis may be obtained from the Office of the General Counsel, U.S. Nuclear Regulatory Commission, at 301-415-1633 or by e- mail at mur@nrc.gov. XI. Regulatory Flexibility Certification In accordance with the Regulatory Flexibility Act of 1980, 5 U.S.C. 605(b), the NRC has determined that this rule, if adopted, would not have a significant economic impact upon a substantial number of small entities. The NRC estimates that the proposed regulation will affect approximately 152 NRC licensees, 87 Agreement State licensees, 200 State contacts, and 29 applicants for licenses. The NRC estimates that small businesses as defined by 10 CFR 2.810 comprise less than 1 percent of the total number of NRC licensees and state contacts affected by this regulation. The NRC does not have information on the small business status of the Agreement State licensees or applicants for NRC and Agreement State licenses affected by this regulation, therefore, in its February 11, 2005 original proposed rule and the regulatory analysis developed in support of the original proposed rule, the NRC requested public comments on the impact of the original proposed rule on small businesses. No comments were received. In the absence of information on the small business status of the Agreement State licensees and applicants for NRC and Agreement State licenses affected by this regulation and based on the small proportion of NRC licensees that qualify as small entities, the NRC estimates that the number of small entities among these licensees is also less than 1 percent. For a small entity, the implementation burden imposed by the regulation is estimated to be 41.8 hours, and the annual burden is estimated to be 3.5 hours. The potential benefits of preventing disclosure of SGI by unauthorized persons would significantly outweigh the economic impact on small licensees. [[Page 64053]] XII. Backfit Analysis The Commission has concluded, on the basis of the documented evaluation in the revised regulatory analysis, that the majority of the requirements in the revised proposed rule would not be backfits as defined in 10 CFR 50.109(a)(4)(ii), 70.76(a)(4)(iii), 72.62, and 76.76(a)(4)(ii). The Commission has also concluded that the requirements in the rule that would constitute backfits are necessary to ensure insure that the facilities and materials described in the rule provide adequate protection to the public health and safety and are in accord with the common defense and security, as applicable. Therefore, a backfit analysis is not required and the cost-benefit standards of 10 CFR 50.109(a)(3), 70.76, 72.62, and 76.76, do not apply. The documented evaluation in the revised regulatory analysis includes a statement of the objectives of and the reasons for the backfits that would be required by the revised proposed rule and sets forth the Commission's conclusion that these backfits are not subject to the cost-benefit standards of 10 CFR 50.109(a)(3), 70.76, 72.62, and 76.76. List of Subjects 10 CFR Part 2 Administrative practice and procedure, Antitrust, Byproduct material, Classified information, Environmental protection, Nuclear materials, Nuclear power plants and reactors, Penalties, Sex discrimination, Source material, Special nuclear material, Waste treatment and disposal. 10 CFR Part 30 Byproduct material, Criminal penalties, Government contracts, Intergovernmental relations, Isotopes, Nuclear materials, Radiation protection, Reporting and recordkeeping requirements. 10 CFR Part 40 Criminal penalties, Government contracts, Hazardous materials transportation, Nuclear materials, Reporting and recordkeeping requirements, Source material, Uranium. 10 CFR Part 50 Antitrust, Classified information, Criminal penalties, Fire protection, Intergovernmental relations, Nuclear power plants and reactors, Radiation protection, Reactor siting criteria, Reporting and recordkeeping requirements. 10 CFR Part 52 Administrative practice and procedure, Antitrust, Backfitting, Combined license, Early site permit, Emergency planning, Fees, Inspection, Limited work authorization, Nuclear power plants and reactors, Probabilistic risk assessment, Prototype, Reactor siting criteria, Redress of site, Reporting and recordkeeping requirements, Standard design, Standard design certification. 10 CFR Part 60 Criminal penalties, High-level waste, Nuclear materials, Nuclear power plants and reactors, Reporting and recordkeeping requirements, Waste treatment and disposal. 10 CFR Part 63 Criminal penalties, High-level waste, Nuclear power plants and reactors, Reporting and recordkeeping requirements, Waste treatment and disposal. 10 CFR Part 70 Criminal penalties, Hazardous materials transportation, Material control and accounting, Nuclear materials, Packaging and containers, Radiation protection, Reporting and recordkeeping requirements, Scientific equipment, Security measures, Special nuclear material. 10 CFR Part 71 Criminal penalties, Hazardous materials transportation, Nuclear materials, Packaging and containers, Reporting and recordkeeping requirements. 10 CFR Part 72 Administrative practice and procedure, Criminal penalties, Manpower training programs, Nuclear materials, Occupational safety and health, Penalties, Radiation protection, Reporting and recordkeeping requirements, Security measures, Spent fuel, Whistleblowing. 10 CFR Part 73 Criminal penalties, Export, Hazardous materials transportation, Import, Nuclear materials, Nuclear power plants and reactors, Reporting and recordkeeping requirements, Security measures. 10 CFR Part 76 Certification, Criminal penalties, Radiation protection, Reporting and record keeping requirements, Security measures, Special nuclear material, Uranium enrichment by gaseous diffusion. 10 CFR Part 150 Criminal penalties, Hazardous materials transportation, Intergovernmental relations, Nuclear materials, Reporting and recordkeeping requirements, Security measures, Source material, Special nuclear material. For the reasons set out in the preamble and under the authority of the Atomic Energy Act of 1954, as amended; the Energy Reorganization Act of 1974, as amended; and 5 U.S.C. 553; the NRC is proposing to adopt the following amendments to 10 CFR parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76 and 150. PART 2--RULES OF PRACTICE FOR DOMESTIC LICENSING PROCEEDINGS AND ISSUANCE OF ORDERS 1. The authority citation for part 2 is revised to read as follows: Authority: Secs.149, 161, 181, 68 Stat. 948, 953, as amended (42 U.S.C. 2201, 2231, 2169); sec. 191, as amended, Pub. L. 87-615, 76 Stat. 409 (42 U.S.C. 2241); sec. 201, 88 Stat. 1242, as amended (42 U.S.C. 5841); 5 U.S.C. 552; sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Section 2.101 also issued under secs. 53, 62, 63, 81, 103, 104, 105, 68 Stat. 930, 932, 933, 935, 936, 937, 938, as amended (42 U.S.C. 2073, 2092, 2093, 2111, 2133, 2134, 2135); sec. 114(f), Pub. L. 97-425, 96 Stat. 2213, as amended (42 U.S.C. 10143(f)), sec. 102, Pub. L. 91-190, 83 Stat. 853, as amended (42 U.S.C. 4332); sec. 301, 88 Stat. 1248 (42 U.S.C. 5871). Sections 2.102, 2.103, 2.104, 2.105, 2.721 also issued under secs. 102, 103, 104, 105, 183i, 189, 68 Stat. 936, 937, 938, 954, 955, as amended (42 U.S.C. 2132, 2133, 2134, 2135, 2233, 2239). Sections 2.105 also issued under Pub. L. 97-415, 96 Stat. 2073 (42 U.S.C. 2239). Sections 2.200-2.206 also issued under secs. 161 b, i, o, 182, 186, 234, 68 Stat. 948-951, 955, 83 Stat. 444, as amended (42 U.S.C. 2201(b), (i), (o), 2236, 2282); sec. 206, 88 Stat 1246 (42 U.S.C. 5846). Section 2.205(j) also issued under Pub. L. 101-410, 104 Stat. 90, as amended by section 3100(s), Pub. L. 104-134, 110 Stat. 1321- 373 (28 U.S.C. 2461 note). Sections 2.600-2.606 also issued under sec. 102, Pub. L. 91-190, 83 Stat. 853, as amended (42 U.S.C. 4332). Sections 2.700a, 2.719 also issued under 5 U.S.C. 554. Sections 2.754, 2.760, 2.770, 2.780 also issued under 5 U.S.C. 557. Section 2.764 also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 2.790 also issued under sec. 103, 68 Stat. 936, as amended (42 U.S.C. 2133), and 5 U.S.C. 552. Sections 2.800 and 2.808 also issued under 5 U.S.C. 553. Section 2.809 also issued under 5 U.S.C. 553, and sec. 29, Pub. L. 85-256, 71 Stat. 579, as amended (42 U.S.C. 2039). Subpart K also issued under sec. 189, 68 Stat. 955 (42 U.S.C. 2239); sec. 134, Pub. L. 97-425, 96 Stat. 2230 (42 U.S.C. 10154). Subpart L also issued under sec. 189, 68 Stat. 955 (42 U.S.C. 2239). Subpart M also issued under sec. 184 (42 [[Page 64054]] U.S.C. 2234) and sec. 189, 68 stat. 955 (42 U.S.C. 2239). Appendix A also issued under sec. 6, Pub. L. 91-560, 84 Stat. 1473 (42 U.S.C. 2135). 2. In Sec. 2.4, a new definition for Safeguards Information is added in alphabetical order to read as follows: Sec. 2.4 Definitions. * * * * * Safeguards Information means information not classified as National Security Information or Restricted Data which specifically identifies a licensee's or applicant's detailed control and accounting procedures for the physical protection of special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; detailed security measures (including security plans, procedures, and equipment) for the physical protection of source, byproduct, or special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; security measures for the physical protection and location of certain plant equipment vital to the safety of production or utilization facilities; and any other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, the unauthorized disclosure of which, as determined by the Commission through order or regulation, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of source, byproduct, or special nuclear material. * * * * * 3. In Sec. 2.336, paragraph (f) is redesignated as (g), and a new paragraph (f) is added to read as follows: Sec. 2.336 General discovery. * * * * * (f)(1) In the event of a dispute over disclosure of documents and records including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act, as amended, the presiding officer may issue an order requiring disclosure if-- (i) The presiding officer finds that the individual seeking access to Safeguards Information to participate in an NRC adjudication has the requisite ``need to know'', as defined in Sec. 73.2; (ii) The individual has undergone an FBI criminal history check, unless exempt under Sec. Sec. 73.22(b)(3) or 73.23(b)(3), as applicable, by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington D.C. 20555-0001, and otherwise following the procedures in Sec. 73.57(d) for submitting and processing of fingerprints. However, before an adverse determination by the NRC Office of Administration on an individual's criminal history check, the individual shall be afforded the protections provided by Sec. 73.57; and (iii) The NRC Office of Administration has found, based upon a background check, that the individual is trustworthy and reliable, unless exempt under Sec. Sec. 73.22(b)(3) or 73.23(b)(3), as applicable. However, before an adverse determination on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections provided by Sec. 73.57. (iv) Participants, potential witnesses, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. The request may also seek to have the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination. (2) The presiding officer may include in an order any protective terms and conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in the proceeding, to interested States and other governmental entities participating under Sec. 2.315(c), and to their qualified witnesses and counsel. (3) When Safeguards Information protected from unauthorized disclosure under Section 147 of the Atomic Energy Act, as amended, is received and possessed by a participant other than the NRC staff, it must also be protected according to the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. (4) The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved. (5) In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under Sec. 2.205. (6) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information is considered to be an order issued under Section 161b. of the Atomic Energy Act. * * * * * 4. In Sec. 2.705, paragraph (c)(2) is revised and new paragraphs (c)(3) through (7) are added to read as follows: Sec. 2.705 Discovery-additional methods. * * * * * (c) * * * (2) In the case of documents and records including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act, as amended, the presiding officer may issue an order requiring disclosure if-- (i) The presiding officer finds that the individual seeking access to Safeguards Information in order to participate in an NRC proceeding has the requisite ``need to know'', as defined in Sec. 73.2; (ii) The individual has undergone an FBI criminal history check, unless exempt under Sec. Sec. 73.22(b)(3) or 73.23(b)(3), as applicable by submitting fingerprints to the NRC Office of Administration, Security Processing [[Page 64055]] Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington DC 20555-0001, and otherwise following the procedures in Sec. 73.57(d) for submitting and processing fingerprints. However, before an adverse determination on an individual's criminal history check by the NRC Office of Administration, the individual shall be afforded the protections of Sec. 73.57; and (iii) The NRC Office of Administration has found, based upon a background check, that the individual is trustworthy and reliable, unless exempt under Sec. Sec. 73.22(b)(3) or 73.23(b)(3). However, before an adverse determination on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections of Sec. 73.57. (iv) Participants, potential witnesses, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. The request may also seek to have the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination. (3) The presiding officer may include in an order any protective terms and conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in the proceeding, to interested States and other governmental entities participating under Sec. 2.315(c), and to their qualified witnesses and counsel. (4) When Safeguards Information protected from unauthorized disclosure under Section 147 of the Atomic Energy Act, as amended, is received and possessed by a participant other than the NRC staff, it must also be protected according to the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. (5) The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved. (6) In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under Sec. 2.205. (7) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information is considered to be an order issued under Section 161b. of the Atomic Energy Act. * * * * * 5. In Sec. 2.709, paragraph (f) is revised to read as follows: Sec. 2.709 Discovery against NRC staff. * * * * * (f) (1) In the case of requested documents and records (including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act, as amended) exempt from disclosure under Sec. 2.390, the presiding officer may issue an order requiring disclosure to the Executive Director for Operations or a delegate of the Executive Director for Operations, to produce the document or records (or any other order issued ordering production of the document or records) if-- (i) The presiding officer finds that the individual seeking access to Safeguards Information to participate in an NRC adjudication has the requisite ``need to know'', as defined in Sec. 73.2; (ii) The individual has undergone an FBI criminal history check, unless exempt under Sec. Sec. 73.22(b)(3) or 73.23(b)(3), by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington DC 20555-0001, and otherwise following the procedures in Sec. 73.57(d) for submitting and processing fingerprints. However, before an adverse determination by the NRC Office of Administration on an individual's criminal history check, the individual shall be afforded the protections of Sec. 73.57; and (iii) The NRC Office of Administration finds, based on a background check, that the individual is trustworthy and reliable, unless exempt under Sec. Sec. 73.22(b)(3) or 73.23(b)(3), as applicable. However, before an adverse determination by the NRC Office of Administration on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections of Sec. 73.57. (iv) Participants, potential witnesses, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. The request may also seek to have the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination. (2) The presiding office may include in an order any protective terms and [[Page 64056]] conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in the proceeding, to interested States and other governmental entities participating under Sec. 2.315(c), and to their qualified witnesses and counsel. (3) When Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, is received and possessed by a participant other than the NRC staff, it must also be protected according to the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. (4) The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved. (5) In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under Sec. 2.205. (6) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information is considered to be an order issued under Section 161b. of the Atomic Energy Act. * * * * * 6. In Sec. 2.1003, paragraph (a)(4)(iii) is revised to read as follows: Sec. 2.1003 Availability of material. (a) * * * (4) * * * (iii) Which constitutes Safeguards Information under Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. * * * * * 7. In Sec. 2.1010, paragraph (b)(6) is revised to read as follows: Sec. 2.1010 Pre-License application presiding officer. * * * * * (b) * * * (6) Whether the material should be disclosed under a protective order containing such protective terms and conditions (including affidavits of nondisclosure) as may be necessary and appropriate to limit the disclosure to potential parties, interested governmental participants, and parties in the proceeding, or to their qualified witnesses and counsel. (i) The Pre-License Application Presiding Officer may issue an order requiring disclosure of Safeguards Information if-- (A) The Pre-License Application Presiding Officer finds that the individual seeking access to Safeguards Information in order to participate in an NRC adjudication has the requisite ``need to know'', as defined in Sec. 73.2; (B) The individual has undergone an FBI criminal history check, unless exempt under Sec. Sec. 73.22(b)(3) or 73.23(b)(3), as applicable by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington DC 20555-0001, and otherwise following the procedures in Sec. 73.57(d) for submitting and processing fingerprints. However, before an adverse determination by the NRC Office of Administration on an individual's criminal history, the individual shall be afforded the protections of Sec. 73.57; and (C) A finding by the NRC Office of Administration, based on a background check, that the individual is trustworthy and reliable, unless exempt under Sec. Sec. 73.22(b)(3) or 73.23(b)(3), as applicable. However, before an adverse determination by the NRC Office of Administration on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections on Sec. 73.57. (D) Participants, potential witnesses, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. The request may also seek to have the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination. (ii) The Pre-License Application Presiding Officer may include in an order any protective terms and conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in the proceeding, to interested states and other governmental entities participating under Sec. 2.315(c), and to their qualified witnesses and counsel. (iii) When Safeguards Information, protected from disclosure under Section 147 of the Atomic Energy Act of 1954, as amended, is received and possessed by a potential party, interested government participant, or party, other than the NRC staff, it shall also be protected according to the requirements of Sec. 73.21 and the requirements of Sec. Sec. 73.22 or 73.23 of this chapter, as applicable. (iv) The Pre-License Application Presiding Officer may also prescribe such additional procedures as will effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved. (v) In addition to any other sanction that may be imposed by the Pre-License Application Presiding Officer for violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act of 1954, as amended, the entity in violation may be subject to a civil penalty imposed pursuant to Sec. 2.205. (vi) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act of 1954, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information shall be deemed to be an order issued under Section 161b. of the Atomic Energy Act of 1954, as amended. * * * * * [[Page 64057]] PART 30--RULES OF GENERAL APPLICABILITY TO DOMESTIC LICENSING OF BYPRODUCT MATERIAL 8. The authority citation for part 30 is revised to read as follows: Authority: Secs. 81, 82, 161, 182, 183, 186, 68 Stat. 935, 948, 953, 954, 955, as amended, sec. 234, 83 Stat. 444, as amended (42 U.S.C. 2111, 2112, 2201, 2232, 2233, 2236, 2282); secs. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 549 (2005). Section 30.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat. 2951 as amended by Pub. L. 102-486, sec. 2902, 106 Stat. 3123, (42 U.S.C. 5851). Section 30.34(b) also issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234). Section 30.61 also issued under sec. 187, 68 Stat. 955 (42 U.S.C. 2237). 9. In Sec. 30.32, paragraph (j) is added to read as follows: Sec. 30.32 Application for specific licenses. * * * * * (j) Each applicant for a license for byproduct material subject to the requirements of part 73 of this chapter shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21 and 73.23 of this chapter, as applicable. 10. In Sec. 30.34, paragraph (j) is added to read as follows: Sec. 30.34 Terms and conditions of licenses. * * * * * (j) Each licensee subject to the requirements of part 73 of this chapter shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21 and 73.23 of this chapter, as applicable. PART 40--DOMESTIC LICENSING OF SOURCE MATERIAL 11. The authority citation for part 40 is revised to read as follows: Authority: Secs. 62, 63, 64, 65, 81, 161, 182, 183, 186, 68 Stat. 932, 933, 935, 948, 953, 954, 955, as amended, secs. 11e(2), 83, 84, Pub. L. 95-604, 92 Stat. 3033, as amended, 3039, sec. 234, 83 Stat. 444, as amended (42 U.S.C. 2014(e)(2), 2092, 2093, 2094, 2095, 2111, 2113, 2114, 2201, 2232, 2233, 2236, 2282); sec. 274, Pub. L. 86-373, 73 Stat. 688 (42 U.S.C. 2021); secs. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846); sec. 275, 92 Stat. 3021, as amended by Pub. L. 97-415, 96 Stat. 2067 (42 U.S.C. 2022); sec. 193, 104 Stat. 2835, as amended by Pub. L. 104-134, 110 Stat. 1321, 1321-349 (42 U.S.C. 2243); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-59, 119 Stat. 594 (2005). Section 40.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat. 2951 (42 U.S.C. 5851). Section 40.31(g) also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Section 40.46 also issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234). Section 40.71 also issued under sec. 187, 68 Stat. 955 (42 U.S.C. 2237). 12. In Sec. 40.31, paragraph (m) is added to read as follows: Sec. 40.31 Application for specific licenses. * * * * * (m) Each applicant for a license for the possession of source material at a facility for the production of uranium hexafluoride shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21 and 73.22 of this chapter, as applicable. Each applicant for a license for source material subject to the requirements of part 73 of this chapter shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. 13. In Sec. 40.41, paragraph (h) is added to read as follows: Sec. 40.41 Terms and conditions of licenses. * * * * * (h) Each licensee subject to the requirements of part 73 of this chapter shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. PART 50--DOMESTIC LICENSING OF PRODUCTION AND UTILIZATION FACILITIES 14. The authority citation for part 50 is revised to read as follows: Authority: Secs. 102, 103, 104, 105, 161, 182, 183, 186, 189, 68 Stat. 936, 937, 938, 948, 953, 954, 955, 956, as amended, sec. 234, 83 Stat. 444, as amended (42 U.S.C. 2132, 2133, 2134, 2135, 2201, 2232, 2233, 2236, 2239, 2282); secs. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Section 50.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat. 2951 (42 U.S.C. 5841). Section 50.10 also issued under secs. 101, 185, 68 Stat. 955, as amended (42 U.S.C. 2131, 2235); sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332). Sections 50.13, 50.54(dd), and 50.103 also issued under sec. 108, 68 Stat. 939, as amended (42 U.S.C. 2138). Sections 50.23, 50.35, 50.55, and 50.56 also issued under sec. 185, 68 Stat. 955 (42 U.S.C. 2235). Sections 50.33a, 50.55a and Appendix Q also issued under sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332). Sections 50.34 and 50.54 also issued under sec. 204, 88 Stat. 1245 (42 U.S.C. 5844). Sections 50.58, 50.91, and 50.92 also issued under Pub. L. 97-415, 96 Stat. 2073 (42 U.S.C. 2239). Section 50.78 also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Sections 50.80--50.81 also issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234). Appendix F also issued under sec. 187, 68 Stat. 955 (42 U.S.C. 2237). 15. In Sec. 50.34, paragraph (e) is revised to read as follows: Sec. 50.34 Contents of applications; technical information. * * * * * (e) Each applicant for a license to operate a production or utilization facility shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements in Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. * * * * * 16. In Sec. 50.54, paragraph (v) is revised to read as follows: Sec. 50.54 Conditions of licenses. * * * * * (v) Each licensee subject to the requirements of part 73 of this chapter shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements in Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. * * * * * PART 52--EARLY SITE PERMITS; STANDARD DESIGN CERTIFICATIONS; AND COMBINED LICENSES FOR NUCLEAR POWER PLANTS 17. The authority citation for part 52 is revised to read as follows: Authority: Sec. 161, 68 Stat. 948, as amended, sec. 274, 73 Stat. 688 (42 U.S.C. 2201, 2021); sec. 201, 88 Stat. 1242, as amended (42 U.S.C. 5841); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Sections 150.3, 150.15, 150.15a, 150.31, 150.32 also issued under secs. 11e(2), 81, 68 Stat. 923, 935, as amended, secs. 83, 84, 92 Stat. 3033, 3039 (42 U.S.C. 2014e(2), 2111, 2113, 2114). Section 150.14 also issued under sec. 53, 68 Stat. 930, as amended (42 U.S.C. 2073). Section 150.15 also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 150.17a also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Section 150.30 also issued under sec. 234, 83 Stat. 444 (42 U.S.C. 2282). 18. In Sec. 52.17, paragraph (d) is added to read as follows: [[Page 64058]] Sec. 52.17 Contents of applications. * * * * * (d) Each applicant for an early site permit under this part shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21 and 73.22 of this chapter, as applicable. 19. In Sec. 52.47, paragraph (c) is added to read as follows: Sec. 52.47 Contents of applications. * * * * * (c) Each applicant for a standard design certification under this part shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21 and 73.22 of this chapter, as applicable. 20. In Sec. 52.79, paragraph (e) is added to read as follows: Sec. 52.79 Contents of application; technical information. * * * * * (e) Each applicant for a combined license under this subpart shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21 and 73.22 of this chapter, as applicable. PART 60--DISPOSAL OF HIGH-LEVEL RADIOACTIVE WASTES IN GEOLOGIC REPOSITORIES 21. The authority citation for part 60 is revised to read as follows: Authority: Secs. 51, 53, 62, 63, 65, 81, 161, 182, 183, 68 Stat. 929, 930, 932, 933, 935, 948, 953, 954, as amended (42 U.S.C. 2071, 2073, 2092, 2093, 2095, 2111, 2201, 2232, 2233); secs. 202, 206, 88 Stat. 1244, 1246 (42 U.S.C. 5842, 5846); secs. 10 and 14, Pub. L. 95-601, 92 Stat. 2951 (42 U.S.C. 2021a and 5851); sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332); secs. 114, 121, Pub. L. 97- 425, 96 Stat. 2213g, 2228, as amended (42 U.S.C. 10134, 10141), and Pub. L. 102-486, sec. 2902, 106 Stat. 3123 (42 U.S.C. 5851); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). 22. In Sec. 60.21, paragraph (d) is added to read as follows: Sec. 60.21 Content of application. * * * * * (d) The applicant for a license to receive and possess source, special nuclear, and byproduct material at a geologic repository operations area sited, constructed, or operated in accordance with the Nuclear Waste Policy Act of 1982 shall protect Safeguards Information in accordance with the requirements in Sec. 73.21 and the requirements in Sec. 73.22 or Sec. 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable. 23. In Sec. 60.42, paragraph (d) is added to read as follows: Sec. 60.42 Conditions of license. * * * * * (d) The licensee shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements in Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. The licensee shall ensure that classified information is protected in accordance with the requirements of parts 25 and 95 of this chapter, as applicable. PART 63--DISPOSAL OF HIGH-LEVEL RADIOACTIVE WASTES IN A GEOLOGIC REPOSITORY AT YUCCA MOUNTAIN, NEVADA 24. The authority citation for part 63 is revised to read as follows: Authority: Secs. 51, 53, 62, 63, 65, 81, 161, 182, 183, 68 Stat. 929, 930, 932, 933, 935, 948, 953, 954, as amended (42 U.S.C. 2071, 2073, 2092, 2093, 2095, 2111, 2201, 2232, 2233); secs. 202, 206, 88 Stat. 1244, 1246 (42 U.S.C. 5842, 5846); secs. 10 and 14, Pub. L. 95-601, 92 Stat. 2951 (42 U.S.C. 2021a and 5851); sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332); secs. 114, 121, Pub. L. 97- 425, 96 Stat. 2213g, 2238, as amended (42 U.S.C. 10134, 10141), and Pub. L. 102-486, sec. 2902, 106 Stat. 3123 (42 U.S.C. 5851); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). 25. In Sec. 63.21, paragraph (d) is added to read as follows: Sec. 63.21 Content of application. * * * * * (d) The applicant for a license to receive and possess source, special nuclear, and byproduct material at a geologic repository at Yucca Mountain, Nevada, shall protect Safeguards Information in accordance with the requirements in Sec. 73.21, and the requirements in Sec. 73.22, or Sec. 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable. 26. In Sec. 63.42, paragraph (e) is added to read as follows: Sec. 63.42 Conditions of license. * * * * * (e) The licensee shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. 73.21, and the requirements in Sec. 73.22, or Sec. 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable. PART 70--DOMESTIC LICENSING OF SPECIAL NUCLEAR MATERIAL 27. The authority citation for part 70 is revised to read as follows: Authority: Secs. 51, 53, 161, 182, 183, 68 Stat. 929, 930, 948, 953, 954, as amended, sec. 234, 83 Stat. 444, as amended, (42 U.S.C. 2071, 2073, 2201, 2232, 2233, 2282, 2297f); secs. 201, as amended, 202, 204, 206, 88 Stat. 1242, as amended, 1244, 1245, 1246 (42 U.S.C. 5841, 5842, 5845, 5846). Sec. 193, 104 Stat. 2835 as amended by Pub. L. 104-134, 110 Stat. 1321, 1321-349 (42 U.S.C. 2243); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Sections 70.1(c) and 70.20a(b) also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 70.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat. 2951 (42 U.S.C. 5851). Section 70.21(g) also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Section 70.31 also issued under sec. 57d, Pub. L. 93-377, 88 Stat. 475 (42 U.S.C. 2077). Sections 70.36 and 70.44 also issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234). Section 70.81 also issued under secs. 186, 187, 68 Stat. 955 (42 U.S.C. 2236, 2237). Section 70.82 also issued under sec. 108, 68 Stat. 939, as amended (42 U.S.C. 2138). 28. In Sec. 70.22, paragraph (l) is revised to read as follows: Sec. 70.22 Contents of applications. * * * * * (l) Each applicant for a license shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22, or 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable. * * * * * 29. In Sec. 70.32, paragraph (j) is revised to read as follows: Sec. 70.32 Conditions of licenses. * * * * * (j) Each licensee who possesses special nuclear material, or who transports, or delivers to a carrier for transport, a formula quantity of strategic special nuclear material, special nuclear material of moderate strategic significance, or special nuclear material of low strategic significance, or more than 100 grams of irradiated reactor fuel shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable, and shall protect classified information in accordance [[Page 64059]] with the requirements of parts 25 and 95 of this chapter, as applicable. * * * * * PART 71--PACKAGING AND TRANSPORTATION OF RADIOACTIVE MATERIAL 30. The authority citation for part 71 is revised to read as follows: Authority: Secs. 53, 57, 62, 63, 81, 161, 182, 183, 68 Stat. 930, 932, 933, 935, 948, 953, 954, as amended, sec. 1701, 106 Stat. 2951, 2952, 2953 (42 U.S.C. 2073, 2077, 2092, 2093, 2111, 2201, 2232, 2233, 2297f); secs. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Section 71.97 also issued under sec. 301, Pub. L. 96-295, 94 Stat. 789-790. 31. Section 71.11 is added to read as follows: Sec. 71.11 Protection of Safeguards Information. Each licensee, certificate holder, or applicant for a Certificate of Compliance for a transportation package for transport of irradiated reactor fuel, strategic special nuclear material, a critical mass of special nuclear material, or byproduct material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security, shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. PART 72--LICENSING REQUIREMENTS FOR THE INDEPENDENT STORAGE OF SPENT NUCLEAR FUEL, HIGH-LEVEL RADIOACTIVE WASTE, AND REACTOR- RELATED GREATER THAN CLASS C WASTE 32. The authority citation for part 72 is revised to read as follows: Authority: Secs. 51, 53, 57, 62, 63, 65, 69, 81, 161, 182, 183, 184, 186, 187, 189, 68 Stat. 929, 930, 932, 933, 934, 935, 948, 953, 954, 955, as amended, sec. 234, 83 Stat. 444, as amended (42 U.S.C. 2071, 2073, 2077, 2092, 2093, 2095, 2099, 2111, 2201, 2232, 2233, 2234, 2236, 2237, 2238, 2282); sec. 274, Pub. L. 86-373, 73 Stat. 688, as amended (42 U.S.C. 2021); sec. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846); Pub. L. 95-601, sec. 10, 92 Stat. 2951 as amended by Pub. L. 102- 486, sec. 7902, 106 Stat. 3123 (42 U.S.C. 5851); sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332); secs. 131, 132, 133, 135, 137, 141, Pub. L. 97-425, 96 Stat. 2229, 2230, 2232, 2241, sec. 148, Pub. L. 100-203, 101 Stat. 1330-235 (42 U.S.C. 10151, 10152, 10153, 10155, 10157, 10161, 10168); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 549 (2005). Section 72.44(g) also issued under secs. 142(b) and 148(c), (d), Pub. L. 100-203, 101 Stat. 1330-232, 1330-236 (42 U.S.C. 10162(b), 10168(c), (d)). Section 72.46 also issued under sec. 189, 68 Stat. 955 (42 U.S.C. 2239); sec. 134, Pub. L. 97-425, 96 Stat. 2230 (42 U.S.C. 10154). Section 72.96(d) also issued under sec. 145(g), Pub. L. 100-203, 101 Stat. 1330-235 (42 U.S.C. 10165(g)). Subpart J also issued under secs. 2(2), 2(15), 2(19), 117(a), 141(h), Pub. L. 97- 425, 96 Stat. 2202, 2203, 2204, 2222, 2224 (42 U.S.C. 10101, 10137(a), 10161(h)). Subparts K and L are also issued under sec. 133, 98 Stat. 2230 (42 U.S.C. 10153) and sec. 218(a), 96 Stat. 2252 (42 U.S.C. 10198). 33. In Sec. 72.22, paragraph (f) is added to read as follows: Sec. 72.22 Contents of application: General and financial information. * * * * * (f) Each applicant for a license under this part to receive, transfer, and possess power reactor spent fuel, power reactor-related Greater than Class C (GTCC) waste, and other radioactive materials associated with spent fuel storage in an independent spent fuel storage installation (ISFSI) shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23, as applicable. 34. In Sec. 72.44, paragraph (h) is added to read as follows: Sec. 72.44 License conditions. * * * * * (h) Each licensee subject to the requirements of part 73 of this chapter shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23, as applicable. 35. In Sec. 72.212, paragraph (b)(5)(v) is redesignated as (b)(5)(vi) and a new paragraph (b)(5)(v) is added to read as follows: Sec. 72.212 Conditions of general license issued under Sec. 72.210. * * * * * (b) * * * (5) * * * (v) Each general licensee that receives and possesses power reactor spent fuel and other radioactive materials associated with spent fuel storage shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. * * * * * 36. In Sec. 72.236, paragraph (n) is added to read as follows: Sec. 72.236 Specific requirements for spent fuel storage cask approval and fabrication. * * * * * (n) Safeguards Information shall be protected against unauthorized disclosure in accordance with the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. PART 73--PHYSICAL PROTECTION OF PLANTS AND MATERIALS 37. The authority citation for part 73 is revised to read as follows: Authority: Secs. 53, 161, 149, 68 Stat. 930, 948, as amended, sec. 147, 94 Stat. 780 (42 U.S.C. 2073, 2167, 2169, 2201); sec. 201, as amended, 204, 88 Stat. 1242, as amended, 1245, sec. 1701, 106 Stat. 2951, 2952, 2953 (42 U.S.C. 5841, 5844, 2297f); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Section 73.1 also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 73.37(f) also issued under sec. 301, Pub. L. 96-295, 94 Stat. 789 (42 U.S.C. 5841 note). Section 73.57 is issued under sec. 606, Pub. L. 99-399, 100 Stat. 876 (42 U.S.C. 2169). 38. In Sec. 73.1, paragraph (b)(7) is revised to read as follows: Sec. 73.1 Purpose and scope. * * * * * (b) * * * (7) This part prescribes requirements for the protection of Safeguards Information (including the designation or marking: Safeguards Information--Modified Handling) in the hands of any person, whether or not a licensee of the Commission, who produces, receives, or acquires that information. * * * * * 39. In Sec. 73.2, new definitions Background Check, Individual Authorized Access to Safeguards Information, Individual Authorized Access to Safeguards Information--Modified Handling, Quantities of Concern, Safeguards Information--Modified Handling, and Trustworthiness and Reliability, are added in alphabetical order and the definitions of Safeguards Information and ``Need to Know'' are revised to read as follows: Sec. 73.2 Definitions. * * * * * Background check includes, at a minimum, a criminal history check, verification of identity, employment history, education, and personal references. Individuals engaged in activities subject to regulation by the [[Page 64060]] Commission, applicants for licenses to engage in Commission-regulated activities, and individuals who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission are required under Sec. 73.57 to conduct criminal history checks before granting access to Safeguards Information. A background check must be sufficient to support the trustworthiness and reliability determination so that the person performing the check and the Commission have assurance that granting individuals access to Safeguards Information does not constitute an unreasonable risk to the public health and safety or the common defense and security. * * * * * Individual Authorized Access to Safeguards Information is an individual authorized to have access to and handle such information pursuant to the requirements of Sec. Sec. 73.21 and 73.22. Individual Authorized Access to Safeguards Information--Modified Handling is an individual authorized to have access to and handle such information pursuant to the requirements of Sec. Sec. 73.21 and 73.23 of this chapter. * * * * * ``Need to Know'' means a determination by a person having responsibility for protecting Safeguards Information that a proposed recipient's access to Safeguards Information is necessary in the performance of official, contractual, licensee, applicant, or certificate holder employment. In an adjudication, ``need to know'' means a determination by the originator of the information that the information is necessary to enable the proposed recipient to proffer and/or adjudicate a specific contention in that proceeding, and the proposed recipient of the specific Safeguards Information possesses demonstrable knowledge, skill, training, or education to effectively utilize the specific Safeguards Information in the proceeding. Where the information is in the possession of the originator and the NRC staff (dual possession), whether in its original form or incorporated into another document by the recipient, the NRC staff makes the determination. In the event of a dispute regarding the ``need to know'' determination, the presiding officer of the proceeding shall make the ``need to know'' determination. * * * * * Quantities of Concern means the quantities of the radionuclides meeting or exceeding the threshold limits set forth in Table I-1 of Appendix I of this part. * * * * * Safeguards Information means information not classified as National Security Information or Restricted Data which specifically identifies a licensee's or applicant's detailed control and accounting procedures for the physical protection of special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; detailed security measures (including security plans, procedures, and equipment) for the physical protection of source, byproduct, or special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; security measures for the physical protection of and location of certain plant equipment vital to the safety of production or utilization facilities; and any other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, the unauthorized disclosure of which, as determined by the Commission through order or regulation, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of source, byproduct, or special nuclear material. Safeguards Information--Modified Handling is the designation or marking applied to Safeguards Information which the Commission has determined requires handling requirements modified from the specific Safeguards Information handling requirements. * * * * * Trustworthiness and reliability are characteristics of an individual considered dependable in judgment, character, and performance, such that disclosure of Safeguards Information to that individual does not constitute an unreasonable risk to the public health and safety or common defense and security. A determination of trustworthiness and reliability is based upon a background check. * * * * * 40. Section 73.8(b) is revised to read as follows: Sec. 73.8 Information collection requirements: OMB approval. * * * * * (b) The approved information collection requirements contained in this part appear in Sec. Sec. 73.5, 73.20, 73.21, 73.22, 73.23, 73.24, 73.25, 73.26, 73.27, 73.37, 73.40, 73.45, 73.46, 73.50, 73.55, 73.56, 73.57, 73.60, 73.67, 73.70, 73.71, 73.72, 73.73, 73.74, and appendices B, C, and G. 41. Section 73.21 is revised to read as follows: Sec. 73.21 Protection of Safeguards Information: Performance Requirements. (a) General performance requirement. (1) Each licensee, applicant, or other person who produces, receives, or acquires Safeguards Information shall ensure that it is protected against unauthorized disclosure. To meet this general performance requirement, such licensees, applicants, or other persons subject to this section shall: (i) Establish, implement, and maintain an information protection system that includes the applicable measures for Safeguards Information specified in Sec. 73.22 related to: Power reactors; a formula quantity of strategic special nuclear material; transportation of or delivery to a carrier for transportation of a formula quantity of strategic special nuclear material or more than 100 grams of irradiated reactor fuel; uranium hexafluoride production facilities; fuel fabrication facilities; uranium enrichment facilities; independent spent fuel storage installations; and geologic repository operations areas. (ii) Establish, implement, and maintain an information protection system that includes the applicable measures for Safeguards Information specified in Sec. 73.23 related to: Panoramic and underwater irradiators that possess greater than 370 TBq (10,000 Ci) of byproduct material in the form of sealed sources; manufacturers and distributors of items containing source, byproduct, or special nuclear material in greater than or equal to Category 2 quantities of concern; research and test reactors that possess special nuclear material of moderate strategic significance or special nuclear material of low strategic significance; and transportation of greater than or equal to Category 2 quantities of concern. (2) Information protection procedures employed by Federal, State, and local law enforcement agencies are presumed to meet the general performance requirement in Sec. 73.21(a)(1). (b) Commission Authority. (1) Pursuant to Section 147 of the Atomic Energy Act of 1954, as amended, the [[Page 64061]] Commission may impose, by order or regulation, Safeguards Information protection requirements different from or in addition to those specified in this part on any person who produces, receives, or acquires Safeguards Information. (2) The Commission may require, by regulation or order, that information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, related to facilities or materials not specifically described in Sec. Sec. 73.21, 73.22 or 73.23 be protected under this part. 42. Section 73.22 is added to read as follows: Sec. 73.22 Protection of Safeguards Information: Specific Requirements. This section contains specific requirements for the protection of Safeguards Information related to power reactors; a formula quantity of strategic special nuclear material; transportation of or delivery to a carrier for transportation of a formula quantity of strategic special nuclear material or more than 100 grams of irradiated reactor fuel; uranium hexafluoride production facilities, fuel fabrication facilities, and uranium enrichment facilities; independent spent fuel storage installations; and geologic repository operations areas. (a) Information to be protected. The types of information and documents that must be protected as Safeguards Information include non- public security-related requirements such as: (1) Physical Protection. Information not classified as Restricted Data or National Security Information related to physical protection, including: (i) The composite physical security plan for the facility or site; (ii) Site specific drawings, diagrams, sketches, or maps that substantially represent the final design features of the physical security system not easily discernible by members of the public; (iii) Alarm system layouts showing the location of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power sources for security equipment, and duress alarms not easily discernible by members of the public; (iv) Physical security orders and procedures issued by the licensee for members of the security organization detailing duress codes, patrol routes and schedules, or responses to security contingency events; (v) Site-specific design features of plant security communications systems; (vi) Lock combinations, mechanical key design, or passwords integral to the physical security system; (vii) Documents and other matter that contain lists or locations of certain safety-related equipment explicitly identified in the documents as vital for purposes of physical protection, as contained in security plans, contingency measures, or plant specific safeguards analyses; (viii) The composite safeguards contingency plan/measures for the facility or site; (ix) The composite facility guard qualification and training plan/ measures disclosing features of the physical security system or response procedures; (x) Information relating to on-site or off-site response forces, including size, armament of response forces, and arrival times of such forces committed to respond to security contingency events; (xi) The Adversary Characteristics Document or other implementing guidance associated with the Design Basis Threat in Sec. 73.1; and (xii) Engineering and safety analyses, security-related procedures or scenarios, and other information revealing site-specific details of the facility or materials if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material. (2) Physical protection in transit. Information not classified as Restricted Data or National Security Information related to the transportation of, or delivery to a carrier for transportation of a formula quantity of strategic special nuclear material or more than 100 grams of irradiated reactor fuel, including: (i) The composite physical security plan for transportation; (ii) Schedules and itineraries for specific shipments of source material, byproduct material, high-level nuclear waste, or irradiated reactor fuel. Schedules for shipments of source material, byproduct material, high-level nuclear waste, or irradiated reactor fuel are no longer controlled as Safeguards Information 10 days after the last shipment of a current series; (iii) Vehicle immobilization features, intrusion alarm devices, and communications systems; (iv) Arrangements with and capabilities of local police response forces, and locations of safe havens; (v) Limitations of communications during transport; (vi) Procedures for response to security contingency events; (vii) Information concerning the tactics and capabilities required to defend against attempted sabotage, or theft and diversion of formula quantities of special nuclear material, irradiated reactor fuel, or related information; and (viii) Engineering or safety analyses, security-related procedures or scenarios and other information related to the protection of the transported material if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material. (3) Inspections, audits and evaluations. Information not classified as National Security Information or Restricted Data pertaining to safeguards and security inspections and reports, including: (i) Portions of inspection reports, evaluations, audits, or investigations that contain details of a licensee's or applicant's physical security system or that disclose uncorrected defects, weaknesses, or vulnerabilities in the system. Disclosure of corrected defects, weaknesses, or vulnerabilities is subject to an assessment taking into account such factors as trending analyses and the impacts of disclosure on licensees having similar physical security systems; and (ii) Reports of investigations containing general information may be released after corrective actions have been completed, unless withheld pursuant to other authorities, e.g., the Freedom of Information Act (5 U.S.C. 552). (4) Correspondence. Portions of correspondence insofar as they contain Safeguards Information as set forth in paragraphs (a)(1) through (a)(3) of this section. (5) Other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, that the Commission determines by order or regulation could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material or a facility. (b) Conditions for access. (1) Except as the Commission may otherwise authorize, no person may have access to Safeguards Information unless the person has an established ``need to know'' for the information and has undergone a Federal Bureau of [[Page 64062]] Investigation criminal history check using the procedures set forth in Sec. 73.57. (2) In addition, a person to be granted access to SGI must be trustworthy and reliable, based on a background check or other means approved by the Commission. (3) The categories of individuals specified in 10 CFR 73.59 are exempt from the criminal history and background check requirements in paragraphs (b)(1) and (b)(2) of this section by virtue of their occupational status: (4) For persons participating in an NRC adjudicatory proceeding other than those specified in Sec. 73.59, the ``need to know'' determination shall be made by the originator of the Safeguards Information upon receipt of a request for access to the Safeguards Information. Where the information is in the possession of the originator and the NRC staff, whether in its original form or incorporated into another document by the recipient, the NRC staff shall make the determination. In the event of a dispute regarding the ``need to know'' determination, the presiding officer of the proceeding shall determine whether the ``need to know'' findings in Sec. 73.2 can be made. (5) Except as the Commission may otherwise authorize, no person may disclose Safeguards Information to any other person except as set forth in this section. (c) Protection while in use or storage. (1) While in use, matter containing Safeguards Information must be under the control of an individual authorized access to Safeguards Information. This requirement is satisfied if the Safeguards Information is attended by such an individual even though the information is in fact not constantly being used. Safeguards Information within alarm stations, or rooms continuously occupied by authorized individuals need not be stored in a locked security storage container. (2) While unattended, Safeguards Information must be stored in a locked security storage container. The container shall not identify the contents of the matter contained and must preclude access by individuals not authorized access in accordance with the provisions of this section. Knowledge of lock combinations protecting Safeguards Information must be limited to a minimum number of personnel for operating purposes who have a ``need to know'' and are otherwise authorized access to Safeguards Information in accordance with the provisions of this part. Access to lock combinations must be strictly controlled so as to prevent disclosure to an individual not authorized access to Safeguards Information. (d) Preparation and marking of documents or other matter. (1) Each document or other matter that contains Safeguards Information as described in Sec. 73.21(a)(1)(i) and this section must be marked to indicate the presence of such information in a conspicuous manner on the top and bottom of each page. The first page of the document must also contain: (i) The name, title, and organization of the individual authorized to make a Safeguards Information determination, and who has determined that the document contains Safeguards Information; (ii) The date the determination was made; and (iii) An indication that unauthorized disclosure will be subject to civil and criminal sanctions. (2) In addition to the markings at the top and bottom of each page, any transmittal letters or memoranda to or from the NRC which do not in themselves contain Safeguards Information shall be marked to indicate that attachments or enclosures contain Safeguards Information but that the transmittal document does not (i.e., ``When separated from Safeguards Information enclosure(s), this document is decontrolled''). (3) Any transmittal document forwarding Safeguards Information must alert the recipient that protected information is enclosed. Certification that a document or other media contains Safeguards Information must include the name and title of the certifying official and date designated. Portion marking is required only for correspondence to and from the NRC (i.e., cover letters, but not attachments) that contains Safeguards Information. The portion marking must be sufficient to allow the recipient to identify and distinguish those sections of the transmittal document or other information containing the Safeguards Information from non-Safeguards Information. (4) Marking of documents containing or transmitting Safeguards Information shall, at a minimum include the words ``Safeguards Information'' to ensure identification of protected information for the protection of facilities and material covered by Sec. 73.22. (e) Reproduction of matter containing Safeguards Information. Safeguards Information may be reproduced to the minimum extent necessary consistent with need without permission of the originator. Equipment used to reproduce Safeguards Information must be evaluated to ensure that unauthorized individuals cannot access Safeguards Information (e.g., unauthorized individuals cannot access SGI by gaining access to retained memory or network connectivity). (f) External transmission of documents and material. (1) Documents or other matter containing Safeguards Information, when transmitted outside an authorized place of use or storage, must be packaged in two sealed envelopes or wrappers to preclude disclosure of the presence of protected information. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words ``Safeguards Information.'' The outer envelope or wrapper must be opaque, addressed to the intended recipient, must contain the address of the sender, and may not bear any markings or indication that the document contains Safeguards Information. (2) Safeguards Information may be transported by any commercial delivery company that provides service with computer tracking features, U.S. first class, registered, express, or certified mail, or by any individual authorized access pursuant to these requirements. (3) Except under emergency or extraordinary conditions, Safeguards Information shall be transmitted outside an authorized place of use or storage only by (a) NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or (b) electronic mail through the internet, provided that (i) the information is encrypted by the NRC-approved encryption modules and algorithms; (ii) the information is produced by a self contained secure automatic data process system; and (iii) transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission. Physical security events required to be reported pursuant to Sec. 73.71 are considered to be extraordinary conditions. (g) Processing of Safeguards Information on electronic systems. (1) Safeguards Information may be stored, processed or produced on a stand-alone computer (or computer system) for processing of Safeguards Information. ``Stand-alone'' means a computer or computer system to which access is limited to individuals authorized access to Safeguards Information. A stand-alone computer or [[Page 64063]] computer system shall not be physically or in any other way connected to a network accessible by users who are not authorized access to Safeguards Information. (2) Each computer not located within an approved and lockable security storage container that is used to process Safeguards Information must have a removable storage medium with a bootable operating system. The bootable operating system must be used to load and initialize the computer. The removable storage medium must also contain the software application programs, and all data must be processed and saved on the same removable storage medium. The removable storage medium must be secured in a locked security storage container when not in use. (3) A mobile device (such as a laptop computer) may also be used for the processing of Safeguards Information provided the device is secured in a locked security storage container when not in use. Other systems may be used if approved for security by the appropriate NRC office. (h) Removal from Safeguards Information category. Documents originally containing Safeguards Information must be removed from the Safeguards Information category at such time as the information no longer meets the criteria contained in this part. A review of such documents to make that determination shall be conducted every 10 years. Documents that are 10 years or older and designated as SGI or SGI-M shall be reviewed for a decontrol determination if they are currently in use or removed from storage. Care must be exercised to ensure that any document decontrolled not disclose Safeguards Information in some other form or be combined with other unprotected information to disclose Safeguards Information. The authority to determine that a document may be decontrolled shall be exercised only by the NRC or with NRC approval, or if possible, in consultation with the individual or organization that made the original determination. (i) Destruction of matter containing Safeguards Information. Documents or other media containing Safeguards Information shall be destroyed when no longer needed. The information can be destroyed by burning, shredding or any other method that precludes reconstruction by means available to the public at large. Piece sizes no wider than one quarter inch composed of several pages or documents and thoroughly mixed are considered completely destroyed. 43. Section 73.23 is added to read as follows: Sec. 73.23 Protection of Safeguards Information-Modified Handling: Specific Requirements. This section contains specific requirements for the protection of Safeguards Information related to panoramic and underwater irradiators that possess greater than 370 TBq (10,000 Ci) of byproduct material in the form of sealed sources; manufacturers and distributors of items containing source, byproduct, or special nuclear material in greater than or equal to Category 2 quantities of concern; transportation of more than 1,000 Tbq (27,000 Ci) but less than or equal to 100 grams of spent nuclear fuel; research and test reactors that possess special nuclear material of moderate strategic significance or special nuclear material of low strategic significance; and transportation of greater than or equal to Category 2 quantities of concern. The requirements of this section distinguish Safeguards Information requiring modified handling requirements (SGI-M) from Safeguards Information for facilities and materials needing a higher level of protection, as set forth in Sec. 73.22. (a) Information to be protected. The types of information and documents that must be protected as Safeguards Information-Modified Handling include non-public security-related requirements such as protective measures, interim compensatory measures, additional security measures, and the following, as applicable: (1) Physical Protection. Information not classified as Restricted Data or National Security Information related to physical protection, including: (i) The composite physical security plan for the facility or site; (ii) Site specific drawings, diagrams, sketches, or maps that substantially represent the final design features of the physical security system not easily discernible by members of the public; (iii) Alarm system layouts showing the location of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power sources for security equipment, and duress alarms not easily discernible by members of the public; (iv) Physical security orders and procedures issued by the licensee for members of the security organization detailing duress codes, patrol routes and schedules, or responses to security contingency events; (v) Site specific design features of plant security communications systems; (vi) Lock combinations, mechanical key design, or passwords integral to the physical security system; (vii) The composite facility guard qualification and training plan/ measures disclosing features of the physical security system or response procedures; (viii) Descriptions of security activities which disclose features of the physical security system or response measures; (ix) Information relating to onsite or offsite response forces, including size, armament of the response forces, and arrival times of such forces committed to respond to security contingency events; and (x) Engineering and safety analyses, security-related procedures or scenarios, and other information revealing site-specific details of the facility or materials if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material. (2) Physical protection in transit. Information not classified as Restricted Data or National Security Information related to the physical protection of shipments of more than 1000 Tbq (27,000 Ci) but less than or equal to 100 grams of spent nuclear fuel, source material and byproduct material in Category 2 quantities of concern, and special nuclear material in less than a formula quantity (except for those materials covered under Sec. 73.22), including: (i) Information regarding transportation security measures, including physical security plans and procedures, immobilization devices, and escort requirements, more detailed than NRC regulations; (ii) Scheduling and itinerary information for shipments (scheduling and itinerary information for shipments that are inherently self- disclosing, such as a shipment that created extensive news coverage or an announcement by a public official confirming receipt, may be decontrolled after shipment departure. Scheduling and itinerary information for shipments that are not inherently self-disclosing may be decontrolled 2 days after the shipment is completed. Scheduling and itinerary information used for the purpose of preplanning, coordination, and advance notification may be shared with others on a ``need to know'' basis and need not [[Page 64064]] be designated as Safeguards Information-Modified Handling); (iii) Arrangements with and capabilities of local police response forces, and locations of safe havens; (iv) Details of alarm and communication systems, communication procedures, and duress codes; (v) Procedures for response to security contingency events; and (vi) Engineering or safety analyses, security-related procedures or scenarios and other information related to the protection of the transported material if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material. (3) Inspections, audits and evaluations. Information not classified as National Security Information or Restricted Data pertaining to safeguards and security inspections and reports, including: (i) Portions of inspection reports, evaluations, audits, or investigations that contain details of a licensee's or applicant's physical security system or that disclose uncorrected defects, weaknesses, or vulnerabilities in the system. Disclosure of corrected defects, weaknesses, or vulnerabilities is subject to an assessment taking into account such factors as trending analyses and the impacts of disclosure on licensees having similar physical security systems; and (ii) Reports of investigations containing general information may be released after the corrective actions have been completed, unless withheld pursuant to other authorities, e.g., the Freedom of Information Act (5 U.S.C. 552). (4) Correspondence. Portions of correspondence insofar as they contain Safeguards Information designated as Safeguards Information- Modifed Handling, as set forth in paragraphs (a)(1) through (a)(3) of this section. (5) Other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, that the Commission determines by order or regulation could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material or a facility. (b) Conditions for access, (1) Except as the Commission may otherwise authorize, no person may have access to Safeguards Information designated as Safeguards Information-Modified Handling unless the person has an established ``need to know'' for the information and has undergone a Federal Bureau of Investigation criminal history check using the procedures set forth in Sec. 73.57. (2) In addition, a person to be granted access to SGI must be trustworthy and reliable, based on a background check or other means approved by the Commission. (3) The categories of individuals specified in 10 CFR Sec. 73.59 are exempt from the background check requirements in paragraphs (b)(1) and (b)(2) of this section by virtue of their occupational status: (4) For persons participating in an NRC adjudicatory proceeding other than those specified in Sec. 73.59, the ``need to know'' determination shall be made by the originator of the Safeguards Information upon receipt of a request for access to the Safeguards Information. Where the information is in the possession of the originator and the NRC staff, whether in its original form or incorporated into another document by the recipient, the NRC staff shall make the determination. In the event of a dispute regarding the ``need to know'' determination, the presiding officer of the proceeding shall determine whether the ``'need to know''' findings in Sec. 73.2 can be made. (5) Except as the Commission may otherwise authorize, no person may disclose Safeguards Information to any other person except as set forth in this section. (c) Protection while in use or storage. (1) While in use, matter containing Safeguards Information designated as Safeguards Information-Modified Handling must be under the control of an individual authorized access to such information. This requirement is satisfied if the Safeguards Information designated as Safeguards Information-Modified Handling is attended by such an individual even though the information is in fact not constantly being used. Safeguards Information designated as Safeguards Information- Modified Handling within alarm stations, or rooms continuously occupied by authorized individuals, need not be locked in a file drawer or cabinet. (2) While unattended, Safeguards Information designated as Safeguards Information-Modified Handling must be stored in a locked file drawer or cabinet. The container shall not identify the contents of the matter contained and must preclude access by individuals not authorized access in accordance with the provisions of this section. Knowledge of lock combinations or access to keys protecting Safeguards Information designated as Safeguards Information-Modified Handling must be limited to a minimum number of personnel for operating purposes who have a ``need to know'' and are otherwise authorized access to Safeguards Information in accordance with the provisions of this part. Access to lock combinations must be strictly controlled so as to prevent disclosure to an individual not authorized access to Safeguards Information designated as Safeguards Information-Modified Handling. (d) Preparation and marking of documents or other matter. (1) Each document or other matter that contains Safeguards Information designated as Safeguards Information-Modified Handling as described in Sec. 73.23(a) and in this section must be marked to indicate the presence of Safeguards Information with modified handling requirements in a conspicuous manner on the top and bottom of each page. The first page of the document must also contain: (i) The name, title, and organization of the individual authorized to make a ``Safeguards Information designated as Safeguards Information-Modified Handling'' determination, and who has determined that the document contains Safeguards Information designated as Safeguards Information-Modified Handling; (ii) The date the determination was made; and (iii) An indication that unauthorized disclosure will be subject to civil and criminal sanctions. (2) In addition to the markings at the top and bottom of each page, any transmittal letters or memoranda to or from the NRC which do not in themselves contain Safeguards Information designated as Safeguards Information-Modified Handling shall be marked to indicate that attachments or enclosures contain Safeguards Information designated as Safeguards Information-Modified Handling but that the transmittal document does not (i.e., ``When separated from Safeguards Information designated as Safeguards Information-Modified Handling enclosure(s), this document is decontrolled''). (3) Any transmittal document forwarding Safeguards Information designated as Safeguards Information-Modified Handling must alert the recipient that protected information is [[Page 64065]] enclosed. Certification that a document or other media contains Safeguards Information designated as Safeguards Information-Modified Handling must include the name and title of the certifying official and date designated. Portion marking is required only for correspondence to and from the NRC (i.e., cover letters, but not attachments) that contains Safeguards Information designated as Safeguards Information- Modified Handling. The portion marking must be sufficient to allow the recipient to identify and distinguish those sections of the transmittal document or other information containing the Safeguards Information from non-Safeguards Information. (4) Marking of documents containing or transmitting Safeguards Information with modified handling requirements shall, at a minimum include the words ``Safeguards Information-Modified Handling'' to ensure identification of protected information for the protection of facilities and material covered by Sec. 73.23. (e) Reproduction of matter containing Safeguards Information designated as Safeguards Information-Modified Handling. Safeguards Information designated as Safeguards Information-Modified Handling may be reproduced to the minimum extent necessary, consistent with need, without permission of the originator. Equipment used to reproduce Safeguards Information designated as Safeguards Information-Modified Handling must be evaluated to ensure that unauthorized individuals cannot access the information (e.g., unauthorized individuals cannot access SGI by gaining access to retained memory or network connectivity). (f) External transmission of documents and material. (1) Documents or other matter containing Safeguards Information designated as Safeguards Information-Modified Handling, when transmitted outside an authorized place of use or storage, must be packaged in two sealed envelopes or wrappers to preclude disclosure of the presence of protected information. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words ``Safeguards Information-Modified Handling.'' The outer envelope or wrapper must be opaque, addressed to the intended recipient, must contain the address of the sender, and may not bear any markings or indication that the document contains Safeguards Information designated as Safeguards Information-Modified Handling. (2) Safeguards Information designated Safeguards Information- Modified Handling may be transported by any commercial delivery company that provides service with computer tracking features, U.S. first class, registered, express, or certified mail, or by any individual authorized access pursuant to these requirements. (3) Except under emergency or extraordinary conditions, Safeguards Information designated as Safeguards Information-Modified Handling must be transmitted electronically only by protected telecommunications circuits (including facsimile) or encryption (Federal Information Processing Standard [FIPS] 140-2 or later) approved by the appropriate NRC office. For the purpose of this section, emergency or extraordinary conditions are defined as any circumstances that require immediate communications in order to report, summon assistance for, or respond to a security contingency event or an event that has potential security significance. Physical security events required to be reported pursuant to Sec. 73.71 are considered to be extraordinary conditions. (g) Processing of Safeguards Information-Modified Handling on electronic systems. (1) Safeguards Information designated for modified handling may be stored, processed or produced on a computer or computer system, provided that the system is assigned to the licensee's or contractor's facility. Safeguards Information designated as Safeguards Information- Modified Handling files must be protected, either by a password or encryption, to prevent unauthorized individuals from gaining access. Word processors such as typewriters are not subject to these requirements as long as they do not transmit information off-site. (Note: if Safeguards Information designated as Safeguards Information- Modified Handling is produced on a typewriter, the ribbon must be removed and stored in the same manner as other Safeguards Information designated as Safeguards Information-Modified Handling.) (2) Safeguards Information designated as Safeguards Information- Modified Handling files may be transmitted over a network if the file is encrypted. In such cases, the licensee will select a commercially available encryption system that the National Institute of Standards and Technology (NIST) has validated as conforming to Federal Information Processing Standards (FIPS). Safeguards Information designated as Safeguards Information-Modified Handling files shall be properly labeled to indicate the presence of Safeguards Information with modified handling requirements and saved to removable media and stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be used for the processing of Safeguards Information designated as Safeguards Information-Modified Handling provided the device is secured in an appropriate locked storage container when not in use. Other systems may be used if approved for security by the appropriate NRC office. (h) Removal from Safeguards Information-Modified Handling category. Documents originally containing Safeguards Information designated as Safeguards Information-Modified Handling must be removed from the Safeguards Information category at such time as the information no longer meets the criteria contained in this Part. A review of such documents to make that determination shall be conducted every 10 years. Documents that are 10 years or older and designated as SGI or SGI-M shall be reviewed for a decontrol determination if they are currently in use or removed from storage. Care must be exercised to ensure that any document decontrolled shall not disclose Safeguards Information in some other form or be combined with other unprotected information to disclose Safeguards Information. The authority to determine that a document may be decontrolled shall be exercised only by the NRC or with NRC approval, or if possible, in consultation with the individual or organization that made the original determination. (i) Destruction of matter containing Safeguards Information designated as Safeguards Information-Modified Handling. Documents or other media containing Safeguards Information shall be destroyed when no longer needed. The information can be destroyed by burning, shredding, or any other method that precludes reconstruction by means available to the public at large. Piece sizes no wider than one quarter inch composed of several pages or documents and thoroughly mixed are considered completely destroyed. 44. In Sec. 73.37, paragraphs (f)(2)(iv), (f)(3)(iii) and (iv), and (g) are revised as follows: Sec. 73.37 Requirement for the physical protection of irradiated reactor fuel in transit. (f) * * * (2) * * * (iv) A statement that the information described below in Sec. 73.37(f)(3) is required by NRC regulations to be [[Page 64066]] protected in accordance with the requirements of Sec. Sec. 73.21 and 73.22. (3) * * * (iii) For the case of a single shipment whose schedule is not related to the schedule of any subsequent shipment, a statement that schedule information must be protected in accordance with the provisions of Sec. Sec. 73.21 and 73.22 until at least 10 days after the shipment has entered or originated within the state. (iv) For the case of a shipment in a series of shipments whose schedules are related, a statement that schedule information must be protected in accordance with the provisions of Sec. Sec. 73.21 and 73.22 until 10 days after the last shipment in the series has entered or originated within the state and an estimate of the date on which the last shipment in the series will enter or originate within the state. * * * * * (g) State officials, state employees, and other individuals, whether or not licensees of the Commission, who receive schedule information of the kind specified in Sec. 73.37(f)(3) shall protect that information against unauthorized disclosure as specified in Sec. Sec. 73.21 and 73.22. 45. In Sec. 73.57 paragraphs (a)(1) and (2) and (b)(2)(i) and (ii) are revised and paragraph (e)(3) is added to read as follows: Sec. 73.57 Requirements for criminal history checks of individuals granted unescorted access to a nuclear power facility or access to Safeguards Information. (a) General. (1) Each licensee who is authorized to operate a nuclear power reactor under part 50 or to engage in an activity subject to regulation by the Commission shall comply with the requirements of this section. (2) Each applicant for a license to operate a nuclear power reactor under part 50 of this chapter or to engage in an activity subject to regulation by the Commission, as well as each entity who has provided written notice to the Commission of intent to file an application for licensing, certification, permitting, or approval of a product subject to regulation by the Commission shall submit fingerprints for those individuals who will have access to Safeguards Information. (b) * * * (2) * * * (i) For unescorted access to the nuclear power facility or (but must adhere to provisions contained in Sec. Sec. 73.21 and 73.22): NRC employees and NRC contractors on official agency business; individuals responding to a site emergency in accordance with the provisions of Sec. 73.55(a); a representative of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement at designated facilities who has been certified by the NRC; law enforcement personnel acting in an official capacity; State or local government employees who have had equivalent reviews of FBI criminal history data; and individuals employed at a facility who possess ``Q'' or ``L'' clearances or possess another active government granted security clearance, i.e, Top Secret, Secret, or Confidential; (ii) For access to Safeguards Information only but must adhere to provisions contained in Sec. Sec. 73.21, 73.22, and 73.23: The categories of individuals specified in 10 CFR Sec. 73.59. * * * * * (e) * * * (3) In addition to the right to obtain records from the FBI in paragraph (e)(1) of this section and the right to initiate challenge procedures in paragraph (e)(2) of this section, an individual participating in an NRC adjudication and seeking to obtain SGI for use in that adjudication may appeal a final adverse determination by the NRC Office of Administration to the Presiding Officer of the proceeding. Potential witnesses, participants without attorneys, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request that the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. * * * * * 46. In Sec. 73.59 is revised to read as follows: Sec. 73.59. Relief from fingerprinting, identification and criminal history records checks and background checks for designated categories of individuals. Fingerprinting, and the identification and criminal history records checks required by section 149 of the Atomic Energy Act of 1954, as amended, and background checks are not required for the following individuals prior to granting access to Safeguards Information or Safeguards Information designated as Safeguards Information--Modifed Handling as defined in 10 CFR 73.2: (a) An employee of the Commission or the Executive Branch of the United States government who has undergone fingerprinting for a prior U.S. government criminal history check; (b) A member of Congress; (c) An employee of a member of Congress or Congressional committee who has undergone fingerprinting for a prior U.S. government criminal history check; (d) The Comptroller General or an employee of the Government Accountability Office who has undergone fingerprinting for a prior U.S. Government criminal history check. (e) The Governor of a State or his or her designated State employee representative; (f) A representative of a foreign government organization that is involved in planning for, or responding to, nuclear or radiological emergencies or security incidents who the Commission approves for access to Safeguards Information or Safeguards Information designated as Safeguards Information--Modifed Handling; (g) Federal, State, or local law enforcement personnel; (h) State Radiation Control Program Directors and State Homeland Security Advisors or their designated State employee representatives; (i) Agreement State employees conducting security inspections on behalf of the NRC pursuant to an agreement executed under section 274.i. of the Atomic Energy Act; (j) Representatives of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement who have been certified by the NRC; (k) Any agent, contractor, or consultant of the aforementioned persons who has undergone equivalent criminal history and background checks to those required by 10 CFR Sec. Sec. 73.22(b) or 73.23(b). 47. A new Appendix I to part 73 is added to read as follows: Appendix I to Part 73--Category 1 and 2 Radioactive Materials [[Page 64067]] Table I-1.--Quantities of Concern Threshold Limits -------------------------------------------------------------------------------------------------------------------------------------------------------- Category 1 Category 2 Radionuclides ------------------------------------------------------------------------------------------------------------------- Terabecquerels (TBq) Curies (Ci)1 Terabecquerels (TBq) Curies (Ci)1 -------------------------------------------------------------------------------------------------------------------------------------------------------- Americium-241....................... 6x10\1\ 1.6x10\3\ 6x10-\1\ 1.6x10\1\ Americium-241/Be.................... 6x10\1\ 1.6x10\3\ 6x10-\1\ 1.6x10\1\ Californium-252..................... 2x101 5.4x10\2\ 2x10-\1\ 5.4 Curium-244.......................... 5x10\1\ 1.4x10\3\ 5x10-\1\ 1.4x10\1\ Cobalt-60........................... 3x10\1\ 8.1x10\2\ 3x10-\1\ 8.1 Cesium-137.......................... 1x10\2\ 2.7x10\3\ 1 2.7x10\1\ Gadolinium-153...................... 1x10\3\ 2.7x10\4\ 1x10\1\ 2.7x10\2\ Iridium-192......................... 8x10\1\ 2.2x10\3\ 8x10-\1\ 2.2x10\1\ Promethium-147...................... 4x10\4\ 1.1x10\6\ 4x10\2\ 1.1x10\4\ Plutonium-238....................... 6x10\1\ 1.6x10\3\ 6x10-\1\ 1.6x10\1\ Plutonium-239/Be.................... 6x10\1\ 1.6x10\3\ 6x10-\1\ 1.6x10\1\ Radium-226.......................... 4x10\1\ 1.1x10\3\ 4x10-\1\ 1.1x10\1\ Selenium-75......................... 2x10\2\ 5.4x10\3\ 2 5.4x10\1\ Strontium-90 (Y-90)................. 1x10\3\ 2.7x10\4\ 1x10\1\ 2.7x10\2\ Thulium-170......................... 2x10\4\ 5.4x10\5\ 2x10\2\ 5.4x10\3\ Ytterbium-169....................... 3x10\2\ 8.1x10\3\ 3 8.1x10\1\ -------------------------------------------------------------------------------------------------------------------------------------------------------- \1\ The regulatory standard values are given in TBq. Curie (Ci) values are provided for practical usefulness only and are rounded after conversion. Calculations Concerning Multiple Sources or Multiple Radionuclides The ``sum of fractions'' methodology for evaluating combinations of multiple sources or multiple radionuclides, is to be used in determining whether a facility or activity meets or exceeds the threshold limits and is thus subject to the physical and/or information security requirements of this part. I. If multiple sources and/or multiple radionuclides are present in a facility or activity, the sum of the fractions of the activity of each of the radionuclides must be determined to verify the facility or activity is less than the Category 1 or 2 limits of Table 1, as appropriate. Otherwise, if the calculated sum of the fractions ratio, using the following equation, is greater than or equal to 1.0, then the facility or activity meets or exceeds the threshold limits of Table 1 and the applicable physical and/or information security provisions of this part apply. II. Use the equation below to calculate the sum of the fractions ratio by inserting the actual activity of the applicable radionuclides from Table 1 or of the individual sources (of the same radionuclides from Table 1) in the numerator of the equation and the corresponding threshold activity limit from the Table 1 in the denominator of the equation. Sum of the fraction calculations must be performed in metric values (i.e., TBq) and the numerator and denominator values must be in the same units. R1 = activity for radionuclides or source number 1 R2 = activity for radionuclides or source number 2 Rn = activity for radionuclides or source number n AR1 = activity limit for radionuclides or source number 1 AR2 = activity limit for radionuclides or source number 2 ARn = activity limit for radionuclides or source number n [GRAPHIC] [TIFF OMITTED] TP31OC06.032 PART 76--CERTIFICATION OF GASEOUS DIFFUSION PLANTS 48. The authority citation for part 76 is revised to read as follows: Authority: Secs. 161, 68 Stat. 948, as amended, secs. 1312, 1701, as amended, 106 Stat. 2932, 2951, 2952, 2953, 110 Stat. 1321- 349 (42 U.S.C. 2201, 2297b-11, 2297f); secs. 201, as amended, 204, 206, 88 Stat. 1244, 1245, 1246 (42 U.S.C. 5841, 5842, 5845, 5846). Sec 234(a), 83 Stat. 444, as amended by Pub. L. 104-134, 110 Stat. 1321, 1321-349 (42 U.S.C. 2243(a)); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 549 (2005). Sec. 76.7 also issued under Pub. L. 95-601. Sec. 10, 92 Stat 2951 (42 U.S.C. 5851). Sec. 76.22 is also issued under sec. 193(f), as amended, 104 Stat. 2835, as amended by Pub. L. 104-134, 110 Stat. 1321, 1321-349 (42 U.S.C. 2243(f)). Sec. 76.35(j) also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). 49. In Sec. 76.113, paragraph (c) is revised to read as follows: Sec. 76.113 Formula quantities of strategic special nuclear material--Category I. * * * * * (c) The requirements for the protection of Safeguards Information pertaining to formula quantities of strategic special nuclear material (Category I) are contained in Sec. Sec. 73.21 and 73.22 and parts 25 and 95 of this chapter. Information designated by the U.S. Department of Energy (DOE) as Unclassified Controlled Nuclear Information must be protected in accordance with DOE requirements. * * * * * 50. In Sec. 76.115, paragraph (d) is added to read as follows: Sec. 76.115 Special nuclear material of moderate strategic significance-- Category II. * * * * * (d) The requirements for the protection of Safeguards Information pertaining to special nuclear material of moderate strategic significance--Category II are contained in Sec. Sec. 73.21 and 73.22 of this chapter. 51. In Sec. 76.117, paragraph (c) is added to read as follows: Sec. 76.117 Special nuclear material of low strategic significance-- Category III. * * * * * (c) The requirements for the protection of Safeguards Information pertaining to special nuclear material of low strategic significance-- Category III are contained in Sec. Sec. 73.21 and 73.22 of this chapter. PART 150--EXEMPTIONS AND CONTINUED REGULATORY AUTHORITY IN AGREEMENT STATES AND IN OFFSHORE WATERS UNDER SECTION 274 52. The authority citation for part 150 is revised to read as follows: Authority: Sec. 161, 68 Stat. 948, as amended, sec. 274, 73 Stat. 688 (42 U.S.C. 2201, 2021); sec. 201, 88 Stat. 1242, as [[Page 64068]] amended (42 U.S.C. 5841); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Sections 150.3, 150.15, 150.15a, 150.31, 150.32 also issued under secs. 11e(2), 81, 68 Stat. 923, 935, as amended, secs. 83, 84, 92 Stat. 3033, 3039 (42 U.S.C. 2014e(2), 2111, 2113, 2114). Section 150.14 also issued under sec. 53, 68 Stat. 930, as amended (42 U.S.C. 2073). Section 150.15 also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 150.17a also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Section 150.30 also issued under sec. 234, 83 Stat. 444 (42 U.S.C. 2282). 53. In Sec. 150.15, paragraph (a)(9) is added to read as follows: Sec. 150.15 Persons not exempt. (a) * * * (9) The requirements for the protection Safeguards Information in Sec. 73.21 and the requirements in Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. * * * * * Dated at Rockville, Maryland this 19th day of October 2006. Annette L. Vietti-Cook, Secretary of the Commission. [FR Doc. 06-8900 Filed 10-30-06; 8:45 am] BILLING CODE 7590-01-P