[Federal Register: October 24, 2008 (Volume 73, Number 207)] [Rules and Regulations] [Page 63545-63582] Nuclear Regulatory Commission ----------------------------------------------------------------------- 10 CFR Parts 2, 30, 40, et al., Protection of Safeguards Information; Final Rule [[Page 63546]] ----------------------------------------------------------------------- NUCLEAR REGULATORY COMMISSION 10 CFR Parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, and 150 RIN 3150-AH57 [NRC-2005-0001] Protection of Safeguards Information AGENCY: Nuclear Regulatory Commission. ACTION: Final rule. ----------------------------------------------------------------------- SUMMARY: The Nuclear Regulatory Commission (NRC) is amending its regulations for the protection of Safeguards Information (SGI) to protect SGI from inadvertent release and unauthorized disclosure which might compromise the security of nuclear facilities and materials. The amendments modify the requirements for the protection of SGI with respect to persons, information, and materials subject to the regulations, as well as those that are not. These amendments are within the scope of Commission authority under the Atomic Energy Act of 1954, as amended (AEA). The NRC published a proposed rule on SGI on February 11, 2005, and published a revised proposed rule on October 31, 2006, to allow for public comment on changes to the proposed rule text made for the following reasons: In response to public comments, to reflect amendments to the AEA in the Energy Policy Act of 2005 (EPAct), and to reflect Commission Orders issued to licensees authorized to possess and transfer items containing certain quantities of radioactive material. The NRC is now publishing this final rule, in which the NRC is responding to the comments that have been received and is making appropriate changes to the text of the revised proposed rule. DATES: This rule is effective on February 23, 2009. Licensees and other persons subject to this rule are required to implement this rule by February 23, 2009. Licensees required to submit to the NRC any changes to security plans under these regulations are required to submit such changes to the NRC by this effective date. ADDRESSES: You can access publicly available documents related to this document using the following methods: Federal e-Rulemaking Portal: Go to http://www.regulations.gov and search for documents filed under Docket ID NRC-2005-0001. Address questions about NRC dockets to Carol Gallagher 301-415-5905; e-mail Carol.Gallagher@nrc.gov. NRC's Public Document Room (PDR): The public may examine and have copied for a fee, publicly available documents at the NRC's PDR, Public File Area O1-F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland. NRC's Agencywide Documents Access and Management System (ADAMS): Publicly available documents created or received at the NRC are available electronically at the NRC's Electronic Reading Room at http:/ /www.nrc.gov/reading-rm/adams.html. From this page, the public can gain entry into ADAMS, which provides text and image files of NRC's public documents. If you do not have access to ADAMS or if there are problems in accessing the documents located in ADAMS, contact the NRC's PDR reference staff at 1-800-397-4209, 301-415-4737, or by e-mail to pdr.resource@nrc.gov. FOR FURTHER INFORMATION CONTACT: Jason Zorn, Attorney, Office of the General Counsel, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone (301) 415-8350, e-mail jason.zorn@nrc.gov; or Bernard Stapleton, Office of Nuclear Security and Incident Response, Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone (301) 415-2432, e-mail bernard.stapleton@nrc.gov. SUPPLEMENTARY INFORMATION: I. Background II. Need for Rule III. Purpose of Rulemaking IV. Discussion A. Resolution of Public Comments on the Revised Proposed Rule 1. Overview of Comments on the Revised Proposed Rule 2. Comments and Issues, and Their Resolution in the Final Rule B. Analysis of Changes Made in the Final Rule to the Text of the Revised Proposed Rule V. Criminal Penalties VI. Agreement State Issues VII. Voluntary Consensus Standards VIII. Finding of No Significant Impact: Environmental Assessment IX. Paperwork Reduction Act Statement X. Regulatory Analysis XI. Regulatory Flexibility Certification XII. Backfit Analysis XIII. Congressional Review Act I. Background On February 11, 2005 (70 FR 7196), the NRC published a proposed rule to amend 10 CFR parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, and 150 governing the handling of Safeguards Information (SGI) and to create a new category of protected material, Safeguards Information--Modified Handling (SGI-M). Subsequently, Congress passed the Energy Policy Act of 2005 (EPAct), Public Law No. 109-58, 119 Stat. 594. Section 652 of the EPAct amended section 149 of the Atomic Energy Act of 1954, as amended (AEA) to require fingerprinting, for criminal history records check purposes, of a broader class of persons. Before the EPAct, the NRC's fingerprinting authority was limited to requiring licensees and applicants for a license to operate a nuclear power reactor under 10 CFR part 50 to fingerprint individuals prior to granting access to SGI. The EPAct expanded the NRC's authority to require fingerprinting of individuals before granting them access to SGI. Under the EPAct, fingerprinting by the following individuals or entities is necessary before granting access to SGI: (1) Individuals licensed or certified to engage in an activity subject to regulation by the Commission, including utilization facilities; (2) Individuals who have filed an application for a license or certificate to engage in Commission-regulated activities; and (3) Individuals who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission. The EPAct preserved the Commission's authority in Section 149 to relieve by rule certain persons from the fingerprinting, identification, and criminal history records checks required for access to SGI. The Commission exercised that authority to relieve by rule certain categories of persons from those requirements, including Federal, State, and local officials involved in security planning and incident response; Agreement State employees who evaluate licensee compliance with NRC-issued security-related orders; members of Congress who request SGI as part of their oversight function; and certain foreign representatives. These exemptions are based on the Commission's findings that interrupting those individuals' access to SGI to perform fingerprinting and criminal history records checks (1) would harm vital inspection, oversight, planning, and enforcement functions, (2) would impair communications among the NRC, its licensees, and first responders in the event of an imminent security threat or other emergency, and (3) could strain the Commission's cooperative relationships with its international counterparts, and might delay needed exchanges of information to the detriment of current security initiatives both at home and abroad. The final rule was published in the Federal Register [[Page 63547]] on June 13, 2006 (71 FR 33989). That final rule was necessary to avoid disruption of the Commission's information sharing activities during the interim period while the Commission completed the overall revision of the SGI-related regulations in this rulemaking. SGI is a special category of sensitive unclassified information to be protected from unauthorized disclosure under Section 147 of the Atomic Energy Act of 1954, as amended (AEA). Although SGI is considered to be sensitive unclassified information, it is handled and protected more like Classified National Security Information than like other sensitive unclassified information (e.g., privacy and proprietary information). Part 73, ``Physical Protection of Plants and Materials,'' of the NRC's regulations in Title 10 of the Code of Federal Regulations (CFR) contains requirements for the protection of SGI. Commission orders issued since September 11, 2001, have also imposed requirements for the designation and protection of SGI. These requirements apply to SGI in the hands of any person, whether or not a licensee of the Commission, who produces, receives, or acquires SGI. An individual's access to SGI requires both a valid ``need to know'' for the information and an authorization based on an appropriate background check. Power reactors, certain research and test reactors, and independent spent fuel storage installations are examples of the categories of licensees currently subject to the provisions of 10 CFR part 73 for the protection of SGI. Examples of the types of information designated as SGI include the physical security plan for a licensee's facility, the design features of a licensee's physical protection system, and operational procedures for the licensee's security organization. The Commission has authority under Section 147 of the AEA to designate, by regulation or order, other types of information as SGI. For example, Section 147a.(2) allows the Commission to designate as SGI a licensee's or applicant's detailed security measures (including security plans, procedures and equipment) for the physical protection of source material or byproduct material in quantities determined by the Commission to be significant to the public health and safety or the common defense and security. The Commission has, by order, imposed SGI handling requirements on certain categories of these licensees. An example is the November 25, 2003, Order issued to certain materials licensees.\1\ --------------------------------------------------------------------------- \1\ This Order was published in the Federal Register as ``All Licensees Authorized to Manufacture or Initially Transfer Items Containing Radioactive Material for Sale or Distribution and Who Possess Certain Radioactive Material of Concern and All Persons Who Obtain Safeguards Information Described Herein; Order Issued on November 25, 2003, Imposing Requirements for the Protection of Certain Safeguards Information (Effective Immediately),'' (69 FR 3397; January 23, 2004). --------------------------------------------------------------------------- Violations of SGI handling and protection requirements, whether those specified in part 73 or those imposed by order, are subject to the applicable civil and criminal sanctions. Licensee employees, past or present, and all other persons who have had access to SGI have a continuing obligation to protect SGI in order to prevent inadvertent release and unauthorized disclosure. Information designated as SGI must be withheld from public disclosure and must be physically controlled and protected. Protection requirements include (1) secure storage; (2) document marking; (3) restriction of access; (4) limited reproduction; (5) protected transmission; and (6) controls for information processing on electronic systems. Inadequate protection of SGI, including unauthorized disclosure, may result in civil and/or criminal penalties. The AEA explicitly provides in Section 147a. that ``any person, whether or not a licensee of the Commission, who violates any regulations adopted under this section shall be subject to the civil monetary penalties of Section 234 of this Act.'' Furthermore, willful violation of any regulation or order governing SGI is a felony subject to criminal penalties in the form of fines or imprisonment, or both, as prescribed in Section 223 of the AEA. II. Need for Rule Changes in the threat environment have revealed the need to protect as SGI additional types of security information held by a broader group of persons, including licensees, applicants, vendors, and certificate holders. The regulations in effect prior to this rule did not specify all of the types of information that could be designated as SGI and are now recognized to be significant to the public health and safety or the common defense and security. The unauthorized release of this information could result in harm to the public health and safety and the Nation's common defense and security, as well as damage to the Nation's critical infrastructure, including nuclear power plants and other facilities and materials licensed and regulated by the NRC or Agreement States. Since September 11, 2001, the NRC has issued orders that have increased the number of licensees whose security measures will be protected as SGI and added types of security information considered to be SGI. Orders have been issued to power reactor licensees, fuel cycle facility licensees, certain source material licensees, and certain byproduct material licensees. Some of the orders expanded the types of information to be protected by licensees who already have an SGI protection program, such as nuclear power reactor licensees. Other orders were issued to licensees that have not previously been subject to SGI protection requirements in the regulations, such as certain licensees authorized to manufacture or initially transfer items containing radioactive material.\2\ Some orders imposed a new designation: Safeguards Information-Modified Handling (SGI-M). --------------------------------------------------------------------------- \2\ See Order (69 FR 3397; January 23, 2004). --------------------------------------------------------------------------- SGI-M refers to SGI with handling requirements that are modified somewhat due to the lower risk posed by unauthorized disclosure of the information. The SGI-M protection requirements apply to certain security-related information regarding quantities of source, byproduct, and special nuclear materials for which the harm caused by unauthorized disclosure of information would be less than that for other SGI. Some of the requirements imposed by orders that have increased the types of information to be considered SGI are not covered by the current regulations. Although new SGI requirements could continue to be imposed through the issuance of orders, the regulations would not reflect current Commission SGI policy and/or requirements. III. Purpose of Rulemaking NRC staff review of the SGI regulatory program indicates that changes in the regulations are needed to address issues such as access to SGI, types of security information to be protected, and handling and storage requirements. This rulemaking will: (1) Revise the definition of ``need to know'' in 10 CFR 73.2; (2) Implement expanded fingerprinting and criminal history records check procedures for broader categories of individuals who will have access to SGI unless exempt from those requirements; (3) Implement a requirement for background checks to determine trustworthiness and reliability for [[Page 63548]] individuals who will have access to SGI unless exempt from those requirements; (4) Implement generally applicable requirements for SGI that are similar to requirements imposed by the orders; (5) Expand the scope of part 73 to include additional categories of licensees (e.g., source and byproduct material licensees, research and test reactors not previously covered, and fuel cycle facilities not previously covered). As expanded, vendors, applicants and certificate holders are also within the scope of the rule; (6) Expand the types of security information covered by the definition of SGI in Sec. 73.2 and the information categories described in Sec. Sec. 73.22 and 73.23 to include detailed security measures for the physical protection of byproduct, source, and special nuclear material; emergency planning scenarios and implementing procedures; uncorrected vulnerabilities or weaknesses in a security system; and certain training and qualification information; (7) Clarify requirements for obtaining access to SGI in the context of adjudications and clarify the appeal procedures available; (8) Modify the original proposed rule to align it with the final rule in 10 CFR 73.59 granting relief from the fingerprinting, identification and criminal history records checks and background checks for designated categories of individuals; and (9) Modify 10 CFR 73.59 to make it consistent with the language and structure of the proposed SGI rule. In the development of the rule, a graded approach, based on the risks and consequences of information disclosure, was used to determine which category of licensee or type of information would be subject to certain protection requirements. This graded approach was applied to issues such as the type of information to be protected, the classes of licensees subject to the rule, and the level of handling requirements necessary for the various licensees. For example, the graded approach allows certain licensees to employ the modified-handling procedures introduced in recent orders and now set forth in the SGI-M provisions of this final rule. The requirements set forth in this final rule are the minimum restrictions the Commission finds necessary to protect SGI against inadvertent release or unauthorized disclosure which might compromise the health and safety of the public or the common defense and security. The final rule covers those facilities and materials the Commission has already determined need to be protected against theft or sabotage. The categories of information constituting SGI relate to the types of facilities and the quantities of special nuclear material, source material and byproduct material determined by the Commission to be significant and therefore subject to protection against unauthorized disclosure pursuant to Section 147 of the AEA. Unauthorized release of SGI could reduce the deterrence value of systems and measures used to protect nuclear facilities and materials and allow for the possible compromise of those facilities and materials. Such disclosures could also facilitate advance planning by an adversary intent on committing acts of theft or sabotage against the facilities and materials within the scope of this rule. Further, the Commission has determined, pursuant to Section 147a.(3)(B) of the AEA, that the unauthorized disclosure of SGI could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of nuclear material or a facility. IV. Discussion A. Resolution of Public Comments on the Revised Proposed Rule 1. Overview of Comments on the Revised Proposed Rule On February 11, 2005 (70 FR 7196), the Commission published a proposed rule and requested public comments. On October 31, 2006 (71 FR 64004), the Commission published a revised version of the proposed rule that responded to comments on the original proposed rule. The revised proposed rule also solicited comments on changes and additions to the original proposed rule by January 2, 2007. In addition to this general solicitation for comments, the revised proposed rule (71 FR 64051) solicited specific public comment on the appropriateness of the exemptions in the revised provisions in 10 CFR 73.59, as they apply to various categories of individuals. The specified categories of individuals are exempt from the background check requirements (including fingerprinting for a criminal history records check) for access to SGI. Ten comment letters were received. Copies of those letters are available for public inspection and copying for a fee at the NRC Public Document Room, 11555 Rockville Pike, Rockville, Maryland, or on the NRC's Agencywide Documents Access and Management System, available online at: http://www.nrc.gov/reading-rm/adams/web-based.html. Two comment letters were from agreement states, six comment letters were from industry, one comment letter was from a university with a research reactor, and one comment letter was from an individual. The comment letters provided various points of view and suggestions for clarifications, additions and deletions. Also, although commenters did not refer to the request for specific comment, the Commission received two comments on Sec. 73.59. Responses to the comments are set forth below. 2. Comments and Issues, and Their Resolution in the Final Rule General Issues. Information in Licenses. Comment: A commenter states that although not referenced, information about the types and quantities of material listed on a license in some cases should be considered SGI when the license contains nuclides and quantities of concern. The commenter also states that licensees transferring material to another licensee must obtain a copy of the recipient's license so this information is easily available and in many cases publicly available. According to this commenter, this issue needs to be reviewed by NRC and state agencies to assure the appropriate level of security is given to standard licensing documents. Response: Under existing regulations and practice, licensing documents are reviewed to determine if they contain any information which constitutes SGI or other information which warrants protection from unauthorized disclosure. Generally speaking, information on possession limits for radionuclides does not meet the definition of SGI. This information, although not categorized as SGI, may be withheld from public disclosure if disclosure of the information could raise security concerns. For example, in some contexts, information on actual quantities possessed in relation to possession limits could raise security concerns. Prior to transferring material to another licensee, verification that the licensee is authorized to receive the material is required by one of the methods provided in Sec. 30.41(d) or in Commission orders. Interaction with other regulations. Comment: Another commenter asserts that the proposed rule conflicts with the requirements of 49 CFR part 15, the Department of Transportation (DOT) regulations regarding the protection of information associated with the transportation of certain types and quantities of radioactive materials. The commenter further believes that this [[Page 63549]] will result in licensees transporting nuclear materials having to contend with two separate information protection regulations for the same information. The commenter urges the NRC and the DOT to develop a coordinated rulemaking regarding this issue. Response: This comment was made on the previous proposed rule and a response was provided at 71 FR 64024. The commenter has not provided any new information, and the Commission continues to conclude that the NRC's regulations are not in conflict with the DOT regulations. Security plans required by the NRC can be developed so that they also comply with DOT requirements. Implementation period for the rule. Comment: Some commenters believe that the implementation period of 90 days after publication of the rule is too short. One commenter asserts that gaseous diffusion plant licensees will need to review existing security plans that integrate protective measures for special nuclear material, classified material and other security interest areas against existing classification guidance and SGI designation guidance to ensure that information is properly designated and marked. A commenter believes that for information subject to multiple, overlapping protection programs, the 90-day implementation period is not sufficient. The commenters believe that at least one year should be provided for implementation for power reactors and other licensee sites. Response: Although many of the requirements in the rule for the designation and handling of SGI are similar to the requirements in orders issued by the Commission since September 11, 2001, some licensees are subject to new requirements in the rule. For example, some security orders have required licensees to conduct a criminal history records check prior to granting an individual access to SGI, but have not imposed the other elements of a background check (at a minimum, an individual's employment history, education, and personal references). Unless one of the exemptions from the background check requirement in Sec. 73.59 applies, licensees will be obligated to perform a background check consisting of all of its elements for access to SGI. In order to allow sufficient time for licensees to implement this new requirement and any others to which a licensee may be subject, the Commission is extending the time period for the implementation of the final rule from 90 days to 120 days. The Commission does not, however, believe that an implementation period of at least one year is needed. Section-Specific Comments: Part 2: Rules of Practice for Domestic Licensing Proceedings and Issuance of Orders. Comments concerning burdens on the parties to an NRC adjudication. Comment: An agreement state commenter predicts that intervenors in an adjudication will over-designate the material they create as SGI because of the potential threat of civil and criminal penalties for unauthorized disclosure of SGI documents. The commenter also believes that it is too burdensome for intervenors to determine whether the engineering and safety analyses they generate to support a contention are SGI. The commenter believes that in light of the above difficulties, parties should be allowed to file documents marked ``may contain safeguards information,'' which would be treated as SGI pending a determination by NRC staff members not involved in the adjudicatory proceeding. Although it is not entirely clear from the comment letter, the commenter might also be requesting that intervenors not be potentially subject to criminal and civil penalties for violating SGI requirements. Response: In response to a comment on the first proposed rule, the Commission acknowledged that there is a tendency to ``err on the safe side'' in making SGI designations, and stated that it might make appropriate changes if over-designating documents as SGI arises as a problem in practice. (71 FR 64020-64021). Eliminating criminal and civil sanctions for violating SGI requirements, however, would not be among these appropriate changes. The Commission believes that criminal and civil sanctions serve a worthwhile purpose in securing compliance with SGI provisions, and that these sanctions should apply equally to all parties. The AEA explicitly authorizes criminal sanctions for willful violations of SGI provisions. See 42 U.S.C. 2167 and 2273. The Commission does not accept the commenter's suggestion to allow parties to mark pleadings as possibly containing SGI awaiting a determination by the NRC staff; the Commission thinks it fair that parties be responsible for determining whether the analyses they generate contain SGI. The commenter's suggestion, if implemented, would allow parties to file documents labeled ``may contain Safeguards Information'' without doing a careful analysis. The potential for over- designating SGI would be much greater under the commenter's suggested regime than under the rule as proposed. Until the NRC staff review was complete, there would likely be a much larger number of documents subject to SGI handling than would be the case under the proposed rule. If a party needs assistance, however, in determining whether the materials it creates contain SGI, the staff will be available to provide advice if requested. Comment: An agreement state commenter asserts that proposed Sec. 73.22(h) allows the decontrol of SGI-marked documents only by, or with the approval of, the NRC, and suggests that a mechanism be established allowing intervenors to request the NRC staff to decontrol documents, or portions thereof. The commenter believes that such a process would benefit intervenors by removing from them the burden of having to control and store a large mass of documents as SGI. The commenter states that destruction might not be a viable option for an intervenor to reduce its burdens because of that intervenor's internal document retention procedures. Response: Contrary to the commenter's understanding, Sec. 73.22(h) allows an SGI document to be decontrolled in consultation with the person or organization making the original SGI determination, as well as by the NRC or with the NRC's approval. The language of 73.22(h) and 73.23(h) has been modified to make this intent clear. If an intervenor no longer believes a document to contain SGI, Sec. Sec. 73.22(h) and 73.23(h) allow the intervenor to contact either the NRC, or the individual or organization making the original SGI determination, for an authoritative decontrol determination. The Commission is not adopting the commenter's suggestion to have the NRC decontrol portions of SGI documents possessed by intervenors. Such a task would require the expenditure of substantial resources without concomitant gain. For instance, the commenter's stated goal of reducing the number of documents requiring SGI handling would not be furthered because a partially decontrolled document is still an SGI document subject to SGI handling requirements. Comment: An agreement state commenter asserts that the proposed rule chills a party's right to judicial appeal of an NRC decision that may involve SGI because it fails explicitly to give a party to an NRC proceeding a right to provide SGI to federal Courts of Appeal (even for filings under seal) in support of its judicial filings. The commenter believes that the proposed rules are unclear on whether a party would need pre-authorization from the NRC before filing SGI with a court. The [[Page 63550]] commenter recommends revising part 73 to ensure that NRC rules defer to established court procedures so that a party may independently file SGI under seal with the court. Response: The Commission disagrees that the approach adopted by the Commission chills a party's right to judicial appeals of NRC decisions. Over the years, it has been rare that a party to an NRC adjudicatory proceeding has sought to file SGI in its federal court filings. The Commission prefers to consider such matters on a case-by-case basis, and, therefore, does not believe it appropriate to address this issue through this rulemaking. If this situation were to become frequent, rulemaking may be undertaken in the future. In the meantime, parties who contemplate filing SGI in judicial appeals of NRC decisions should contact the Solicitor of the NRC. The Commission does note that the requirement to protect SGI in federal court filings, or in any other context, existed under the old rules and is not fundamentally altered by these rule changes. Comments concerning SGI designation and access determinations. Comment: A commenter states that the procedure specified in proposed Sec. 2.336(f)(1)(iv) for review of an adverse determination on a party's trustworthiness and reliability should avoid any appearance of biasing the proceeding, which might occur if the review is conducted by the presiding officer of the proceeding. Such a review, according to the commenter, would require the presiding officer to consider personal information about the party, or the party's attorney, consultant, or expert witness to determine whether the person is trustworthy and reliable for purposes of having access to SGI. The commenter further states that the presiding officer might later be called upon to decide the merits of a contention based on other considerations, potentially including the credibility and persuasiveness of witnesses and advocates. In such circumstances, the commenter believes that questions may be raised about whether these judgments were improperly affected by personal information. The commenter concludes that it would be equally efficient, and avoid any appearance of bias, to require that all requests for review be presented to the ``Chairman of the Atomic Safety and Licensing Board (ASLB) Panel'' [Chief Administrative Judge], who would appoint an officer, other than the presiding officer, to review the adverse determination. Moreover, the commenter believes that such a process would reduce the risk that reviews by the presiding officer would adversely affect the schedule for the proceeding. Response: The Commission agrees with the commenter and is revising the rule to require the designation of a separate officer to review any adverse determination on trustworthiness and reliability made by the NRC Office of Administration. The Commission is confident that the presiding officer of an adjudicatory proceeding is capable of reviewing such a determination objectively without affecting the fairness of the proceedings. However, the Commission also acknowledges that such an arrangement may create the appearance of bias, and thus finds it appropriate to require, as a matter of course, that an officer detached from the proceedings be appointed to review the adverse determination. Section 2.336(f)(1)(iv) has been revised to reflect this. Conforming changes have also been made to sections 2.705(c)(3)(iv), 2.709(f)(1)(iv), and 2.1010(b)(6)(i)(D), which contain similar provisions. Comment: An agreement state commenter objects to the proposed process for making ``need to know'' determinations in NRC adjudications and the process for challenging adverse ``need to know'' determinations. The commenter believes that the process for making such determinations, which is reflected in the definition of ``need to know'' in proposed Sec. 73.2, is flawed in that it can place responsibility for the determination in the hands of a party ``adverse'' to an intervenor, whose judgment might be biased. Specifically, the commenter notes that the NRC staff would make the ``need to know'' determination if SGI either was originated by the NRC staff or is in the NRC staff's possession. In other cases, the originator of the SGI would make the determination, and in some cases the originator is the applicant. The commenter also believes that the process for making ``need to know'' determinations, and challenging adverse determinations, ``ignores the protections'' of Federal Rule of Civil Procedure 26(b). The commenter appears to believe that the process for challenging adverse SGI determinations in NRC adjudicatory settings would be governed by proposed Sec. 2.336(f)(1)(iv). According to the commenter, that section would not protect an intervenor's ``confidential'' and privileged information from being disclosed to adverse parties (which the commenter asserts includes the NRC staff) because an intervenor's rationale for compelling disclosure would have to be served on the staff. The commenter asserts that such confidential, privileged information could include confidential details about a nontestifying witness, attorney work-product, and litigation strategy, that the commenter believes might have to be divulged to demonstrate that the intervenor has a ``need to know'' for the information. From the commenter's discussion of Sec. 2.336(f)(1)(iv) as applied to ``need to know'' determinations, it appears that the commenter believes that initial determinations are made by the NRC's Office of Administration. The commenter fears that this determination might be biased due to influence from the NRC staff or its counsel, and that a ``wall of separation'' should be erected between the NRC staff/counsel and the Office of Administration. The commenter concludes by stating that the Commission ``must ensure'' that ``need to know'' determinations be made by ``an unbiased NRC entity,'' and that, at a minimum, the NRC staff/counsel making such determinations (as well as the information upon which those determinations are based) be screened from the NRC staff/counsel litigating the proceeding. Response: Section 2.336(f)(1)(iv) does not govern challenges to adverse ``need to know'' determinations. Section 2.336(f)(1)(i) and the definition of ``need to know'' in proposed Sec. 73.2 provide that disputes over ``need to know'' determinations are to be resolved by the presiding officer. Section 2.336(f)(1)(iv) governs disputes over ``trustworthiness and reliability'' determinations. ``Need to know'' and ``trustworthiness and reliability'' are distinct concepts (compare the separate definitions for the two terms in proposed Sec. 73.2) reflected in separate requirements for access to SGI (see sections 2.336(f)(1), 73.22(b), and 73.23(b)). Also, the NRC's Office of Administration makes all ``trustworthiness and reliability'' determinations in adjudications (see section 2.336(f)(1)(iii)-(iv)), but ``need to know'' determinations are made by the NRC staff office in the best position to make an informed decision about ``need to know'' or by the originator (see definition of ``need to know'' in section 73.2). With these clarifications in mind, there are two commenter issues to be addressed. The first issue is that the initial ``need to know'' determination might reflect a biased judgment made by a party ``adverse'' to the intervenor. Although a party making the determination might be ``adverse'' to an intervenor, that party would still have a duty to comply with the rule. In disputed cases, the matter would be decided by the presiding officer, who is independent of the parties. This basic process is not substantially different [[Page 63551]] from other discovery, in which parties may assert privileges to keep various information from adverse parties, who can then file a motion to compel disclosure. The second issue is that to support an intervenor's ``need to know'' request before the presiding officer, the intervenor might have to reveal to adverse parties confidential information, such as attorney work-product, litigation strategy, or confidential details about a nontestifying expert. The Commission believes that the ``need to know'' requirement will not result in a prejudicial disclosure of an intervenor's opinions or strategy. According to the definition in Sec. 73.2, the ``need to know'' standard is satisfied if the following two conditions are met: (1) The information is necessary for the party ``to proffer and/or adjudicate a specific contention,'' and (2) the recipient has the ability to ``effectively utilize the specific Safeguards Information in the proceeding.'' Because an intervenor's positions must be specifically stated at the earliest stage of litigation (the contention stage), an intervenor's strategy and opinions must, to a substantial degree, be made public at the earliest stages of litigation.\3\ The first ``need to know'' condition might be satisfied based on the face of the contention alone. Even if further information is required, a presiding officer reviewing an adjudicatory dispute concerning a ``need to know'' determination will probably not need to delve much further into an intervenor's strategy than might a presiding officer assessing a party's ``need for the information'' in challenges to assertions of qualified, as opposed to absolute, privileges.\4\ But even if some prejudice were to result, SGI simply must be protected from unauthorized disclosure by limiting its dissemination only to those who have a ``need to know'' for it and who otherwise meet the requirements for access. --------------------------------------------------------------------------- \3\ For an intervenor's contention to be admissible under 10 CFR 2.309(f)(1), the intervenor must state a specific issue of law or fact, briefly explain the basis for the contention, provide concise statements of alleged fact or expert opinion in support of the contention, demonstrate that the contention is material and within the proceeding's scope, and provide enough information to show that a genuine dispute exists on a material issue of law or fact. \4\ See Friedman v. Bache Halsey Stuart Shields, Inc., 738 F.2d 1336, 1344 (D.C. Cir. 1984) (stating that ``[i]n the discovery context, when qualified privilege is properly raised, the litigant's need is a key factor. Whether the information is disclosed depends on the relative weight of the claimant's need and the government's interest in confidentiality''). --------------------------------------------------------------------------- Satisfying the second ``need to know'' condition for access might require the disclosure of details about a non-testifying expert's qualifications, but the text of Federal Rule of Civil Procedure 26(b)(4) protects only the ``facts known or opinions held by'' such experts, not inquiries into their qualifications. Although the predominant approach of the federal courts apparently requires a showing of ``extreme circumstances'' to justify discovery of even the identity of a non-testifying expert,\5\ the Commission does not rigidly apply the procedures used in federal courts. In NRC adjudicatory proceedings, the Commission does not believe that disclosing either the identity of such an expert or his or her qualifications will substantially prejudice parties. In any event, the need to protect SGI is paramount. --------------------------------------------------------------------------- \5\ See 8 Charles Alan Wright, Arthur R. Miller & Richard L. Marcus, Federal Practice and Procedure, Sec. 2032 (2d ed. 1994). --------------------------------------------------------------------------- Comment: A commenter believes that for the purposes of part 2, documents should be considered SGI if they have been designated as SGI in accordance with part 73. The commenter notes that in the event of a dispute about whether a document that has been designated as SGI should nevertheless be disclosed, the presiding officer must determine whether the person seeking disclosure should be granted access to the SGI (i.e., has a need to know and is trustworthy and reliable). The commenter also asserts, however, that the presiding officer should not consider whether the information in the document meets the definition of SGI because presiding officers generally are not inherently qualified to determine whether information meets the definition of ``Safeguards Information.'' The commenter believes that if the definition of ``Safeguards Information'' in 10 CFR part 2 is the same as the definition in part 73, it will appear that parties may seek a determination by the presiding officer on whether the information meets that definition. The commenter also believes that it is clear from proposed Sec. Sec. 2.336(f)(1), 2.705, 2.709 and 2.1010, which specify the grounds for a presiding officer to issue an order requiring disclosure of SGI, that a presiding officer would not be authorized to issue such an order on the grounds that the information does not meet the definition of SGI. The commenter believes this to be appropriate and to this end, suggests that Sec. 2.4 ``Safeguards Information'' be modified to state, ``Safeguards Information means information that has been determined to be Safeguards Information in accordance with 10 CFR 73.21-23.'' Response: Contrary to the commenter's belief, the proposed rule nowhere prohibits presiding officers from deciding whether information in a document meets the definition of SGI. In Private Fuel Storage, L.L.C. (Independent Spent Fuel Storage Installation), CLI-05-22, 62 NRC 542 (2005), the Commission dealt with the issue of a licensing board revisiting SGI redactions contained in one of its previously issued decisions. The Commission, citing an analogous provision in Sec. 2.904, directed the licensing board to request the Commission to appoint a special adjudicatory employee ``when necessary.'' Id. at 545. The Commission believes that presiding officers can also resolve other questions concerning the designation of SGI, such as those arising in discovery disputes between parties. If a presiding officer believes that he or she could benefit from expert assistance in determining whether information meets the definition of SGI, he or she can request the Commission to appoint a special adjudicatory employee, who will assist the Board in making such determinations. As for the suggested change to the definition of ``Safeguards Information'' in part 2, the proposed definition is based on Section 147 of the AEA and the Commission has determined that the definition of that term in the regulations should be as broad as the statutory definition. Based on this definition, Sec. Sec. 73.21, 73.22, and 73.23 describe types of information included within the scope of the statutory definition and include examples of information designated as SGI. The Commission believes that a cross-reference to those provisions in the definition of SGI is unnecessary. Comment: An agreement state commenter objects to the abuse of discretion standard in proposed Sec. Sec. 2.709(f)(1)(iv) and 2.1010(b)(6)(i)(D) \6\ for review by a presiding officer \7\ in adjudications of adverse trustworthiness and reliability determinations by the NRC Office of Administration. The commenter prefers that such determinations be given ``plenary'' review,\8\ and gives the following four reasons for its position: --------------------------------------------------------------------------- \6\ Sections 2.336(f)(1)(iv), 2.704(c)(3)(iv), 2.709(f)(1)(iv), and 2.1010(b)(6)(i)(D) are mirror provisions of one another, with slight differences due to the different contexts in which they are applied. \7\ In licensing proceedings, the presiding officer will ordinarily be an Atomic Safety and Licensing Board. 10 CFR 2.4. \8\ The Commission believes that by ``plenary'' review the commenter means de novo review, in which a determination is reviewed without deference to the decision-maker. By contrast, review for abuse of discretion involves deference to the determination being reviewed. --------------------------------------------------------------------------- [[Page 63552]] (1) On contested matters, the NRC staff's safety evaluations are subject to ``plenary'' review, not review for an abuse of discretion, so the NRC staff's trustworthiness and reliability determinations should also be subject to ``plenary'' review. Both categories of issues often involve matters of judgment and there is, therefore, no basis to distinguish between them. (2) Because the Commission itself has ``plenary'' power over its staff, limiting the scope of presiding officer review will merely lead to an unnecessary and time-consuming proliferation of appeals to the Commission to exercise its ``plenary'' power. (3) The abuse of discretion standard confuses the roles of an adversary party and an independent adjudicator. Under the Administrative Procedure Act (APA) and Atomic Energy Act of 1954, as amended (AEA), the Commission may delegate adjudicatory decision-making authority to a presiding officer and define the scope of Commission review of that presiding officer's decision in a narrow fashion. When the NRC staff participates as a party in an adjudicatory proceeding, it is not performing an adjudicatory function but a litigating function, and therefore there is no basis to limit the scope of review of any NRC staff decision. There will always be a concern that the NRC staff's trustworthiness and reliability determinations will be part of its litigating strategy, and this concern can be addressed only if the presiding officer or the Commission may exercise ``plenary'' power to reverse the staff determination. (4) The abuse of discretion review standard does not comply with Section 181 of the AEA, which ``requires NRC standards to be the `minimum impairment of the procedural rights which would be available if * * * safeguards information * * * were not involved.' '' The commenter believes that an abuse of discretion standard is not a minimum impairment. Response: The Commission believes that an abuse of discretion standard is appropriate for presiding officer review in adjudications of adverse trustworthiness and reliability determinations made by the Office of Administration. The Commission chose the abuse of discretion standard primarily because trustworthiness and reliability determinations rely upon expertise developed through training and experience. Office of Administration employees who make these determinations possess specialized training and experience in evaluating similar information for NRC employee security clearances. Because of the Office of Administration's expertise, the Commission believes that the office's trustworthiness and reliability determinations will generally be sound. A searching, de novo review by the presiding officer, therefore, would not be warranted. A presiding officer review of adverse trustworthiness and reliability determinations under an abuse of discretion standard will not involve witness testimony or other procedures that might arguably put the presiding officer in a better position to assess the evidence underlying a trustworthiness and reliability determination.\9\ --------------------------------------------------------------------------- \9\ To be clear, the Commission does not believe that setting up a ``mini-hearing'' within a hearing by taking witness testimony and using other trial-type procedures is justified to resolve what is, at heart, a discovery dispute over whether certain individuals in a party's litigation team can have access to SGI. --------------------------------------------------------------------------- The following four numbered paragraphs respond in order to the four numbered reasons given in the comment above: (1) The commenter's comparison of the review of Office of Administration trustworthiness and reliability determinations to the review of staff safety evaluations is invalid. The commenter is mistaken in stating that the staff's safety evaluations are subject to review in contested licensing proceedings. Well-established Commission precedent provides that the license application, and not the staff's safety review, is the subject of a contested licensing proceeding.\10\ --------------------------------------------------------------------------- \10\ ``Final Rule, Changes to Adjudicatory Process,'' 69 FR 2182, 2202 (Jan. 14, 2004) (stating that ``[t]he adequacy of the applicant's license application, not the NRC staff's safety evaluation, is the safety issue in any licensing proceeding, and under longstanding decisions of the agency, contentions on the adequacy of the SER [Safety Evaluation Report] are not cognizable in a proceeding''). --------------------------------------------------------------------------- (2) The Commission does not believe that a limited scope of presiding officer review will lead to a proliferation of appeals to the Commission. First, most Commission adjudicatory proceedings do not involve access to SGI, and there is no evidence to indicate that proceedings involving SGI will often lead to disputes over trustworthiness and reliability determinations. Second, the Commission does not agree that the level of presiding officer review of adverse trustworthiness and reliability determinations will have an effect on the number of appeals to the Commission. Moreover, the commenter has submitted no evidence indicating that an increase in appeals is likely. The commenter also asserts that a limited scope of review by the presiding officer is unnecessary and time consuming because the Commission has ``plenary'' power over the NRC staff, which is being read to mean that the Commission can review NRC staff decisions de novo, without giving deference to them. The commenter's position appears to be based on a belief that the Commission on appeal would often, or always, exercise de novo review of the Office of Administration's adverse trustworthiness and reliability determinations, and that it would, therefore, make more sense to have de novo review exercised at the presiding officer level since de novo review is inevitable at some point. This position, however, overlooks that the Commission does not exercise de novo review in many situations,\11\ and there is no reason to believe that the Commission will often, or always, exercise de novo review of adverse trustworthiness and reliability determinations. The Commission is, in fact, expressing with this rulemaking its judgment that trustworthiness and reliability determinations made by the Office of Administration warrant the deference that is reflected in the abuse of discretion standard. --------------------------------------------------------------------------- \11\ See e.g., Private Fuel Storage, L.L.C. (Independent Spent Fuel Storage Installation), CLI-05-19, 62 NRC 403, 411 (2005) (stating that the standard for overturning a factual finding of the Board is the ``quite high'' standard of ``clear error''); Duke Energy Corp. (Catawba Nuclear Station, Units 1 and 2), CLI-04-21, 60 NRC 21, 27 (2004) (stating that Board evidentiary rulings are subject to an abuse of discretion standard). --------------------------------------------------------------------------- (3) The Commission does not agree with the commenter that an abuse of discretion standard for review of adverse trustworthiness and reliability determinations confuses the role of an adversary with an independent adjudicator. Although the Office of Administration is an office within the NRC staff and the NRC staff is a party to the litigation, the Office of Administration, itself, will have no interest in the outcome of the litigation. In making trustworthiness and reliability determinations, the Office of Administration will be exercising a purely administrative function. This is the same type of function that the Office of Administration regularly exercises in making determinations on employment clearances and access authorizations. Also, unlike private entities that serve private interests, the NRC staff serves the public interest and has a duty to ensure compliance with the Commission's regulations. There is, therefore, no basis to believe that the Office of Administration's [[Page 63553]] determination on trustworthiness and reliability will be improperly influenced. It also appears that the commenter is suggesting that an ``abuse of discretion'' standard for Office of Administration trustworthiness and reliability determinations is contrary to the APA and the AEA, but points to no specific provision of either the APA or the AEA that supports such a position. The Commission is not aware of any provision of the APA or the AEA that forbids an ``abuse of discretion'' review standard or that forbids deference to an administrative determination. (4) The Commission disagrees with the commenter's assertion that an ``abuse of discretion'' review standard for trustworthiness and reliability determinations violates the ``minimum impairment'' requirement in Section 181 of the AEA. Section 181 of the AEA does not apply to the scope of review for adverse trustworthiness and reliability determinations. The impairments referred to in Section 181 are impairments of procedural rights that would be available if the proceeding did not involve SGI, or in other words, procedural rights that are normally available in a proceeding. An example of how the SGI rule impacts normally available procedural rights can be found in the context of discovery in adjudications. In discovery, a party has a normally available procedural right to information available under the rules of discovery. The requirement that an individual be found trustworthy and reliable to access SGI is an impairment of this normally available procedural right whenever a party is seeking discoverable information designated as SGI. In such circumstances, the party faces an additional hurdle (meeting the trustworthiness and reliability requirement) that would not be faced if the proceeding did not involve SGI. The trustworthiness and reliability requirement, however, is the minimum impairment necessary to protect SGI and complies with Section 181. The process for making trustworthiness and reliability determinations, and the review standard for adverse determinations, are not impairments of normally available procedural rights but, rather, components of a process intended to produce sound trustworthiness and reliability determinations. The only normally available procedural right that might be at issue here is the right to access discoverable information, but the trustworthiness and reliability requirement is the impairment of that right, not any subsequent adjudicatory review procedures. As a general matter, review of a determination is provided because of the possibility that the determination was erroneous or otherwise improper. The standard for review and the procedures attendant to review are matters for Commission judgment and are based upon the nature of the determination, its importance, and the likelihood that the determination may be erroneous or improper, among other factors. In the case of trustworthiness and reliability determinations in adjudications, the Commission has decided that the procedures provided in Sec. Sec. 2.336(f)(1)(ii)-(iv) and 73.57(e) are appropriate to provide for sound trustworthiness and reliability determinations in a manner consistent with conducting reasonably expeditious proceedings. Comment: An agreement state commenter believes that the fifteen-day deadline for presiding officer decisions on challenges, in adjudicatory contexts, to adverse trustworthiness and reliability determinations is not reasonable because the NRC staff will not commit to any reasonable deadline for its own determination. Response: The Commission is not lengthening the fifteen-day period in Sec. Sec. 2.336(f)(1)(iv), 2.704(c)(3)(iv), 2.709(f)(1)(iv), and 2.1010(b)(6)(i)(D) for presiding officer decisions on challenges to adverse trustworthiness and reliability determinations. The presiding officer will not be conducting a trial-type hearing and will not be performing a searching, de novo review of the evidence. Rather, the presiding officer will be reviewing for abuse of discretion and will base this review on a record compiled by the Office of Administration as supplemented by one round of pleadings from the parties. The Commission believes that fifteen days is sufficient time for this review and that providing a longer period would unnecessarily delay proceedings without a compensating benefit. The commenter's analogy relating the time needed for the presiding officer's decision to the time needed for the initial determination by the NRC staff's Office of Administration's is not apt. In order to make its decision, the Office of Administration must first collect information that originates from a variety of sources. This process takes time, and the speed of information collection depends upon the time taken by the providers of the information. As explained in the preceding paragraph, a presiding officer's review of an adverse trustworthiness and reliability determination would involve review only for an abuse of discretion and would not involve the presiding officer independently gathering information for that determination. Comment: An agreement state asserts that if the Commission were unwilling to entertain appeals of presiding-officer-reviewed access determinations on a timely basis, the proposed changes to part 2 would lead to a denial of parties' rights to a fair hearing and the assistance of counsel. The commenter asserts that lack of timely Commission review would give the NRC staff, as a party in an adjudicatory hearing, broad discretion to deprive an opposing party of both expert witnesses and legal counsel needed to present its case. According to the commenter, this situation would be a violation of Section 555 of the APA, 5 U.S.C. 555. Response: To the extent the comment reflects a concern about the availability of Commission review of access determinations arising in the pending high-level waste (HLW) Pre-License Application Presiding Officer proceeding or any subsequent adjudication regarding the expected application by the Department of Energy for a construction authorization for a HLW repository, the comment overlooks the appeal process available pursuant to 10 CFR part 2, subpart J. The current Sec. 2.1015(b) contemplates prompt appeals to the Commission of certain presiding officer orders; under the final SGI rule's revisions to Sec. 2.1010, such appealable orders would include rulings concerning whether SGI should be disclosed, as well as related rulings upon review of adverse determinations with respect to trustworthiness and reliability. In addition, the Commission has published a final rule \12\ that provides for interlocutory review of comparable SGI-related rulings in other adjudicatory proceedings. Moreover, the Commission already has general discretionary authority to review presiding officer actions on its own motion or in response to appropriate review requests under Sec. 2.341. In short, the available means of appellate review demonstrate the Commission's authority to ensure consistency and fairness in adjudicatory proceedings. --------------------------------------------------------------------------- \12\ Final Rule, Interlocutory Review of Rulings on Requests by Potential Parties for Access to Sensitive Unclassified Non- Safeguards Information and Safeguards Information, 73 FR 12627 (March 10, 2008). --------------------------------------------------------------------------- The Commission also disagrees with the comment's characterization of the NRC staff's ``discretion'' with respect to access determinations that may affect the hearing process. Staff determinations on a requestor's trustworthiness and reliability are part of the agency's statutory responsibility to protect SGI and are not determined [[Page 63554]] by the views of the staff in its capacity as a party to a proceeding. The staff's independent obligations with respect to trustworthiness and reliability determinations thus do not result in adjudicatory staff ``discretion'' to prevent SGI access by other parties. Accordingly, the functional and appellate framework described above would protect against possible violations of section 555 of the APA regarding the rights of persons compelled or permitted to appear in person or by representative in agency proceedings. Comments concerning sanctions for violating SGI protective orders in adjudications. Comment: A commenter states that the provisions concerning civil penalties are appropriate for violations that involve the disclosure of SGI that by order is prohibited from being disclosed, but that violations of orders requiring disclosure of SGI should be subject only to the same penalties that would apply for violations of orders requiring disclosure of other types of information. The commenter believes that the regulation regarding the potential for civil penalties for violation of an order should be clearly limited to disclosure of SGI in violation of provisions of an order that are imposed for the purpose of preventing unauthorized disclosure of SGI. The commenter suggests revising proposed Sec. Sec. 2.336(f)(5), 2.705(c)(6), 2.709(f)(5) and 2.1010(b)(6)(v) to state: ``In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, disclosure of Safeguards Information in violation of limitations on such disclosure in an order pertaining to the disclosure of Safeguards Information may be subject to a civil penalty imposed under Sec. 2.205.'' Response: The purpose of this rule is to impose requirements for SGI to protect that information from unauthorized disclosure. See Sec. 73.1(b)(7). The Commission agrees with the commenter that the failure to disclose SGI in violation of an order does not implicate provisions for the protection of SGI. The Commission also agrees that the proposed rule as written might be read to cover such a violation. Violating an order by not disclosing SGI should be treated the same as violating an order by not disclosing other types of information. The commenter's proposed text, however, would make only acts of disclosure subject to civil penalties under Sec. 2.205. The Commission intends that the violation of any provision for the protection of SGI in an order be subject to civil penalties, whether those provisions apply to the act of disclosure or not. Therefore, Sec. 2.336(f)(5) in the final rule has been modified to read as follows: ``In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of a provision for the protection of Safeguards Information from unauthorized disclosure that is contained in an order may be subject to a civil penalty imposed under Sec. 2.205.'' Conforming changes have also been made to Sec. Sec. 2.705(c)(7) (2.705(c)(6) in the proposed rule), 2.709(f)(5), and 2.1010(b)(6)(v). Comment: A commenter asserts that any provision concerning potential criminal penalties for violation of an order concerning disclosure of SGI should clearly state that any such penalty would be based on disclosure of SGI in violation of an order imposing limits on such disclosure. The commenter believes that it should be clear that the criminal penalty provisions would not apply to violations of orders of presiding officers that impose obligations or limitations other than limitations imposed for the purpose of preventing disclosure of SGI to unauthorized persons. The commenter suggests revising proposed Sec. Sec. 2.336(f)(6), 2.705(c)(7), 2.709(f)(6) and 2.1010(b)(6)(vi) to state, ``For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act of 1954, as amended, a limitation on the disclosure of Safeguards Information included in any order issued pursuant to this paragraph is considered to be an order issued under Section 161b of the Atomic Energy Act.'' Response: As with civil penalties, the Commission agrees that the rule text should clearly state that application of criminal penalties in Section 223 of the Act is limited to violations of those provisions regarding the protection of SGI. However, as explained in the preceding response, the rule text should be broader than suggested by the commenter. Accordingly, Sec. 2.336(f)(6) has been modified to read: ``For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act of 1954, as amended, a provision for the protection of Safeguards Information from unauthorized disclosure that is contained in an order issued pursuant to this paragraph is considered to be issued under Section 161b of the Atomic Energy Act of 1954, as amended.'' Conforming changes have also been made to Sec. Sec. 2.705(c)(8) (2.705(c)(7) in the proposed rule), 2.709(f)(6), and 2.1010(b)(6)(vi). Part 30: Rules of General Applicability to Domestic Licensing of Byproduct Material. Sections 30.32(j) and 30.34(j). Comment: One commenter questions the clarity of the rule text in proposed Sec. Sec. 30.32 (j) and 30.33(j) pertaining to the applicability of the requirements in Sec. Sec. 73.21 and 73.23 to byproduct material applicants and licensees. The commenter states that he had difficulty determining whether his ``processes'' would be subject to these regulations. The commenter also asserts that an appendix should be created to specifically list the amounts of byproduct material that would trigger the regulatory requirements. He recommends revising Sec. Sec. 30.32(j) and 30.34(j) to refer to the appendix for determining parties subject to the regulation. According to the commenter, the same appendix could also be used to define the RAMQC amounts in a separate table. Response: The proposed rule (October 31, 2006; 71 FR 64050) explains that Appendix I to 10 CFR part 73--''Category 1 and 2 Radioactive Materials,'' is a table of radionuclides and quantities that establishes the ``quantities of concern'' referenced in the proposed rule.\13\ --------------------------------------------------------------------------- \13\ The table has been used to determine the types and quantities of radioactive materials that warrant additional security requirements, some of which have already been imposed by order. --------------------------------------------------------------------------- In response to this comment, the Commission is adding the definition of ``quantities of concern'' in Sec. 30.4. This definition is identical to the definition of that term in the Sec. 73.2 definitions. The definition states that ``quantities of concern'' means ``the quantities of radionuclides meeting or exceeding the threshold limits set forth in Table 1 of Appendix I of this part.'' (71 FR 64060). This change should assist licensees, applicants, and other persons subject to part 30, to determine which of their activities are subject to the SGI designation and protection requirements of part 73. Part 73: Physical Protection of Plants and Materials. Section 73.2 Definitions. Comment: A commenter states that a definition is needed of the term ``safe havens'' as used in Sec. Sec. 73.22(a)(2)(iv) and 73.23(a)(2)(iii). The commenter recommends that the definition be included in Sec. 73.2. Response: A ``safe haven'' along a highway transportation route is used for temporary refuge or emergency assistance. Safe havens should be as [[Page 63555]] close to the highway as possible, easily accessible by the transportation vehicle, controlled, and well-lighted. Examples of possible ``safe havens'' include truck stops, rest areas, highway patrol barracks, and weigh stations. Having explained this, the Commission does not believe it necessary to include a definition of ``safe havens'' in the rule. Comment: A commenter states that the definition of the term ``Safeguards Information'' in Sec. 73.2 is too broad, specifically with reference to the phrase ``control and accounting procedures.'' The commenter recommends changing the definition of SGI to delete the reference to ``control and accounting procedures.'' According to the commenter, there is no information in the proposed rule that provides any ``qualifying details'' on that term. The commenter believes that based solely on the proposed definition, the phrase ``control and accounting procedures'' could be interpreted to be applicable to: (a) The ``control procedures'' associated with the placement of special nuclear material (SNM) in pools or other onsite spent fuel storage facilities; and (b) accounting procedures regarding the quantity of SNM maintained by a licensee. In the commenter's view, the NRC intent is that information about the physical protection of SNM must be controlled as SGI. The commenter also states that the NRC staff intends power reactors to control SNM in accordance with American National Standards Institute (ANSI) N15.8, Nuclear Material Control Systems for Nuclear Power Plants. According to the commenter, as a national standard, the ANSI document cannot be controlled as SGI. Also, the commenter states the understanding that the NRC staff intends to endorse the national standard in a Regulatory Guide for licensee use and that licensees will use the standard to revise their site procedures to comply with NRC guidance. Response: In the revised proposed rule (October 31, 2006; 71 FR 64012) the Commission addressed a comment on the original proposed rule (February 11, 2005; 70 FR 7196) regarding the meaning of the term ``control and accounting procedures,'' as applied to four specific types of information. The Commission's response provided ``qualifying details'' as to the meaning of the term by noting, among other things, that the term does not encompass the four categories of information specified in the comment, including the written directions for transferring fuel between the fuel pool and the reactor. (71 FR 64012). The Commission is providing the following additional information in response to this comment. The terms ``material control and accounting'' have meaning with respect to the protection of special nuclear material. ``Material control'' means the use of control and monitoring measures to prevent or detect loss when it occurs or soon afterward. ``Material accounting'' is the use of statistical and accounting measures to maintain knowledge of the quantities of SNM present in each area of a facility. It includes the use of physical inventories and material balances to verify the presence of material or to detect the loss of material after it occurs, in particular, through theft. In the definition of ``Safeguards Information'' in Sec. 73.2 in the final rule, the term ``control and accounting procedures'' is linked to the physical protection of special nuclear material ``in quantities determined by the commission through order or regulations to be significant to the public health and safety and the common defense or security.'' Accounting procedures regarding the quantity of SNM maintained by a licensee would not necessarily constitute SGI. However, when coupled with other information, information containing the quantities of SNM could be SGI and would be designated and handled as such. Because Section 147 of the AEA authorizes the Commission to protect information that specifically identifies the control and accounting procedures used to protect special nuclear material, the Commission is not deleting this term from the definitions of SGI in the regulations. The information the commenter provides about the endorsement of an ANSI standard in a regulatory guide for licensees use does not constitute a basis for deleting the term ``control and accounting procedures'' from the definition of SGI. Section 73.21(a)(1). Comment: According to a commenter, an order issued October 4, 2006 required USEC Inc. Lead Cascade Demonstration Facility and American Centrifuge Plant to implement specific SGI-M requirements to ensure proper handling and protection of SGI to avoid unauthorized disclosure. The commenter states that Sec. 73.21(a)(1)(i) conflicts with the previous order by requiring uranium enrichment facilities to modify their protection strategy from SGI-M to SGI. This provision, in the commenter's opinion, imposes an unnecessary regulatory burden without providing commensurate benefit, and could result in the two facilities being governed by different SGI handling requirements even though they are located within the same physical boundary and will ultimately share common infrastructure. Response: An order issued on October 4, 2006, and published in the Federal Register on October 24, 2006 (71 FR 62318), required the United States Enrichment Corporation (USEC) to protect certain information relating to its uranium enrichment test and demonstration facility (Lead Cascade Facility). Specifically, the order required USEC and other persons to employ the modified handling requirements for SGI-M relating to the interim measures to enhance security at the Lead Cascade Facility. As reflected in Sec. 73.21(a)(1), the Commission later determined that the type of information described above should be subject to the requirements for SGI. Interim security measures relating to the other facility located onsite with the Lead Cascade Facility (the American Centrifuge Plant) are also designated as SGI. Therefore, there is no longer a discrepancy with respect to the information protection requirements for the two facilities. Radioactive Material in Quantities of Concern (RAMQC) Sections 73.21(a)(1)(ii) and 73.23. Comment: Two commenters addressed implementation of SGI-M requirements for the ``new'' Category 2 RAMQC specified in Table I-1, ``Quantities of Concern Thresholds.'' One commenter stated that the SGI-M designation should not be applied to Category 2 materials for industrial radiography and oil well logging facilities that routinely ship material to temporary job sites on a daily basis. The commenter asserted that requiring an SGI-M program for the routine transport of sources used by those licensees would be unwieldy and almost impossible to administer. The commenter recommended that the requirement for an SGI-M program should be limited to the original regulatory intent, that is, for the transportation of Category 1 sources. According to another commenter, applying SGI-M handling requirements to Category 2 radioactive materials quantities of concern (Category 2 RAMQC) materials most likely will introduce the requirements for SGI security to a wide set of organizations that have little experience with these requirements. The commenter further asserted that the introduction of SGI requirements may unintentionally result in the disruption of treatment for patients, as shippers of these materials may be intimidated by the new security regulations. In this commenter's opinion, extending SGI-M requirements to new Category 2 RAMQC should await more discussions and understanding of [[Page 63556]] the impact this may have on commerce and specifically medical radioactive material shipments. The commenter believes that the capability of shippers to meet these requirements would certainly benefit from Department of Homeland Security (DHS) initiatives in progress, such as the Transportation Worker Identification Credential (TWIC). Also, the commenter states that for the transportation of Category 2 RAMQC, the proposed regulations would require segregation of a portion of the shipping documents and a cover indicating that the segregated portions contain SGI. This would add confusion to the shipping documentation and could be counterproductive to security as it will highlight information that may otherwise be dispersed throughout the shipping documents. The commenter asserts that shipment of RAMQC often requires the coordination of multiple carriers and modes of transportation to provide timely delivery. According to the commenter, it is unclear how the originator of a RAMQC Category 2 will be able to assure that each carrier meets the requirements to handle SGI-M. The commenter concludes that the determination must be made at each step of the custody of such RAMQC shipments, with the possible result being a shipment being delayed or stopped from its intended destination. Response: The Commission has determined that information relating to the transportation of Category 2 RAMQC need not be protected as SGI- M and may be shared on a ``need-to-know'' basis. The text in Sec. Sec. 73.21(a)(1)(ii) and 73.23 has been changed accordingly. Sections 73.22(a)(1)(xii) and 73.23(a)(1)(x). Comment: A commenter proposes that engineering and safety analyses need to be linked to security just as the other items described in proposed Sec. Sec. 73.22(a)(1) and 73.23(a)(1). Therefore, the commenter concludes that Sec. Sec. 73.22(a)(1)(xii) and 73.23(a)(1)(x) should be revised to state ``Engineering and safety analyses related to physical protection,* * *'' Response: This change is not necessary because the limitation the commenter seeks is already set forth in Sec. Sec. 73.22(a), 73.22(a)(1), 73.23(a) and 73.23(a)(1). In sum, these provisions specify the relevant information as ``security-related'' or ``related to physical protection.'' Therefore, it is not necessary to repeat that language in Sec. Sec. 73.22(a)(1)(xii) and 73.23(a)(1)(x). Sections 73.22(a)(2)(iv) and 73.23(a)(2)(iii). Comment: A commenter urges that the reference to safe haven in Sec. Sec. 73.22(a)(2)(iv) and 73.23(a)(2)(iii) be removed and a separate paragraph added in Sec. Sec. 73.22(a)(2) and 73.23(a)(2) which states ``safe havens identified along the transport route.'' Response: In response to this comment and in light of the description of ``safe haven'' earlier in this Notice, the Commission is modifying the language in Sec. Sec. 73.22(a)(2)(iv) and 73.23(a)(2)(iii) to read ``safe havens identified along the highway transportation route.'' However, the Commission sees no reason to move that language into separate paragraphs in Sec. Sec. 73.22(a)(2) and 73.23(a)(2). Comment: A commenter notes that some States require a carrier of radioactive materials to give advance notice to local law enforcement prior to crossing the State border and at other times in transit. The commenter interprets the wording of the proposed regulation to mean that shippers could not use two-way radio or cellular phones currently used to make these communications. In this commenter's view, developing a secure alternative method of communication would be an unwarranted burden on the licensees, carriers and local law enforcement. The commenter believes that Sec. Sec. 73.22(a)(2)(iv) and 73.23(a)(2)(iii) should be modified so in-route communications between transport vehicles and local-law enforcement agencies need not be controlled as SGI. Response: The wording of the provisions cited above does not prohibit shippers from using two-way radios or cellular phones to communicate with local law enforcement during transit. Section 73.23(a)(2)(ii) states that ``[s]cheduling and itinerary information used for the purpose of preplanning, coordination, and advance notification may be shared with others and need not be designated as Safeguards Information Modified-Handling.'' Sections 73.22(b)(2) and 73.23(b)(2). Comment: A commenter asserts that the conditions for access to SGI are unclear in this provision because of the phrase ``or other means approved by the Commission.'' Therefore, the commenter concludes that this phrase should be deleted from the regulation until the Commission is prepared to give specific requirements, which should be given by rule rather than regulatory guidance. Response: The language in question is found in Sec. Sec. 73.22(b)(2) and 73.23(b)(2), which address, as a condition for access to SGI, a finding that a person is trustworthy and reliable, based on a background check or other means approved by the Commission. This provision is consistent with the Commission's authority under Section 149 of the AEA to relieve, by rule, persons from the obligations imposed by that section, under specified terms, conditions, and periods, if the Commission finds that such action is consistent with its obligations to promote the common defense and security and to protect the health and safety of the public. Relying on that authority, the Commission could, by rule, relieve persons from the criminal history records check requirement included in a background check to determine a person's trustworthiness and reliability for access to SGI. If the Commission determines that a rule change would be useful to specify means other than a criminal history records check for establishing an individual's trustworthiness and reliability, a rulemaking proceeding would be initiated. However, notwithstanding the Commission's obligation to relieve persons from criminal history records checks only by rule, the phrase ``other means approved by the Commission'' is intended to maintain flexibility in modifying the other aspects of the background check for unique circumstances. As it has learned from past experience, in some limited circumstances, the Commission might have to impose additional measures to the background check requirements to increase assurances of trustworthiness and reliability. While in others, it may be appropriate for the Commission to relax certain aspects of the background check. Without such a relief provision built into the rule, the Commission would not, absent a rulemaking, be able to make such deviations. Section 73.22(c)(2). Comment: A commenter requests deletion of the proposed requirement that SGI must be stored in unmarked cabinets. The following bases are offered for this request: Unmarked cabinets containing SGI would be obvious because they would be the only locking GSA-approved cabinets in the security organization area at the average power reactor site; such a requirement would not permit the use of NRC-required brightly colored mnemonic aids to verify that the SGI cabinet is locked; and any visitors to the area are usually escorted so the risk is minimal. Accordingly, the commenter concludes that Sec. 73.22(c)(2) should be modified to delete the unmarked storage container requirement. Response: The issue of marking storage cabinets to indicate the presence of SGI was raised in a previous comment on the original proposed rule. For the reasons stated in responding to [[Page 63557]] this comment on the original proposed rule (October 31, 2006; 71 FR 64020), the NRC is not adopting the change advocated. However, the Commission notes that prohibiting that marking on such cabinets does not, as the commenter asserts, preclude the use of ``brightly colored mnemonic aids'' to indicate that the cabinet is locked. Section 73.22(d)(1). Comment: A commenter notes that the NRC did not ``adopt'' a previous comment that the marking of SGI documents in the proposed rule is too prescriptive. The commenter seeks revision of the rule to clarify that a licensee has the flexibility to have the specified information in Sec. 73.22(d)(1)(i)-(iii) on the top of the document, whether that is the first page, a cover sheet or a binder cover of the document. The commenter proposes, as an alternative, modifying the regulation so documents produced prior to the implementation date of the rule can be marked according to the requirements in the licensee's SGI program at the time. Response: This comment was previously made on the first proposed rule and a response was provided (October 31, 2006; 71 FR 64020). The commenter has not provided any new information in this comment to warrant a change in the Commission's position. However, in the previous response, the Commission noted that it ``does not expect that licensees or applicants must go back and mark documents for which a cover sheet was used for the required information instead of the first page of the document as set forth in Sec. 73.22(d)(1).'' To that extent, the Commission has adopted the alternative the commenter proposed. Sections 73.22(g)(1) and 73.22(g)(2). Comment: In one commenter's view, the provisions on the use of various storage media when processing SGI on a computer and limitations on computer locations are too restrictive. This commenter requests that Sec. 73.22(g)(2) be modified to allow external storage media to be used as long as the media are properly controlled and the removable storage medium is locked away when not in use. Also, the commenter recommends that the rule should allow computers used to process SGI to be located in controlled access areas when unattended by a person authorized access to SGI, as long as the computers have password protection. Response: In keeping with standard computer security practices and in response to the above comment, the text in Sec. 73.22(g)(1) has been changed to provide that SGI may be stored, processed, or produced on a password protected stand-alone computer (or computer system). In addition, the Commission modified Sec. 73.22(g)(2) to provide that computers not located within an approved and lockable security storage container must have removable storage media with a bootable operating system. Corresponding changes are made throughout this section to substitute ``storage media'' for ``storage medium.'' Thus, data may be processed and saved on the same removable storage media. An additional restriction was also added as Sec. 73.22(g)(4) (with a conforming change to Sec. 73.23(g)(4)) to require that electronic systems used to store, process, or produce Safeguards Information must be free of recoverable Safeguards Information prior to being returned to nonexclusive use. Sections 73.22(h) and 73.23(h). Comment: Several commenters recommend removing the ten-year review requirement asserting that it would consume resources with no commensurate benefit to public health and safety. One commenter states that licensees currently review SGI documents as they are being used for possible decontrol and that this process has been effective in allowing licensees to make the appropriate determinations. Another commenter makes more detailed assertions about the relative costs and benefits of the ten-year review requirement. On the costs side of the equation, the commenter states that according to a 2005 NEI survey, power reactor sites have an average inventory of 2,293 SGI documents, with another 235 being produced each year. In ten years' time, the commenter believes there would first need to be a sort through the accumulated 4,643 SGI designated documents to find the 2,293 SGI documents ten years or older, and then a review of these 2,293 documents for a decontrol determination. On the benefits side of the equation, the commenter asserts that this review requirement would not lead to greater public disclosure of documents because licensees, unlike the public sector, have no obligation to publicly release documents. This commenter asserts that performing such a review is an error- prone operation that could lead to second-guessing by NRC inspectors. This commenter also asserts that the ten-year review could consume NRC resources. The commenter believes that organizations would ask the NRC to make decontrol determinations for many SGI-designated documents for which the individual who made the original determination is unavailable. Other individuals in the organization would not likely make the decontrol determinations in these situations because of a hesitancy to second guess the individuals who originally designated the document as SGI. Response: The Commission accepts the commenters' suggestion to remove the ten-year review requirement from the rule because the review would require an expenditure of resources not commensurate with the benefits. As set forth in more detail below, the costs would include cataloguing all SGI documents in a holder's inventory, reviewing a portion of them for possible decontrol every ten years, and communicating decontrol determinations to other holders of the document. It should be noted that although cataloguing SGI-designated documents would be necessary as a practical matter under the ten-year review requirement, there exists no similar cataloguing requirement for documents containing Classified National Security Information. For the period 2008-2018, the estimated costs of the review would total $2.5 million dollars for all regulated entities.\14\ --------------------------------------------------------------------------- \14\ Costs are in 2007 dollars assuming a 7% Discount Rate for the period 2008-2018. --------------------------------------------------------------------------- The benefits, however, are slight because there would be very few documents decontrolled in the review process. As described in more detail below, few SGI-designated documents ten years or older are in current use, so not many would be reviewed. Of those that would be reviewed, many would still be considered to contain SGI and would therefore not be decontrolled. Even for the few SGI-designated documents that would be decontrolled, there is no requirement for licensees and other private entities to make those public. Some decontrolled documents, however, might also be in the hands of the NRC, which could make the documents public as long as the documents were not otherwise withheld under Sec. 2.390. The few documents likely to be made public by the review does not justify the expense. However, the Commission is retaining the requirement, also in the current rules, that SGI-designated documents no longer falling within the SGI category have their SGI designations removed. This would mean that users of SGI-designated documents that no longer meet the definition of SGI would have to remove the designation. This requirement applies to SGI documents of any age. The ten-year review requirement is contained in the following three sentences from proposed Sec. 73.22(h): ``Documents originally containing Safeguards Information must be [[Page 63558]] removed from the Safeguards Information category at such time as the information no longer meets the criteria contained in this part. A review of such documents to make that determination shall be conducted every ten years. Documents that are ten years or older and designated as SGI or SGI-M shall be reviewed for a decontrol determination if they are currently in use or removed from storage.'' A nearly identical version of this requirement was in proposed Sec. 73.23(h). The first sentence in proposed Sec. 73.22(h), which is being retained in the final rule, generally requires the decontrol of SGI- designated documents that no longer fit within the SGI category and is substantially identical to the requirement in the prior version of Sec. 73.21(i). The second and third sentences in proposed Sec. 73.22(h), which have not been retained in the final rule, would have required holders of SGI to conduct a special review every ten years of SGI-designated documents that are ten years or older and also in current use. As a practical matter, complying with the ten-year review requirement would have first involved the cataloguing of all SGI- designated documents so that the documents could be located for the review and so that it could have been determined which documents were ten years or older at the time of the review. Then, at ten-year intervals, the subset of SGI-designated documents ten years or older and in current use would have been reviewed for a possible decontrol determination. A smaller subset of these reviewed documents would then have been decontrolled by the licensee. Some of these decontrolled documents would also have been in the possession of other persons or the NRC, and these other holders would have to have been informed about the decontrol determination. How such a process would proceed in practice can be illustrated with the 64 power reactor sites covered by Sec. 73.22, using the numbers referenced by one of the commenters. A 2005 NEI survey showed that power reactor sites had an average of 2,293 SGI documents per site and 235 were created each year. Assuming that the first ten-year review would occur in 2008, there would then be about 3,000 SGI documents at each site. All of these documents would need to be catalogued. Only a portion of these would be ten years old, however, and it is assumed that about half of the 2,293 documents were created since September 11, 2001, because of increased security concerns. A reasonable estimate is that there will be about 900 SGI-designated documents per site that are ten years or older (that is, created prior to 1998). Of these 900, however, very few that are ten years or older would likely be in current use, with a reasonable estimate being about 10 percent. With this estimate, only about 90 documents would make it to the review process. Of these 90 documents in current use, the fact that they are in current use makes it more likely that they still contain SGI. Assuming that 20 percent of the reviewed documents are decontrolled, only about 18 documents that were once designated as SGI would be decontrolled. Assuming that the NRC possesses half of those decontrolled documents, the 2008 review would result in possibly 9 SGI- designated documents per power reactor site being made public. In 2018, the second ten-year review would be conducted of SGI- designated documents created prior to 2008. More documents will have been added to the total inventory, but many will have been retired. Assuming that very few documents 20 years or older are likely to exist, the Commission believes that there could be as many as 2,300 SGI- designated documents per power reactor site that are ten years or older in 2018.\15\ Applying the assumptions used above yields 230 documents requiring a review, with about 46 documents being decontrolled, and with possibly 23 documents per site being made public on the NRC ADAMS system. It must be noted that the number of documents projected as being decontrolled by this process might be overstated because, prior to the ten-year review, SGI-designated documents in current use would be decontrolled if the user recognizes that the document no longer contains SGI. --------------------------------------------------------------------------- \15\ It might be the case, however, that many of these 2300 SGI- designated documents would be destroyed, pursuant to the requirements of Sec. Sec. 73.22(i) and 73.23(i) in the final rule, because they would be no longer needed. --------------------------------------------------------------------------- On top of the initial task of cataloguing documents and the reviews required every ten years, documents would have to be added to the catalog as they were being created, which would be about 235 per year for each power reactor site. This is another cost that must be considered. Finally, one must consider costs to holders of SGI other than the power reactors. These costs are relatively minor compared to the 64 power reactor sites but are included in the calculations. The numbers clearly show that cataloguing is the overwhelming factor for costs because of the large number of documents involved. The entire initial cataloguing cost for all entities is estimated to be $1.6M dollars and the entire annual cataloguing cost is estimated at $110K dollars. The entire cost of performing the 2008 review is estimated to be $100K dollars, which includes review of the selected documents, communication of decontrol determinations to other holders of the decontrolled documents, and NRC action on these communications. The entire cost of performing the 2018 review is estimated at $270K dollars. To put the costs and benefits in perspective, useful measures to look at are the cost per decontrolled document and the cost per document possibly made public by the NRC. For power reactors as of the 2018 review, the estimated cost per decontrolled document is about $750 and the estimated cost per document possibly made public by the NRC is about $1500.\16\ In light of the preceding analysis, the Commission believes that the costs of performing this review do not justify the benefits and is removing the ten-year review requirement from the rule. --------------------------------------------------------------------------- \16\ It is appropriate to consider only power reactors here because the overwhelming majority of SGI documents in the possession of private entities are possessed by power reactors. Therefore, power reactors bear the overwhelming majority of the review's costs. --------------------------------------------------------------------------- A possible modification to the ten-year review requirement involving a review every ten years of all SGI documents ten years or older would also not justify retention. If the ten-year review encompassed all SGI documents older than ten years, those in current use as well as those that are not, the cataloguing costs would remain, but the reviewing costs would increase because there would be additional documents to review. It is true that with the review of more SGI documents, potentially more SGI documents would be decontrolled, but it is unclear how many such additional documents would actually be reviewed. Many SGI documents no longer currently used would likely be documents ``no longer needed,'' which are required to be destroyed pursuant to final Sec. Sec. 73.22(i) and 73.23(i). This would probably amount to roughly half of the SGI-designated documents ten years or older. Comment: A commenter asserts that it is impractical to have the NRC approve the decontrol of documents generated by other agencies and that sometimes the individual in an organization who made the original SGI determination is unavailable. The commenter suggests that the proposed text of Sec. Sec. 73.22(h) and 73.23(h) be modified to allow other authorized individuals within the [[Page 63559]] organization that made the original SGI determination to decontrol the document. Another commenter echoes this request. Response: In response to these comments, the Commission is clarifying the text in Sec. Sec. 73.22(h) and 73.23(h) to state that the authority to determine that documents originally containing SGI must be removed from the SGI category may be exercised by the NRC, with the approval of the NRC, or in consultation with the individual or organization that made the original determination. Section 73.23. Comment: A commenter asserts that for shipments of Category 1 materials, which are not routine, schedules and itineraries of a shipment constitute information that, if disclosed, could reduce the security of the shipment. For the more routine Category 2 RAMQC shipments, the commenter states that it is not clear from the proposed rule that relevant security information will accompany these shipments. The commenter believes that the following statement from the proposed rule in the discussion for Sec. 73.23 adds confusion to the issue: ``Scheduling and itinerary information used for the purpose of preplanning, coordination and advance notification may be shared with others on a `need to know' basis and need not be designated as Safeguards Information-Modified Handling.'' (71 FR 64004, 64063; October 31, 2006). Response: It is not clear what the commenter means when referring to ``relevant security information'' accompanying Category 2 RAMQC shipments. The statement from the rule text which the commenter quotes is consistent with the Commission's recent determination, discussed earlier in this Notice, that information relating to the shipment of Category 2 RAMQC need not be designated and controlled as SGI-M. Rather, such information may be shared on a ``need -to-know'' basis. Section 73.23(a). Comment: A commenter requests that Sec. 73.23(a) be modified to correspond to Sec. 73.22(a), which deleted the undefined terms ``additional security measures,'' ``protective measures'' and ``interim compensatory measures.'' Response: The Commission agrees with this comment and has deleted the terminology above from Sec. 73.23(a). Section 73.59. Comment: One commenter stated that Sec. 73.59 should be revised to permit a licensee to recognize a background check conducted in accordance with the final rule by another NRC or Agreement State licensee. The commenter believes that this change would help allow a licensee to sub-contract work to other licensees where it may be necessary to divulge SGI to the contracted licensee in order for the maintenance activity to be performed safely. The commenter's suggested revision would state that an ``employee of an NRC or Agreement State licensee who has undergone criminal history and background checks in accordance with or equivalent to those required by 10 CFR 73.22(b) or 73.23(b).'' Response: Section 73.59 of the rule provides relief from the fingerprinting and criminal history records check requirements set forth in Section 149 of the AEA for limited categories of individuals set forth in Sec. 73.59(1) through (9). Those categories of individuals are considered to be trustworthy and reliable by virtue of their occupational status and have either already undergone a background check or criminal history records check as a condition of their employment, or are subject to direct oversight by government authorities in their day-to-day job functions. The categories of individuals specified in Sec. 73.59 include governmental employees at the federal, state or local level or certain NRC-certified representatives of the International Atomic Energy Agency. In addition, any agent, contractor, or consultant of those categories of individuals is also exempt provided equivalent criminal history and background checks to those required by Sec. Sec. 73.22(b) or 73.23(b) have been performed. The Commission has determined not to adopt the language the commenter has proposed to extend the exemption to an even broader category of non-governmental individuals. However, a mechanism exists in Sec. 73.57(f)(3) of the current regulations for the transfer to another licensee of personal information obtained on an individual obtained from a criminal history records check, provided the conditions specified in paragraphs (f)(3)(i) and (ii) are met. Comment: An Agreement State requests the NRC to continue its ``previous policy of exempting from its trustworthiness and reliability reviews (and related fingerprinting and criminal history records checks) those individuals designated by the Governor of a State as needing access to SGI, regardless of whether those individuals are State employees.'' According to the State, this exemption is allowed by law and ``is a matter of respect and comity'' because ``the NRC should * * * trust the duly elected Governor of a sovereign state to designate only those individuals who may be trusted with access to SGI.'' Response: NRC regulations historically relieved licensees authorized to operate power reactors from requiring specified categories of individuals to undergo criminal history records checks (including fingerprinting) for access to SGI. The exempt categories of individuals included the ``Governor of a State, or his or her designated representative.'' See, e.g., 10 CFR 73.57(b)(2)(ii). Limiting the scope of the relief granted to the above category of licensees reflected the narrow scope of NRC's previous statutory authority under Section 149 of the AEA to require fingerprinting. The EPAct amended Section 149 of the AEA to obligate the NRC to require individuals or entities (including licensees or applicants for licenses to engage in any activity subject to regulation by the Commission), to fingerprint any individual seeking access to SGI. However, the EPAct preserved NRC's authority under Section 149.b. of the AEA to relieve, by rule, persons from the obligations imposed by Section 149, upon specified terms, conditions, and periods, if the Commission makes findings that such action is consistent with its obligations to promote the common defense and security and to protect the health and safety of the public. The NRC exercised that authority in a final rule that added to part 73 a new Sec. 73.59, ``Relief from fingerprinting, identification and criminal history records checks and other elements of background checks for designated categories of individuals.'' Final rule, Relief from Fingerprinting and Criminal History Records Check for Designated Categories of Individuals (June 13, 2006; 71 FR 33989). The rule was needed to enable the Commission to continue to share SGI with certain categories of individuals seeking access to SGI from non-power reactor licensees or from the Commission without subjecting them to the expanded criminal history records checks required by the EPAct. (71 FR 33989). The rule continued the relief previously granted in Sec. Sec. 73.21 and 73.57, but expanded and lengthened the categories of individuals relieved by the rule from the fingerprinting and criminal history records checks. (71 FR 33989, 33990). In promulgating the rule, the Commission specifically found the rule to be consistent with its obligations to promote the common defense and security and to protect the health and safety of the public. (71 FR at 33990). Because trustworthiness and reliability determinations are based upon background checks, the State's comments are relevant to Sec. 73.59. Section 73.59 exempts a number of categories of individuals from the otherwise applicable background check [[Page 63560]] requirements for access to SGI, including criminal history records checks (and fingerprinting). See proposed rule, Protection of Safeguards Information (October 31, 2006; 71 FR 64004). The proposed SGI rule added, as Sec. 73.59(k), a new category of exempt individuals consisting of ``any agent, contractor, or consultant of the aforementioned persons who has undergone equivalent criminal history records and background checks to those required by 10 CFR 73.22(b) or 73.23(b).'' (71 FR at 64006). Another category of exempt individuals is set forth in Sec. 73.59(e), for ``the Governor of a State or his or her designated State employee representative.'' The rationale for this category and other categories of exempt individuals is that the individuals described in those categories ``are considered trustworthy and reliable to receive SGI by virtue of their occupational status and have either already undergone a background or criminal history check as a condition of their employment, or are subject to direct oversight by government authorities in their day-to-day job functions.'' (71 FR 33990). A Governor's designated State employee representative is considered to be trustworthy and reliable because of the employee's occupational status--reporting to and vouched for by the Governor and the fact that the employee is subject to direct employment oversight by a high-level government official in the employee's day-to-day job functions. Under the exemption in former Sec. 73.57 for Governor- designated representatives, a non-employee of a State would have been exempt from the criminal history records check (including fingerprinting). A non-employee would not necessarily have undergone a criminal history records check as part of the background check. In addition, the non-employee would not be subject to direct oversight by high-level government authorities in that individual's day-to-day job functions. Therefore, the Commission narrowed that specific exemption to include only state employee representatives designated by a Governor. The Commission is well within its authority under Section 149 of the AEA to so limit the specific exemption in Sec. 73.59(e). Moreover, the State's comment does not account for the applicability of the exemption in Sec. 73.59(k) for an agent, contractor, or consultant of the categories of individuals specified in Sec. 73.59 who have undergone effective criminal history records checks as part of background checks. Thus, designated representatives of a Governor meeting the equivalency provision would not have to undergo a separate check prior to being granted access to SGI. Given the availability of this exemption for individuals not included in Sec. 73.59(e) and for the reasons set forth above, the Commission declines to make the changes in the rule requested by the State. Regulatory Analysis. Comment: According to a commenter, the proposed rule incorrectly states that the rule would be implemented in FY 2005 and 2006. Because the commenter stated that the earliest it could be implemented is in FY 2007, the commenter concluded that the regulatory analysis is flawed because it uses 2005 dollars. Response: The Commission has modified the regulatory analysis to state dollars as FY 2007 dollars. Comment: A commenter asserts that the regulatory and backfit analyses fail to calculate the substantial cost to power reactor licensees for modifying their existing SGI process and adding the ten- year review. The commenter asks that these analyses consider the actual substantial cost of rule implementation regarding power reactor licensee costs to modify SGI programs and the significant costs of the ten-year review required by proposed Sec. 73.22(h), and suggests that the rulemaking be delayed until accurate regulatory and backfit analyses are completed. Response: The Commission disagrees that the regulatory analysis fails to calculate the cost to power reactors for modifying their existing SGI programs. The cost for such modifications are reflected in both the draft and final regulatory analyses. Additionally, the regulatory analysis has been changed to account for the increased number of power reactor applicants and to use power reactor costs for power reactor applicants. There is no item in the regulatory analysis reflecting the ten-year review requirement because this review requirement is not being retained in the final rule. In the response to comments on the ten-year review requirement, however, the Commission provides a brief analysis of the costs and benefits of the ten-year review in explaining its decision not to retain the requirement. As for the backfit analysis requested by the commenter, the Commission has determined in section XII of this document that a backfit analysis is not required. As explained therein, the Commission has determined that many of the requirements imposed by the final rule are not backfits. Those requirements that are backfits have been determined to be necessary to ensure that the facilities and materials described in the final rule provide adequate protection to the public health and safety and are in accord with the common defense and security, as applicable. Therefore, a backfit analysis is not required and the cost-benefit standards of Sec. Sec. 50.109(a)(3), 70.76, 72.62, and 76.76, do not apply. Comment: A commenter characterizes the NRC's regulatory and backfit analyses as too qualitative in their assessments of the benefits provided by the rule, and that the regulatory analysis should contain quantitative evidence to support the conclusion that the benefits of the rule outweigh the costs. The commenter believes that topics where quantitative benefits analyses are desirable include (1) the added safety benefits from requiring transporters of nuclear materials to follow both DOT and NRC marking requirements and (2) how much of the additional material protected under the final rule has been released to the public because of the lack of the final rule's requirements. The commenter asks that the rulemaking be delayed until accurate regulatory and backfit analyses are completed. Response: The Commission believes that it is appropriate to describe the benefits of the rule in qualitative rather than quantitative terms, and that further efforts to quantify the rule's benefits in the Regulatory Analysis would be of little use and potentially misleading. Qualitative discussion of the unquantifiable values and impacts of a rule is expressly provided for in NUREG/BR- 0058, Revision 4, ``Regulatory Analysis Guidelines of the U.S. Nuclear Regulatory Commission.'' \17\ --------------------------------------------------------------------------- \17\ NUREG/BR-0058, Rev. 4, p. 24. --------------------------------------------------------------------------- Regarding the benefit of requiring transporters of nuclear materials to follow both DOT and NRC marking requirements, the benefit is the simple, but essential, one of informing holders of the document which handling and disclosure requirements apply to the document. If a document containing SGI, but only marked with DOT markings, were transmitted to another individual, that individual would not know that SGI requirements apply to the document. Because DOT and SGI requirements differ, the recipient of the document containing SGI would likely not comply with all of the SGI handling requirements. The benefits of using NRC markings need not be quantified. The Commission also does not consider it a useful measure to quantify how much additional material protected under the rule has historically been released to the public because of the [[Page 63561]] lack of the rule's requirements. First, a relatively small quantity of SGI obtained by one determined individual for nefarious purposes could be more dangerous than a larger quantity of material obtained by several people with peaceful intentions. Second, the request misses the point that security orders issued since September 11, 2001, have imposed SGI protection requirements above and beyond those imposed by the current rule. There is no recent experience with the current rule as a baseline from which to make the requested calculation, even if such a calculation produced a useful measure. Finally, with respect to a quantitative analysis of benefits in a backfit analysis, the Commission has determined that a backfit analysis is not necessary for this rule, as explained in the response to the previous comment. B. Analysis of Changes Made in the Final Rule to the Text of the Revised Proposed Rule Change from ``criminal history check'' to ``criminal history records check.'' Throughout the rule, references to ``criminal history check'' have been revised to read ``criminal history records check.'' This change is being made for consistency with Sec. 73.59, ``Relief from fingerprinting, identification and criminal history records checks and other elements of background checks for designated categories of individuals.'' Analysis of part 2 changes to the proposed rule text. Part 2 Authority citation. The authority citation for part 2 is being updated from the version in the revised proposed rule to cite Sections 147 and 149 of the AEA, as amended, as opposed to just the EPAct amendment to Section 149, and to correct a typo in the authority citation for Appendix A. Renumbering of SGI-related provisions in Sec. 2.705. Proposed Sec. 2.705(c)(2)-(c)(7), which contains SGI access procedures for discovery in Subpart G adjudications, was misnumbered. Proposed Sec. 2.705(c)(2)-(c)(7) will be moved to Sec. 2.705(c)(3)- (c)(8) in the final rule, and Sec. 2.705(c)(2) in the current rules will be retained in its current form. Clarifying the scope of SGI access procedures for discovery in adjudications. Proposed Sec. Sec. 2.336(f), 2.705(c)(3)-(c)(8) (2.705(c)(2)- (c)(7) in the revised proposed rule), 2.709(f), and 2.1010(b)(6) contain SGI procedures for discovery in adjudications. There are other areas of discovery in adjudications, however, that are not explicitly covered by the proposed rule. Specifically, disclosures in subpart G adjudications by parties other than the NRC staff are covered under Sec. 2.704. To clarify the intent of the rule, a new Sec. 2.704(f) is added, which reads as follows: ``Disclosure under this section of documents and records including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act of 1954, as amended, will be according to the provisions in Sec. 2.705(c)(3)-(c)(8).'' Also, Sec. 2.1010 in subpart J speaks only to the powers of the Pre- Application Presiding Officer (PAPO), but there might be document discovery in the High-Level Waste proceeding after the PAPO dissolves. Therefore, a new Sec. 2.1018(h) is added with the following text: ``Discovery under this section of documentary material including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act of 1954, as amended, will be according to the provisions in Sec. 2.1010(b)(6)(i)-(b)(6)(vi).'' Change from ``Chairman of the Atomic Safety and Licensing Board Panel'' to ``Chief Administrative Judge.'' There are several instances in the revised proposed rule text in which the term ``Chairman of the Atomic Safety and Licensing Board Panel'' is used to refer to the head of the Atomic Safety and Licensing Board Panel. The Commission has decided to change this term to ``Chief Administrative Judge'' in the final rule to reflect the usage of Sec. 1.15. The change will be made in Sec. Sec. 2.336(f)(1)(iv), 2.705(c)(3)(iv), 2.709(f)(1)(iv), 2.1010(b)(6)(i)(D), and 73.57(e)(3). Clarification of jurisdiction when a presiding officer has yet to be appointed. The term ``presiding officer'' is used throughout Sec. 2.336(f), but there may be instances in which adjudicatory decisions related to SGI need to be made prior to the designation of a presiding officer. For instance, a person seeking participation in an adjudication may desire access to SGI to proffer a contention but may be denied access because of an adverse ``need to know'' or trustworthiness and reliability determination. Disputes in such cases should be resolved as quickly as possible and not await the appointment of a presiding officer. To account for this situation, a new Sec. 2.336(f)(7) has been added with the following text: ``If a presiding officer has yet to be appointed, the authority to take the actions described in (f)(1) to (f)(6) resides in the officer with jurisdiction under Sec. 2.318(a).'' Changes related to adverse trustworthiness and reliability determinations in adjudications. The Commission is changing proposed Sec. 2.336(f)(1)(ii)-(iii) to clarify that the protections referred to therein are to be afforded before a final adverse determination. After an adverse determination becomes final, the appeal procedures in Sec. 2.336(f)(1)(iv) can be used. Conforming changes have also been made to Sec. Sec. 2.705(c)(3)(ii)-(iii), 2.709(f)(1)(ii)-(iii), and 2.1010(b)(6)(i)(B)- (C). With respect to the appeal procedures in Sec. 2.336(f)(1)(iv), the rule has been modified to require designation of an officer other than the presiding officer for review of final adverse determinations in all instances, rather than leaving such matters to the discretion of the Chief Administrative Judge. Conforming changes were also made to Sec. Sec. 2.705(c)(3)(iv), 2.709(f)(1)(iv), and 2.1010(b)(6)(i)(D). The Commission is modifying Sec. 2.336(f)(1)(iii) by replacing the last sentence in the revised proposed rule with more appropriate language. The last sentence in the revised proposed rule states that ``before an adverse determination on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections provided by Sec. 73.57.'' The protections referred to in Sec. 73.57(e)(1)-(2), however, apply only to criminal history records checks, and proposed Sec. 2.336(f)(1)(ii) already references those same protections specifically for criminal history records checks.\18\ Therefore, the last sentence in Sec. 2.336(f)(1)(iii) is superfluous when read in a literal manner, duplicating the effect of the reference in Sec. 2.336(f)(1)(ii). --------------------------------------------------------------------------- \18\ Although a background check is based upon a criminal history records check, it is also based upon other elements, such as employment history, education, and personal references. --------------------------------------------------------------------------- The Commission, however, considers it proper to provide the essential rights contained in Sec. 73.57(e)(1)-(2) for components of the background check other than the criminal history records check. For criminal history records checks, the essential rights provided by Sec. 73.57(e)(1)-(2) are (1) access to the criminal history record and (2) the option within ten days to challenge the completeness and accuracy of the information contained in that record by providing additional information and/or explanation. By analogy, the Commission believes that for components of the background check other than the criminal history records check, individuals subject to an adverse trustworthiness and reliability [[Page 63562]] determination should have access to the records that were considered in the trustworthiness and reliability determination. These individuals should also be able to provide additional information and/or an explanation to the Office of Administration within ten days, and the Office of Administration should promptly resolve the challenge presented by the individual. Therefore, the last sentence in Sec. 2.336(f)(1)(iii) is being replaced with language that provides the essential rights of Sec. 73.57 for components of the background check other than the criminal history records check. Conforming changes are also being made to Sec. Sec. 2.705(c)(3)(iii), 2.709(f)(1)(iii), and 2.1010(b)(6)(i)(C). The Commission has decided to replace ``[p]articipants, potential witnesses, and attorneys'' in proposed Sec. Sec. 2.336(f)(1)(iv), 2.705(c)(3)(iv), 2.709(f)(1)(iv), and 2.1010(b)(6)(i)(D) with ``[i]ndividuals seeking access to Safeguards Information to participate in an NRC adjudication.'' The proposed language did not cover consulting experts who are not expected to be witnesses, and the word ``participant'' was not defined by the rule and may have caused confusion. A similar change is also being made to Sec. 73.57(e)(3). The language in the final rule better reflects Commission intent and mirrors the language in Sec. Sec. 2.336(f)(1)(i), 2.705(c)(3)(i), 2.709(f)(1)(i), and 2.1010(b)(6)(i)(A). In proposed Sec. 2.1010(b)(6)(i)(D) regarding review of adverse trustworthiness and reliability determinations, instances of ``presiding officer'' have been changed to ``Pre-License Application Presiding Officer.'' Clarification of presiding officer authority regarding protective orders in adjudications. Proposed Sec. 2.336(f)(2) would give the presiding officer the authority to include in an order any protective terms and conditions as may be necessary and appropriate to limit disclosure of SGI to parties, interested governmental entities participating under Sec. 2.315(c), and their qualified witnesses and counsel. This list of individuals and entities, however, is not exhaustive and does not adequately convey the intended coverage of Sec. 2.336(f)(2). See 71 FR 64029. Therefore, proposed Sec. 2.336(f)(2) has been changed to the following: ``The presiding officer may include in an order any protective terms and conditions (including affidavits of nondisclosure) as may be necessary and appropriate to prevent the unauthorized disclosure of Safeguards Information.'' Conforming changes are also being made to Sec. Sec. 2.705(c)(4) (Sec. 2.705(c)(4) in the revised proposed rule), 2.709(f)(2), and 2.1010(b)(6)(ii). Changes regarding civil and criminal penalties. Sections 2.336(f)(5), 2.705(c)(7), 2.709(f)(5) and 2.1010(b)(6)(v) will be modified to clarify that a violation only of provisions for the protection of SGI from unauthorized disclosure in an adjudicatory order will be subject to civil penalties under Sec. 2.205. Similarly, changes have also been made to sections 2.336(f)(6), 2.705(c)(8) (2.705(c)(7) in the proposed rule), 2.709(f)(6), and 2.1010(b)(6)(vi), to specify that criminal penalties are available only with respect to violations of provisions in adjudicatory orders related to the protection of SGI from unauthorized disclosure. Clarification of the application of Sec. Sec. 73.21, 73.22, and 73.23 in adjudications. The word ``participant'' in proposed Sec. 2.336(f)(3) is being replaced in the final rule by ``anyone'' to better reflect the intent of the rule (71 FR 64030), and to avoid using the word ``participant,'' which is not defined in the rule and may, therefore, cause confusion. ``Anyone'' in final Sec. 2.336(f)(3) should be interpreted in the broadest manner. Conforming changes are also being made to Sec. Sec. 2.705(c)(5) (2.705(c)(4) in the revised proposed rule) and 2.709(f)(3). Minor change in terminology. The phrase ``delegate of the Executive Director for Operations'' in Sec. 2.709(f)(1) will be changed to ``delegee of the Executive Director for Operations'' to conform with the usage throughout the rest of Sec. 2.709. Section by section analysis of remaining changes to the proposed rule text. Section 30.4 Definitions. A definition of ``quantities of concern'' is added, which is identical to the definition of that term in parts 2 and 73. Defining that term in part 30 will assist licensees, applicants, and other persons subject to part 30 in determining the applicability to their activities of the requirements for the protection of SGI in part 73. Section 30.32 Application for specific licenses. In paragraph (j), the references to Sec. Sec. 73.21 and 73.23 are modified to read ``Sec. 73.21, 73.22, and/or 73.23, as applicable.'' This change correctly denotes the applicable sections of part 73 relating to a part 30 licensee's or applicant's protection against unauthorized disclosure of SGI. In addition, the phrase ``subject to the requirements of part 73 of this chapter'' is being deleted because byproduct material licensees are not subject to part 73 other than requirements relating to SGI. Section 30.34 Terms and conditions of licenses. In paragraph (j), the phrase deleted from 30.32(j) is also deleted in this paragraph for the same reason. Section 40.31 Application for specific licenses. In paragraph (m), the words ``or conversion'' are added after ``production'' for a more complete statement of the type of facility to which this requirement applies. Also, the phrase ``subject to the requirements of part 73 of this chapter'' is being deleted because applicants for source licenses are not otherwise subject to part 73. Section 40.41 Terms and conditions of licenses. In paragraph (h), the phrase ``subject to the requirements of part 73 of this chapter'' is being deleted because applicants for source licenses are not otherwise subject to part 73. Section 60.42 Conditions of license. In paragraph (d), ``(Department of Energy)'' is added after ``licensee'' to clarify that the licensee is the Department of Energy. Section 63.42 Conditions of license. In paragraph (e), ``(Department of Energy)'' is added after ``licensee'' to clarify that the licensee is the Department of Energy. Section 72.44 License conditions. In paragraph (h), the phrase ``subject to the requirements of part 73 of this chapter'' is being deleted because the licenses under part 72 are only subject to the requirements in part 73 relating to the protection of SGI. Part 73 Authority citation. The authority citation for part 73 is being updated from the version in the proposed rule to reflect the correct citation of the Energy Policy Act. Part 73 Changes of Wide Applicability. Throughout part 73, references to ``SGI'' have been changed to ``Safeguards Information'' and references to ``SGI-M'' have been changed to ``Safeguards Information-Modified Handling.'' Also, throughout part 73, references to ``Safeguards Information- Modified Handling'' have been changed to clarify that Safeguards Information-Modified Handling is in fact Safeguards Information, but subject to handling requirements modified from the specific Safeguards Information handling requirements that are applicable to Safeguards Information needing a higher level of protection. Section 73.2 Definitions. The definition of background check is changed to add a reference to the [[Page 63563]] Federal Bureau of Investigation (FBI) criminal history records check. This reference is necessary because the criminal history records check is performed by the FBI. In addition, the parenthetical at the beginning of the definition is being changed to read ``* * * (including verification of identity based on fingerprinting) * * *.'' This is a more complete statement of the elements of a criminal history records check. In the definition of ``need to know,'' the phrase ``incorporated into another document by the recipient'' has been revised to include ``incorporated into another document or other matter by the recipient.'' This revision reflects a change made for consistency throughout the rule text (see, e.g., Sec. 73.22(a)(1)(vii)). The definition is also revised to clarify that Safeguards Information includes Safeguards Information designated as Safeguards Information-- Modified Handling. The definition of Safeguards Information--Modified Handling is revised to read ``the designation or marking applied to Safeguards Information which the Commission has determined requires handling requirements modified from the specific Safeguards Information handling requirements that are applicable to Safeguards Information needing a higher level of protection.'' The last phrase of the definition has been added to reiterate the reason for the difference between the handling requirements for SGI-M and those for other SGI. The definition of ``Trustworthiness and reliability'' is italicized. In addition, the last sentence of the definition is changed to read ``A determination of trustworthiness and reliability for this purpose is based upon a background check.'' This change is needed to distinguish ``trustworthiness and reliability'' for the purpose of access to SGI from ``trustworthiness and reliability'' for the purpose of determining personnel access authorization requirements for nuclear power plants under Sec. 73.56. The definition is also revised to clarify that Safeguards Information includes Safeguards Information designated as Safeguards Information--Modified Handling. Section 73.21 Protection of Safeguards Information: Performance Requirements. In paragraph (a), a reference is added to a ``certificate holder'' as a person to whom the general performance requirement in Sec. 73.21 applies. These changes are needed for a complete statement of the applicability of Sec. 73.21. In paragraph (a)(i), the phrase ``uranium hexafluoride production facilities'' is changed to read ``uranium hexafluoride production or conversion facilities.'' This is a conforming change to that made in Sec. 40.31. In paragraph (a)(1)(ii), the phrase ``source, byproduct, or special nuclear material in greater than or equal to Category 2 quantities of concern * * *'' is changed to read ``source material, or byproduct or special nuclear material in greater than or equal to Category 2 quantities of concern * * *.'' The reason for this change is to accurately state the materials included in RAMQC. Also, the reference to ``transportation of greater than or equal to Category 2 quantities of concern'' is changed to ``transportation of source, byproduct, or special nuclear material in greater than or equal to Category 1 quantities of concern.'' The Commission has determined that information relating to the transportation of Category 2 RAMQC need not be protected as SGI-M and may be shared on a ``need-to-know'' basis. A new paragraph, (a)(iii), is added to Sec. 73.21, to state that if the Safeguards Information is not described in paragraphs (a)(1)(i) and (a)(1)(ii), it shall be protected in accordance with the requirements of Sec. 73.22. Although paragraph (a) already requires that each licensee, certificate holder, applicant, or other person who produces, receives, or acquires SGI shall ensure that it is protected against unauthorized disclosure, protecting SGI as SGI-M under Sec. 73.23 could potentially constitute a violation of the protection requirements for SGI. Protecting the information, whether SGI or SGI-M, under Sec. 73.22 would remove the potential for such a violation. Section 73.22 Protection of Safeguards Information: Specific Requirements. The first paragraph of this section is changed to add the words ``or conversion'' after ``production'' for a more complete statement of the type of facility to which this requirement applies. Also, a phrase is added clarifying that the requirements of Sec. 73.22 apply to persons subject to the requirements of Sec. 73.21(a)(1)(i). At the end of the paragraph, the phrase ``and Safeguards Information in the hands of any person subject to the requirements of Sec. 73.21(a)(1)(iii)'' is added as a cross-reference to the new paragraph in Sec. 73.21(a)(1)(iii) (requiring persons to follow the provisions of Sec. 73.22 in protecting Safeguards Information not described in paragraphs (a)(1)(i) and (a)(1)(ii) of Sec. 73.21). In paragraph (a)(1)(vii), the words ``or other matter'' are added after ``identified in the documents.'' This change removes inconsistencies in the proposed rule text with respect to terminology for ``documents,'' or ``documents or other matter'' or ``documents or other media.'' Unless otherwise noted, the term ``documents or other matter'' will be used throughout the rule text. The cross-reference in paragraph (a)(1)(xi) to ``Sec. 73.1'' is being corrected to state ``Sec. 73.1(a)(1) or (a)(2).'' This change is necessary because two ``Design Basis Threats'' (DBT) are described in Sec. 73.1. Also, the reference to the adversary characteristics document ``or other implementing guidance'' is changed to the adversary characteristics document ``and related information, including implementing guidance,'' to more clearly describe the documents to be protected. In response to a comment regarding the meaning of the term ``safe havens'' in paragraph (a)(2)(iv), the following change to paragraph (a)(2)(iv) is being made: ``* * * safe havens identified along the transportation route.'' This change adds specificity to the term ``safe havens.'' For the same reason, a conforming change is being made to Sec. 73.23(a)(2)(iii). In paragraph (b)(1), the acronym ``FBI'' is inserted after ``Federal Bureau of Investigation'' and the word ``records'' is inserted following ``criminal history.'' These changes are needed for the sake of accuracy. Conforming changes are being made to Sec. 73.23(b)(1). In paragraph (b)(4), the phrase ``other than those specified in Sec. 73.59,'' is being removed. This phrase would have excluded persons identified in Sec. 73.59 from the process prescribed in the paragraph for ``need to know'' determinations in adjudications. This exclusion is being deleted because persons identified in Sec. 73.59 are exempt from elements of background checks, not from the ``need to know'' requirement. Also, the process described in paragraph (b)(4) applies just as well to persons identified in Sec. 73.59 as it does to other persons, and the rule does not elsewhere prescribe a separate process for ``need to know'' determinations for individuals identified under Sec. 73.59. The same change is being made in Sec. 73.23(b)(4). In paragraph (d)(2), language has been added to make clear that a transmittal document without SGI can only be decontrolled if the document does not otherwise warrant protection from unauthorized disclosure. Conforming changes are being made in Sec. 73.23(d)(2). [[Page 63564]] The language in paragraph (f)(3) has been modified to specify that the standard method for Internet e-mail encryption is Federal Information Processing Standard [FIPS] 140-2, or later, that is approved by the appropriate NRC Office. In paragraph (g)(2), changes have been made to allow data to be saved on ``either the removable storage medium that is used to boot the operating system, or on a different removable storage medium.'' This change provides more flexibility regarding the storage of SGI. However, a new paragraph (g)(4) has been added to specify that any electronic system that has been used for storage, processing or production of Safeguards Information must be free of recoverable Safeguards Information prior to being returned to nonexclusive use. In response to comments, the second and third sentences of paragraph (h), which require a review every ten years of documents ten years or older that are in current use or out of storage, will not be retained in the final rule. The Commission believes that the benefits of the requirement would be outweighed by the costs, as explained in more detail in the response to the comments in this document recommending deletion of the requirement. For the same reason, a conforming change is being made to Sec. 73.23(h). Also, in the rule's provisions on the authority to decontrol documents that have been designated as containing SGI, paragraph (h) will be changed to make clear that SGI can be decontrolled by the NRC, with NRC approval, or in consultation with the individual or organization which made the initial determination. For the same reason, a conforming change is being made to Sec. 73.23(h). Section 73.23 Protection of Safeguards Information-Modified Handling: Specific Requirements. In the first paragraph of this section, a phrase is added clarifying that the requirements of Sec. 73.23 apply to any person subject to the requirements of Sec. 73.21(a)(1)(ii). Also, the reference to ``transportation of greater than or equal to Category 2 quantities of concern'' is changed to ``transportation of source, byproduct, or special nuclear material in greater than or equal to Category 1 quantities of concern.'' The Commission has determined that information relating to the transportation of Category 2 RAMQC need not be protected as SGI-M and may be shared on a ``need-to-know'' basis. For the same reason, a conforming change is being made to paragraph (a)(2). In paragraph (b)(3), the phrase ``exempt from the background check requirements'' is changed to ``exempt from the criminal history records check and background check requirements'' to clarify that the criminal history records check is included in the exemption because it is part of a background check. In paragraph (f)(3), the phrase ``encryption * * * approved by'' has been modified as ``encryption by a method * * * approved by'' to clarify that Federal Information Processing Standard [FIPS] 140-2 is a method of encryption. In paragraph (g)(1), the requirements for marking, removal and storage of typewriter ribbons have been modified to add proper marking of the ribbons. A new paragraph (g)(4) has been added to specify that any electronic system that has been used for storage, processing or production of Safeguards Information designated as Safeguards Information-Modified Handling must be free of recoverable Safeguards Information designated as Safeguards Information-Modified Handling prior to being returned to nonexclusive use. Section 73.57 Requirements for criminal history records checks of individuals granted unescorted access to a nuclear power facility or access to Safeguards Information. In paragraph (b)(2)(i), the word ``or'' before the parenthetical is being deleted because itis not needed. In paragraph (e)(3), ``Chairman of the Atomic Safety and Licensing Board Panel'' is being changed to ``Chief Administrative Judge,'' because the latter term is the correct one. Also, language has been changed to provide that individuals seeking access to SGI to participate in adjudications may request review of final adverse trustworthiness and reliability determinations made by the NRC Office of Administration. Section 73.59 Relief from fingerprinting, identification and criminal history records checks and other elements of background checks for designated categories of individuals. In the title and introductory paragraph of this section, the words ``other elements of'' are being inserted before ``background checks'' because criminal history records checks (comprised of fingerprinting, verification of identity, and a review of criminal history records) are part of a ``background check.'' Also, in the introductory paragraph and in paragraph (f), ``Safeguards Information or Safeguards Information designated as Safeguards Information-Modified Handling'' is revised to read ``Safeguards Information, including Safeguards Information designated as Safeguards Information-Modified Handling,'' to emphasize that SGI-M is SGI. Section 76.113 Formula quantities of strategic special nuclear material--Category I. In paragraph (c) of this section, the phrase ``and parts 25 and 95'' is being deleted because those parts are not applicable to SGI. Section 76.115 Special nuclear material of moderate strategic significance--Category II. In paragraph (d), a sentence is being added to the end of this paragraph to indicate that information designated by the U.S. Department of Energy (DOE) as Unclassified Controlled Nuclear Information must be protected in accordance with DOE requirements. This requirement, also stated in Sec. 76.113, applies to Sec. 76.115. Section 76.117 Special nuclear material of low strategic significance--Category III. In paragraph (c), a sentence is being added to the end of this paragraph to indicate that information designated by the U.S. Department of Energy (DOE) as Unclassified Controlled Nuclear Information must be protected in accordance with DOE requirements. This requirement, also stated in Sec. Sec. 76.113 and 76.115, applies to Sec. 76.117. V. Criminal Penalties For the purpose of Section 223 of the Atomic Energy Act of 1954, as amended (AEA), the Commission is amending 10 CFR parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, and150 under one or more of Sections 147, 161b., 161i., or 161o. of the AEA. Willful violations of the rule will be subject to criminal enforcement. VI. Agreement State Issues The rule changes to parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, and 150 are considered to be Category NRC compatibility and therefore are areas of exclusive NRC authority. The Agreement State of Utah presented four comments on the following issues related to procedures applicable to SGI in adjudicatory contexts: (1) Whether intervenors should be required to make designation determinations for the SGI they create; (2) the extent to which the NRC staff should make SGI decontrol determinations for intervenors; (3) how SGI procedures relate to judicial appeals of NRC decisions; and (4) how ``need to know'' determinations in an adjudicatory context should be made and reviewed. The Agreement State of Nevada submitted four comments, one dealing with a Sec. 73.59 exemption from [[Page 63565]] the background check requirement, and the other three dealing with adjudicatory review of adverse trustworthiness and reliability determinations by the NRC Office of Administration. These eight comments, and the responses to them, can be found in the part 2 portion of the comments in Section IV.A.2 of this document. Each of the comments identifies that an agreement state was the submitter. VII. Voluntary Consensus Standards The National Technology Transfer Act of 1995 (Pub. L. 104-113), requires that Federal agencies use technical standards that are developed or adopted by voluntary consensus standards bodies unless the use of such a standard is inconsistent with applicable law or otherwise impractical. In this rule, the NRC is using the following Government- unique standard: National Institute of Standards and Technology, Federal Information Processing Standard [FIPS] PUB-140-2, ``Security Requirements for Cryptographic Modules,'' May 25, 2001. The NRC has determined that using this Government-unique standard is justified because no voluntary consensus standard has been identified that could be used instead. In addition, this Government-unique standard was developed using the same procedures used to create a voluntary consensus standard. VIII. Finding of No Significant Impact: Environmental Assessment The Commission has determined under the National Environmental Policy Act of 1969, as amended, and the Commission's regulations in subpart A of 10 CFR part 51, that this rule is not a major Federal action significantly affecting the quality of the human environment and, therefore, an environmental impact statement is not required. The basis for this determination is that the rule relates to the designation, handling and protection of SGI and the collection of information on which a determination to grant individuals access to this information is based. The determination of this environmental assessment is that there will be no significant environmental impacts from this action. The NRC has sent a copy of the environmental assessment and the revised proposed rule to every State Liaison Officer and requested comments on the environmental assessment. No State provided comments on the draft environmental assessment. IX. Paperwork Reduction Act Statement This final rule contains new or amended information collection requirements that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). These requirements were approved by the Office of Management and Budget, approval number 3150-0017; 0020; 0011; 0151; 0127; 0199; 0009; 0008; 0132; 0002; and 0032. The burden to the public for these information collections is estimated to average 10 hours per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the information collection. Send comments on any aspect of these information collections, including suggestions for reducing the burden, to the Records and FOIA/Privacy Services Branch (T-5 F52), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by Internet electronic mail to INFOCOLLECTS@NRC.GOV; and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202, (3150-0017; 0020; 0011; 0151; 0127; 0199; 0009; 0008; 0132; 0002; and 0032), Office of Management and Budget, Washington, DC 20503. Public Protection Notification The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid OMB control number. X. Regulatory Analysis The Commission has prepared a regulatory analysis on this final rule. The analysis examines the costs and benefits of the alternatives considered by the Commission. The regulatory analysis is available for inspection in the NRC Public Document Room, 11555 Rockville Pike, Rockville, MD 20852. The regulatory analysis is also available electronically via the Federal eRulemaking portal http://www.Regulations.gov, Docket number NRC-2005-0001. Single copies of the analysis may be obtained from the Office of the General Counsel, U.S. Nuclear Regulatory Commission, at 301-415-8350 or by e-mail at jason.zorn@nrc.gov. XI. Regulatory Flexibility Certification In accordance with the Regulatory Flexibility Act of 1980, 5 U.S.C. 605(b), the NRC has determined that this rule, if adopted, will not have a significant economic impact upon a substantial number of small entities. The NRC estimates that the regulation will affect approximately 152 NRC licensees, 87 Agreement State licensees, 200 state contacts, and 29 applicants for licenses. The NRC estimates that small businesses as defined by 10 CFR 2.810 comprise less than 1 percent of the total number of NRC licensees and state contacts affected by this regulation. The NRC does not have information on the small business status of the Agreement State licensees or applicants for NRC and Agreement State licenses affected by this regulation. Therefore, in its February 11, 2005, and October 31, 2006, Federal Register notices and the regulatory analyses for the proposed rules, the NRC requested public comments on the impact of the proposed rules on small businesses. No comments were received from entities identifying themselves as ``small businesses'' meeting the criteria in 10 CFR 2.810, ``NRC size standards.'' In the absence of information on the small business status of the Agreement State licensees and applicants for NRC and Agreement State licenses affected by this regulation, and based on the small proportion of NRC licensees that qualify as small entities, the NRC estimates that the number of small entities among these licensees is also less than 1 percent. For a small entity, the implementation burden imposed by the regulation is estimated to be 41.8 hours, and the annual burden is estimated to be 3.5 hours. The potential benefits of preventing disclosure of SGI by unauthorized persons significantly outweigh the economic impact on small licensees. XII. Backfit Analysis The Commission has concluded, on the basis of the documented evaluation in the regulatory analysis, that the majority of the requirements in the rule are not backfits as defined in 10 CFR 50.109(a)(4)(ii), 70.76(a)(4)(iii), 72.62, and 76.76(a)(4)(ii). The Commission has also concluded that the requirements in the rule that constitute backfits are necessary to ensure that the facilities and materials described in the rule provide adequate protection to the public health and safety and are in accord with the common defense and security, as applicable. Therefore, a backfit analysis is not required and the cost-benefit standards of 10 CFR 50.109(a)(3), 70.76, 72.62, and 76.76, do not apply. The documented evaluation in the regulatory analysis includes a statement of the objectives of and the reasons for the backfits that will be [[Page 63566]] required by the rule and sets forth the Commission's conclusion that these backfits are not subject to the cost-benefit standards of 10 CFR 50.109(a)(3), 70.76, 72.62, and 76.76. XIII. Congressional Review Act In accordance with the Congressional Review Act, the NRC has determined that this action is not a major rule and has verified this determination with the Office of Information and Regulatory Affairs of OMB. List of Subjects 10 CFR Part 2 Administrative practice and procedure, Antitrust, Byproduct material, Classified information, Environmental protection, Nuclear materials, Nuclear power plants and reactors, Penalties, Sex discrimination, Source material, Special nuclear material, Waste treatment and disposal. 10 CFR Part 30 Byproduct material, Criminal penalties, Government contracts, Intergovernmental relations, Isotopes, Nuclear materials, Radiation protection, Reporting and recordkeeping requirements. 10 CFR Part 40 Criminal penalties, Government contracts, Hazardous materials transportation, Nuclear materials, Reporting and recordkeeping requirements, Source material, Uranium. 10 CFR Part 50 Antitrust, Classified information, Criminal penalties, Fire protection, Intergovernmental relations, Nuclear power plants and reactors, Radiation protection, Reactor siting criteria, Reporting and recordkeeping requirements. 10 CFR Part 52 Administrative practice and procedure, Backfitting, Combined license, Early site permit, Emergency planning, Fees, Inspection, Limited work authorization, Nuclear power plants and reactors, Probabilistic risk assessment, Prototype, Reactor siting criteria, Redress of site, Reporting and recordkeeping requirements, Standard design, Standard design certification. 10 CFR Part 60 Criminal penalties, High-level waste, Nuclear materials, Nuclear power plants and reactors, Reporting and recordkeeping requirements, Waste treatment and disposal. 10 CFR Part 63 Criminal penalties, High-level waste, Nuclear power plants and reactors, Reporting and recordkeeping requirements, Waste treatment and disposal. 10 CFR Part 70 Criminal penalties, Hazardous materials transportation, Material control and accounting, Nuclear materials, Packaging and containers, Radiation protection, Reporting and recordkeeping requirements, Scientific equipment, Security measures, Special nuclear material. 10 CFR Part 71 Criminal penalties, Hazardous materials transportation, Nuclear materials, Packaging and containers, Reporting and recordkeeping requirements. 10 CFR Part 72 Administrative practice and procedure, Criminal penalties, Manpower training programs, Nuclear materials, Occupational safety and health, Penalties, Radiation protection, Reporting and recordkeeping requirements, Security measures, Spent fuel, Whistleblowing. 10 CFR Part 73 Criminal penalties, Export, Hazardous materials transportation, Import, Nuclear materials, Nuclear power plants and reactors, Reporting and recordkeeping requirements, Security measures. 10 CFR Part 76 Certification, Criminal penalties, Radiation protection, Reporting and record keeping requirements, Security measures, Special nuclear material, Uranium enrichment by gaseous diffusion. 10 CFR Part 150 Criminal penalties, Hazardous materials transportation, Intergovernmental relations, Nuclear materials, Reporting and recordkeeping requirements, Security measures, Source material, Special nuclear material. 0 For the reasons set out in the preamble and under the authority of the Atomic Energy Act of 1954, as amended; the Energy Reorganization Act of 1974, as amended; and 5 U.S.C. 552 and 553; the NRC is adopting the following amendments to 10 CFR Parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76 and 150. PART 2--RULES OF PRACTICE FOR DOMESTIC LICENSING PROCEEDINGS AND ISSUANCE OF ORDERS 0 1. The authority citation for part 2 is revised to read as follows: Authority: Secs. 161, 181, 68 Stat. 948, 953, as amended (42 U.S.C. 2201, 2231); sec. 191, as amended, Pub. L. 87-615, 76 Stat. 409 (42 U.S.C. 2241); sec. 201, 88 Stat. 1242, as amended (42 U.S.C. 5841); sec. 147, as amended, 94 Stat. 788 (42 U.S.C. 2167); sec. 149, as amended, 100 Stat. 853 (42 U.S.C. 2169); 5 U.S.C. 552; sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note). Section 2.101 also issued under secs. 53, 62, 63, 81, 103, 104, 105, 68 Stat. 930, 932, 933, 935, 936, 937, 938, as amended (42 U.S.C. 2073, 2092, 2093, 2111, 2133, 2134, 2135); sec. 114(f); Pub. L. 97-425, 96 Stat. 2213, as amended (42 U.S.C. 10143(f); sec. 102, Pub. L 91-190, 83 Stat. 853, as amended (42 U.S.C. 4332); sec. 301, 88 Stat. 1248 (42 U.S.C. 5871). Sections 2.102, 2.103, 2.104, 2.105, 2.321 also issued under secs. 102, 103, 104, 105, 183i, 189, 68 Stat. 936, 937, 938, 954, 955, as amended (42 U.S.C. 2132, 2133, 2134, 2135, 2233, 2239). Section 2.105 also issued under Pub. L. 97-415, 96 Stat. 2073 (42 U.S.C. 2239). Sections 2.200-2.206 also issued under secs. 161 b, i, o, 182, 186, 234, 68 Stat. 948-951, 955, 83 Stat. 444, as amended (42 U.S.C. 2201(b), (i), (o), 2236, 2282); sec. 206, 88 Stat. 1246 (42 U.S.C. 5846). Section 2.205(j) also issued under Pub. L. 101- 410, 104 Stat. 90, as amended by section 3100(s), Pub. L. 104-134, 110 Stat. 1321-373 (28 U.S.C. 2461 note). Subpart C also issued under sec. 189, 68 Stat. 955 (42 U.S.C. 2239). Section 2.301 also issued under 5 U.S.C. 554. Sections 2.343, 2.346, 2.712, also issued under 5 U.S.C. 557. Section 2.340 also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 2.390 also issued under sec. 103, 68 Stat. 936, as amended (42 U.S.C. 2133) and 5 U.S.C. 552. Sections 2.600-2.606 also issued under sec. 102, Pub. L. 91-190, 83 Stat. 853, as amended (42 U.S.C. 4332). Sections 2.800 and 2.808 also issued under 5 U.S.C. 553. Section 2.809 also issued under 5 U.S.C. 553, and sec. 29, Pub. L. 85-256, 71 Stat. 579, as amended (42 U.S.C. 2039). Subpart K also issued under sec. 189, 68 Stat. 955 (42 U.S.C. 2239); sec. 134, Pub. L. 97-425, 96 Stat. 2230 (42 U.S.C. 10154). Subpart L also issued under sec. 189, 68 Stat. 955 (42 U.S.C. 2239). Subpart M also issued under sec. 184 (42. U.S.C. 2234) and sec. 189, 68 Stat. 955 (42 U.S.C. 2239). Subpart N also issued under sec. 189, 68 Stat. 955 (42 U.S.C. 2239). Appendix A also issued under sec. 6, Pub. L. 91-560, 84 Stat. 1472 (42 U.S.C. 2135). 0 2. In Sec. 2.4, a new definition for Safeguards Information is added in alphabetical order to read as follows: Sec. 2.4 Definitions. * * * * * Safeguards Information means information not classified as National Security Information or Restricted Data [[Page 63567]] which specifically identifies a licensee's or applicant's detailed control and accounting procedures for the physical protection of special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; detailed security measures (including security plans, procedures, and equipment) for the physical protection of source, byproduct, or special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; security measures for the physical protection and location of certain plant equipment vital to the safety of production or utilization facilities; and any other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, the unauthorized disclosure of which, as determined by the Commission through order or regulation, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of source, byproduct, or special nuclear material. * * * * * 0 3. In Sec. 2.336, paragraph (f) is redesignated as paragraph (g), and a new paragraph (f) is added to read as follows: Sec. 2.336 General discovery. * * * * * (f)(1) In the event of a dispute over disclosure of documents and records including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act of 1954, as amended, the presiding officer may issue an order requiring disclosure if-- (i) The presiding officer finds that the individual seeking access to Safeguards Information to participate in an NRC adjudication has the requisite ''need to know'', as defined in 10 CFR 73.2; (ii) The individual has undergone an FBI criminal history records check, unless exempt under 10 CFR 73.22(b)(3) or 73.23(b)(3), as applicable, by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and otherwise following the procedures in 10 CFR 73.57(d) for submitting and processing fingerprints. However, before a final adverse determination by the NRC Office of Administration on an individual's criminal history records check is made, the individual shall be afforded the protections provided by 10 CFR 73.57; and (iii) The NRC Office of Administration has found, based upon a background check, that the individual is trustworthy and reliable, unless exempt under 10 CFR 73.22(b)(3) or 73.23(b)(3), as applicable. In addition to the protections provided by 10 CFR 73.57 for adverse determinations based on criminal history records checks, the Office of Administration must take the following actions before making a final adverse determination on an individual's background check for trustworthiness and reliability. The Office of Administration will: (A) For the purpose of assuring correct and complete information, provide to the individual any records, in addition to those required to be provided under 10 CFR 73.57(e)(1), that were considered in the trustworthiness and reliability determination; (B) Resolve any challenge by the individual to the completeness or accuracy of the records described in Sec. 2.336(f)(1)(iii)(A). The individual may make this challenge by submitting information and/or an explanation to the Office of Administration. The challenge must be submitted within 10 days of the distribution of the records described in Sec. 2.336(f)(1)(iii)(A), and the Office of Administration must promptly resolve any challenge. (iv) Individuals seeking access to Safeguards Information to participate in an NRC adjudication for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may submit a request to the Chief Administrative Judge for review of the adverse determination. Upon receiving such a request, the Chief Administrative Judge shall designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the designated officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The designated officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The designated officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination. (2) The presiding officer may include in an order any protective terms and conditions (including affidavits of nondisclosure) as may be necessary and appropriate to prevent the unauthorized disclosure of Safeguards Information. (3) When Safeguards Information protected from unauthorized disclosure under Section 147 of the Atomic Energy Act of 1954, as amended, is received and possessed by anyone other than the NRC staff, it must also be protected according to the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. (4) The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved. (5) In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of a provision for the protection of Safeguards Information from unauthorized disclosure that is contained in an order may be subject to a civil penalty imposed under Sec. 2.205. (6) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act of 1954, as amended, a provision for the protection of Safeguards Information from unauthorized disclosure that is contained in an order issued pursuant to this paragraph is considered to be issued under Section 161b of the Atomic Energy Act of 1954, as amended. (7) If a presiding officer has yet to be appointed, the authority to take the actions described in paragraphs (f)(1) to (f)(6) of this section resides in the officer with jurisdiction under Sec. 2.318(a). * * * * * 0 4. In Sec. 2.704, paragraph (f) is added to read as follows: Sec. 2.704 Discovery--required disclosures. * * * * * (f) Disclosure under this section of documents and records including [[Page 63568]] Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act of 1954, as amended, will be according to the provisions in Sec. 2.705(c)(3) through (c)(8). 0 5. In Sec. 2.705, paragraphs (c)(3) through (8) are added to read as follows: Sec. 2.705 Discovery-additional methods. * * * * * (c) * * * (3) In the case of documents and records including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act of 1954, as amended, the presiding officer may issue an order requiring disclosure if-- (i) The presiding officer finds that the individual seeking access to Safeguards Information in order to participate in an NRC proceeding has the requisite ``need to know,'' as defined in 10 CFR 73.2; (ii) The individual has undergone an FBI criminal history records check, unless exempt under 10 CFR 73.22(b)(3) or 73.23(b)(3), as applicable, by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and otherwise following the procedures in 10 CFR 73.57(d) for submitting and processing fingerprints. However, before a final adverse determination by the NRC Office of Administration on an individual's criminal history records check is made, the individual shall be afforded the protections provided by 10 CFR 73.57; and (iii) The NRC Office of Administration has found, based upon a background check, that the individual is trustworthy and reliable, unless exempt under 10 CFR 73.22(b)(3) or 73.23(b)(3), as applicable. In addition to the protections provided by 10 CFR 73.57 for adverse determinations based on criminal history records checks, the Office of Administration must take the following actions before making a final adverse determination on an individual's background check for trustworthiness and reliability. The Office of Administration will: (A) For the purpose of assuring correct and complete information, provide to the individual any records, in addition to those required to be provided under 10 CFR 73.57(e)(1), that were considered in the trustworthiness and reliability determination; (B) Resolve any challenge by the individual to the completeness or accuracy of the records described in Sec. 2.705(c)(3)(iii)(A). The individual may make this challenge by submitting information and/or an explanation to the Office of Administration. The challenge must be submitted within 10 days of the distribution of the records described in Sec. 2.705(c)(3)(iii)(A), and the Office of Administration must promptly resolve any challenge. (iv) Individuals seeking access to Safeguards Information to participate in an NRC adjudication for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may submit a request to the Chief Administrative Judge for review of the adverse determination. Upon receiving such a request, the Chief Administrative Judge shall designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the designated officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The designated officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The designated officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination. (4) The presiding officer may include in an order any protective terms and conditions (including affidavits of nondisclosure) as may be necessary and appropriate to prevent the unauthorized disclosure of Safeguards Information. (5) When Safeguards Information protected from unauthorized disclosure under Section 147 of the Atomic Energy Act of 1954, as amended, is received and possessed by anyone other than the NRC staff, it must also be protected according to the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. (6) The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved. (7) In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of a provision for the protection of Safeguards Information from unauthorized disclosure that is contained in an order may be subject to a civil penalty imposed under Sec. 2.205. (8) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act of 1954, as amended, a provision for the protection of Safeguards Information from unauthorized disclosure that is contained in an order issued pursuant to this paragraph is considered to be issued under Section 161b of the Atomic Energy Act of 1954, as amended. * * * * * 0 6. In Sec. 2.709, paragraph (f) is revised to read as follows: Sec. 2.709 Discovery against NRC staff. * * * * * (f)(1) In the case of requested documents and records including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act of 1954, as amended exempt from disclosure under Sec. 2.390, the presiding officer may issue an order requiring disclosure to the Executive Director for Operations or a delegee of the Executive Director for Operations, to produce the documents or records (or any other order issued ordering production of the document or records) if-- (i) The presiding officer finds that the individual seeking access to Safeguards Information to participate in an NRC adjudication has the requisite ``need to know,'' as defined in 10 CFR 73.2; (ii) The individual has undergone an FBI criminal history records check, unless exempt under 10 CFR 73.22(b)(3) or 73.23(b)(3), as applicable, by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and otherwise following the procedures in 10 CFR 73.57(d) for submitting and processing fingerprints. However, before a final adverse determination by the NRC Office of Administration on an individual's criminal history records check is made, the individual shall be afforded the protections provided by 10 CFR 73.57; and (iii) The NRC Office of Administration has found, based upon a background [[Page 63569]] check, that the individual is trustworthy and reliable, unless exempt under 10 CFR 73.22(b)(3) or 73.23(b)(3), as applicable. In addition to the protections provided by 10 CFR 73.57 for adverse determinations based on criminal history records checks, the Office of Administration must take the following actions before making a final adverse determination on an individual's background check for trustworthiness and reliability. The Office of Administration will: (A) For the purpose of assuring correct and complete information, provide to the individual any records, in addition to those required to be provided under 10 CFR 73.57(e)(1), that were considered in the trustworthiness and reliability determination; (B) Resolve any challenge by the individual to the completeness or accuracy of the records described in Sec. 2.709(f)(1)(iii)(A). The individual may make this challenge by submitting information and/or an explanation to the Office of Administration. The challenge must be submitted within 10 days of the distribution of the records described in Sec. 2.709(f)(1)(iii)(A), and the Office of Administration must promptly resolve any challenge. (iv) Individuals seeking access to Safeguards Information to participate in an NRC adjudication for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may submit a request to the Chief Administrative Judge for review of the adverse determination. Upon receiving such a request, the Chief Administrative Judge shall designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the designated officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The designated officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The designated officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination. (2) The presiding officer may include in an order any protective terms and conditions (including affidavits of nondisclosure) as may be necessary and appropriate to prevent the unauthorized disclosure of Safeguards Information. (3) When Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act of 1954, as amended, is received and possessed by anyone other than the NRC staff, it must also be protected according to the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. (4) The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved. (5) In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of a provision for the protection of Safeguards Information from unauthorized disclosure that is contained in an order may be subject to a civil penalty imposed under Sec. 2.205. (6) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act of 1954, as amended, a provision for the protection of Safeguards Information from unauthorized disclosure that is contained in an order issued pursuant to this paragraph is considered to be issued under Section 161b of the Atomic Energy Act of 1954, as amended. * * * * * 0 7. In Sec. 2.1003, paragraph (a)(4)(iii) is revised to read as follows: Sec. 2.1003 Availability of material. (a) * * * (4) * * * (iii) Which constitutes Safeguards Information under Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. * * * * * 0 8. In Sec. 2.1010, paragraph (b)(6) is revised to read as follows: Sec. 2.1010 Pre-License application presiding officer. * * * * * (b) * * * (6) Whether the material should be disclosed under a protective order containing such protective terms and conditions (including affidavits of nondisclosure) as may be necessary and appropriate to limit the disclosure to potential parties, interested governmental participants, and parties in the proceeding, or to their qualified witnesses and counsel. (i) The Pre-License Application Presiding Officer may issue an order requiring disclosure of Safeguards Information if-- (A) The Pre-License Application Presiding Officer finds that the individual seeking access to Safeguards Information in order to participate in an NRC adjudication has the requisite ``need to know,'' as defined in 10 CFR 73.2; (B) The individual has undergone an FBI criminal history records check, unless exempt under 10 CFR 73.22(b)(3) or 73.23(b)(3), as applicable, by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and otherwise following the procedures in 10 CFR 73.57(d) for submitting and processing fingerprints. However, before a final adverse determination by the NRC Office of Administration on an individual's criminal history records check is made, the individual shall be afforded the protections provided by 10 CFR 73.57; and (C) The NRC Office of Administration has found, based upon a background check, that the individual is trustworthy and reliable, unless exempt under 10 CFR 73.22(b)(3) or 73.23(b)(3), as applicable. In addition to the protections provided by 10 CFR 73.57 for adverse determinations based on criminal history records checks, the Office of Administration must take the following actions before making a final adverse determination on an individual's background check for trustworthiness and reliability. The Office of Administration will: (1) For the purpose of assuring correct and complete information, provide to the individual any records, in addition to those required to be provided under 10 CFR 73.57(e)(1), that were considered in the trustworthiness and reliability determination; (2) Resolve any challenge by the individual to the completeness or accuracy of the records described in Sec. 2.1010(b)(6)(i)(C)(1). The individual may make this challenge by submitting information and/or an explanation to the Office of Administration. The [[Page 63570]] challenge must be submitted within 10 days of the distribution of the records described in Sec. 2.1010(b)(6)(i)(C)(1), and the Office of Administration must promptly resolve any challenge. (D) Individuals seeking access to Safeguards Information to participate in an NRC adjudication for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may submit a request to the Chief Administrative Judge for review of the adverse determination. Upon receiving such a request, the Chief Administrative Judge shall designate an officer other than the Pre-License Application Presiding Officer to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the designated officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The designated officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The designated officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination. (ii) The Pre-License Application Presiding Officer may include in an order any protective terms and conditions (including affidavits of nondisclosure) as may be necessary and appropriate to prevent the unauthorized disclosure of Safeguards Information. (iii) When Safeguards Information, protected from disclosure under Section 147 of the Atomic Energy Act of 1954, as amended, is received and possessed by a potential party, interested government participant, or party, other than the NRC staff, it shall also be protected according to the requirements of Sec. 73.21 and the requirements of Sec. Sec. 73.22 or 73.23 of this chapter, as applicable. (iv) The Pre-License Application Presiding Officer may also prescribe such additional procedures as will effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved. (v) In addition to any other sanction that may be imposed by the Pre-License Application Presiding Officer for violation of a provision for the protection of Safeguards Information from unauthorized disclosure that is contained in an order, the entity in violation may be subject to a civil penalty imposed pursuant to Sec. 2.205. (vi) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act of 1954, as amended, a provision for the protection of Safeguards Information from unauthorized disclosure that is contained in an order issued pursuant to this paragraph is considered to be issued under Section 161b of the Atomic Energy Act of 1954, as amended. * * * * * 0 9. In Sec. 2.1018, paragraph (h) is added to read as follows: Sec. 2.1018 Discovery. * * * * * (h) Discovery under this section of documentary material including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act of 1954, as amended, will be according to the provisions in Sec. 2.1010(b)(6)(i) through (b)(6)(vi). PART 30--RULES OF GENERAL APPLICABILITY TO DOMESTIC LICENSING OF BYPRODUCT MATERIAL 0 10. The authority citation for part 30 is revised to read as follows: Authority: Secs. 81, 82, 161, 182, 183, 186, 68 Stat. 935, 948, 953, 954, 955, as amended, sec. 234, 83 Stat. 444, as amended (42 U.S.C. 2111, 2112, 2201, 2232, 2233, 2236, 2282); secs. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 549 (2005). Section 30.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat. 2951 as amended by Pub. L. 102-486, sec. 2902, 106 Stat. 3123, (42 U.S.C. 5851). Section 30.34(b) also issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234). Section 30.61 also issued under sec. 187, 68 Stat. 955 (42 U.S.C. 2237). 0 11. In Sec. 30.4, a new definition ``Quantities of Concern'' is added in alphabetical order to read as follows: Sec. 30.4 Definitions. * * * * * Quantities of Concern means the quantities of the radionuclides meeting or exceeding the threshold limits set forth in Table I-1 of Appendix I of part 73 of this chapter. * * * * * 0 12. In Sec. 30.32, paragraph (k) is added to read as follows: Sec. 30.32 Application for specific licenses. * * * * * (k) Each applicant for a license for byproduct material shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21, 73.22 and/or 73.23 of this chapter, as applicable. 0 13. In Sec. 30.34, paragraph (k) is added to read as follows: Sec. 30.34 Terms and conditions of licenses. * * * * * (k) Each licensee shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21 and 73.23 of this chapter, as applicable. PART 40--DOMESTIC LICENSING OF SOURCE MATERIAL 0 14. The authority citation for part 40 is revised to read as follows: Authority: Secs. 62, 63, 64, 65, 81, 161, 182, 183, 186, 68 Stat. 932, 933, 935, 948, 953, 954, 955, as amended, secs. 11e(2), 83, 84, Pub. L. 95-604, 92 Stat. 3033, as amended, 3039, sec. 234, 83 Stat. 444, as amended (42 U.S.C. 2014(e)(2), 2092, 2093, 2094, 2095, 2111, 2113, 2114, 2201, 2232, 2233, 2236, 2282); sec. 274, Pub. L. 86-373, 73 Stat. 688 (42 U.S.C. 2021); secs. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846); sec. 275, 92 Stat. 3021, as amended by Pub. L. 97-415, 96 Stat. 2067 (42 U.S.C. 2022); sec. 193, 104 Stat. 2835, as amended by Pub. L. 104-134, 110 Stat. 1321, 1321-349 (42 U.S.C. 2243); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-59, 119 Stat. 594 (2005). Section 40.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat. 2951 (42 U.S.C. 5851). Section 40.31(g) also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Section 40.46 also issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234). Section 40.71 also issued under sec. 187, 68 Stat. 955 (42 U.S.C. 2237). 0 15. In Sec. 40.31, paragraph (m) is added to read as follows: Sec. 40.31 Application for specific licenses. * * * * * (m) Each applicant for a license for the possession of source material at a facility for the production or conversion [[Page 63571]] of uranium hexafluoride shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21 and 73.22 of this chapter, as applicable. Each applicant for a license for source material shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. 0 16. In Sec. 40.41, paragraph (h) is added to read as follows: Sec. 40.41 Terms and conditions of licenses. * * * * * (h) Each licensee shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. PART 50--DOMESTIC LICENSING OF PRODUCTION AND UTILIZATION FACILITIES 0 17. The authority citation for part 50 is revised to read as follows: Authority: Secs. 102, 103, 104, 105, 161, 182, 183, 186, 189, 68 Stat. 936, 937, 938, 948, 953, 954, 955, 956, as amended, sec. 234, 83 Stat. 444, as amended (42 U.S.C. 2132, 2133, 2134, 2135, 2201, 2232, 2233, 2236, 2239, 2282); secs. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Section 50.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat. 2951 (42 U.S.C. 5841). Section 50.10 also issued under secs. 101, 185, 68 Stat. 955, as amended (42 U.S.C. 2131, 2235); sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332). Sections 50.13, 50.54(dd), and 50.103 also issued under sec. 108, 68 Stat. 939, as amended (42 U.S.C. 2138). Sections 50.23, 50.35, 50.55, and 50.56 also issued under sec. 185, 68 Stat. 955 (42 U.S.C. 2235). Sections 50.33a, 50.55a and Appendix Q also issued under sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332). Sections 50.34 and 50.54 also issued under sec. 204, 88 Stat. 1245 (42 U.S.C. 5844). Sections 50.58, 50.91, and 50.92 also issued under Pub. L. 97-415, 96 Stat. 2073 (42 U.S.C. 2239). Section 50.78 also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Sections 50.80-50.81 also issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234). Appendix F also issued under sec. 187, 68 Stat. 955 (42 U.S.C. 2237). 0 18. In Sec. 50.34, the section heading and paragraph (e) are revised to read as follows: Sec. 50.34 Contents of applications; technical information. * * * * * 0 (e) Each applicant for a license to operate a production or utilization facility shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements in Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. * * * * * 0 19. In Sec. 50.54, paragraph (v) is revised to read as follows: Sec. 50.54 Conditions of licenses. * * * * * (v) Each licensee subject to the requirements of Part 73 of this chapter shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements in Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. * * * * * PART 52-LICENSES, CERTIFICATIONS, AND APPROVALS FOR NUCLEAR POWER PLANTS 0 20. The authority citation for part 52 is revised to read as follows: Authority: Sec. 161, 68 Stat. 948, as amended, sec. 274, 73 Stat. 688 (42 U.S.C. 2201, 2021); sec. 201, 88 Stat. 1242, as amended (42 U.S.C. 5841); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Sections 150.3, 150.15, 150.15a, 150.31, 150.32 also issued under secs. 11e(2), 81, 68 Stat. 923, 935, as amended, secs. 83, 84, 92 Stat. 3033, 3039 (42 U.S.C. 2014e(2), 2111, 2113, 2114). Section 150.14 also issued under sec. 53, 68 Stat. 930, as amended (42 U.S.C. 2073). Section 150.15 also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 150.17a also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Section 150.30 also issued under sec. 234, 83 Stat. 444 (42 U.S.C. 2282). 0 21. In Sec. 52.17, paragraph (d) is added to read as follows: Sec. 52.17 Contents of applications; technical information. * * * * * (d) Each applicant for an early site permit under this part shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21 and 73.22 of this chapter, as applicable. 0 22. In Sec. 52.47, paragraph (d) is added to read as follows: Sec. 52.47 Contents of applications; technical information. * * * * * (d) Each applicant for a standard design certification under this part shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21 and 73.22 of this chapter, as applicable. 0 23. In Sec. 52.79, paragraph (f) is added to read as follows: Sec. 52.79 Contents of application; technical information in final safety analysis report. * * * * * (f) Each applicant for a combined license under this subpart shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. Sec. 73.21 and 73.22 of this chapter, as applicable. PART 60--DISPOSAL OF HIGH-LEVEL RADIOACTIVE WASTES IN GEOLOGIC REPOSITORIES 0 24. The authority citation for part 60 is revised to read as follows: Authority: Secs. 51, 53, 62, 63, 65, 81, 161, 182, 183, 68 Stat. 929, 930, 932, 933, 935, 948, 953, 954, as amended (42 U.S.C. 2071, 2073, 2092, 2093, 2095, 2111, 2201, 2232, 2233); secs. 202, 206, 88 Stat. 1244, 1246 (42 U.S.C. 5842, 5846); secs. 10 and 14, Pub. L. 95-601, 92 Stat. 2951 (42 U.S.C. 2021a and 5851); sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332); secs. 114, 121, Pub. L. 97- 425, 96 Stat. 2213g, 2228, as amended (42 U.S.C. 10134, 10141), and Pub. L. 102-486, sec. 2902, 106 Stat. 3123 (42 U.S.C. 5851); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). 0 25. In Sec. 60.21, paragraph (d) is added to read as follows: Sec. 60.21 Content of application. * * * * * (d) The applicant for a license to receive and possess source, special nuclear, and byproduct material at a geologic repository operations area sited, constructed, or operated in accordance with the Nuclear Waste Policy Act of 1982 shall protect Safeguards Information in accordance with the requirements in Sec. 73.21 and the requirements in Sec. 73.22 or Sec. 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable. 0 26. In Sec. 60.42, paragraph (d) is added to read as follows: Sec. 60.42 Conditions of license. * * * * * (d) The licensee (Department of Energy) shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements in Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. The licensee (Department of Energy) shall ensure that classified information is protected in [[Page 63572]] accordance with the requirements of parts 25 and 95 of this chapter, as applicable. PART 63--DISPOSAL OF HIGH-LEVEL RADIOACTIVE WASTES IN A GEOLOGIC REPOSITORY AT YUCCA MOUNTAIN, NEVADA 0 27. The authority citation for part 63 is revised to read as follows: Authority: Secs. 51, 53, 62, 63, 65, 81, 161, 182, 183, 68 Stat. 929, 930, 932, 933, 935, 948, 953, 954, as amended (42 U.S.C. 2071, 2073, 2092, 2093, 2095, 2111, 2201, 2232, 2233); secs. 202, 206, 88 Stat. 1244, 1246 (42 U.S.C. 5842, 5846); secs. 10 and 14, Pub. L. 95-601, 92 Stat. 2951 (42 U.S.C. 2021a and 5851); sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332); secs. 114, 121, Pub. L. 97- 425, 96 Stat. 2213g, 2238, as amended (42 U.S.C. 10134, 10141), and Pub. L. 102-486, sec. 2902, 106 Stat. 3123 (42 U.S.C. 5851); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). 0 28. In Sec. 63.21, paragraph (d) is added to read as follows: Sec. 63.21 Content of application. * * * * * (d) The applicant for a license to receive and possess source, special nuclear, and byproduct material at a geologic repository at Yucca Mountain, Nevada, shall protect Safeguards Information in accordance with the requirements in Sec. 73.21, and the requirements in Sec. 73.22, or Sec. 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable. 0 29. In Sec. 63.42, paragraph (e) is added to read as follows: Sec. 63.42 Conditions of license. * * * * * (e) The licensee (Department of Energy) shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. 73.21, and the requirements in Sec. 73.22, or Sec. 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable. PART 70--DOMESTIC LICENSING OF SPECIAL NUCLEAR MATERIAL 0 30. The authority citation for part 70 is revised to read as follows: Authority: Secs. 51, 53, 161, 182, 183, 68 Stat. 929, 930, 948, 953, 954, as amended, sec. 234, 83 Stat. 444, as amended, (42 U.S.C. 2071, 2073, 2201, 2232, 2233, 2282, 2297f); secs. 201, as amended, 202, 204, 206, 88 Stat. 1242, as amended, 1244, 1245, 1246 (42 U.S.C. 5841, 5842, 5845, 5846). Sec. 193, 104 Stat. 2835 as amended by Pub. L. 104-134, 110 Stat. 1321, 1321-349 (42 U.S.C. 2243); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Sections 70.1(c) and 70.20a(b) also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 70.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat. 2951 (42 U.S.C. 5851). Section 70.21(g) also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Section 70.31 also issued under sec. 57d, Pub. L. 93-377, 88 Stat. 475 (42 U.S.C. 2077). Sections 70.36 and 70.44 also issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234). Section 70.81 also issued under secs. 186, 187, 68 Stat. 955 (42 U.S.C. 2236, 2237). Section 70.82 also issued under sec. 108, 68 Stat. 939, as amended (42 U.S.C. 2138). 0 31. In Sec. 70.22, paragraph (l) is revised to read as follows: Sec. 70.22 Contents of applications. * * * * * (l) Each applicant for a license shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22, or 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable. * * * * * 0 32. In Sec. 70.32, paragraph (j) is revised to read as follows: Sec. 70.32 Conditions of licenses. * * * * * (j) Each licensee who possesses special nuclear material, or who transports, or delivers to a carrier for transport, a formula quantity of strategic special nuclear material, special nuclear material of moderate strategic significance, or special nuclear material of low strategic significance, or more than 100 grams of irradiated reactor fuel shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable. * * * * * PART 71--PACKAGING AND TRANSPORTATION OF RADIOACTIVE MATERIAL 0 33. The authority citation for part 71 is revised to read as follows: Authority: Secs. 53, 57, 62, 63, 81, 161, 182, 183, 68 Stat. 930, 932, 933, 935, 948, 953, 954, as amended, sec. 1701, 106 Stat. 2951, 2952, 2953 (42 U.S.C. 2073, 2077, 2092, 2093, 2111, 2201, 2232, 2233, 2297f); secs. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Section 71.97 also issued under sec. 301, Pub. L. 96-295, 94 Stat. 789-790. 0 34. Section 71.11 is added to read as follows: Sec. 71.11 Protection of Safeguards Information. Each licensee, certificate holder, or applicant for a Certificate of Compliance for a transportation package for transport of irradiated reactor fuel, strategic special nuclear material, a critical mass of special nuclear material, or byproduct material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security, shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. PART 72--LICENSING REQUIREMENTS FOR THE INDEPENDENT STORAGE OF SPENT NUCLEAR FUEL, HIGH-LEVEL RADIOACTIVE WASTE, AND REACTOR- RELATED GREATER THAN CLASS C WASTE 0 35. The authority citation for part 72 is revised to read as follows: Authority: Secs. 51, 53, 57, 62, 63, 65, 69, 81, 161, 182, 183, 184, 186, 187, 189, 68 Stat. 929, 930, 932, 933, 934, 935, 948, 953, 954, 955, as amended, sec. 234, 83 Stat. 444, as amended (42 U.S.C. 2071, 2073, 2077, 2092, 2093, 2095, 2099, 2111, 2201, 2232, 2233, 2234, 2236, 2237, 2238, 2282); sec. 274, Pub. L. 86-373, 73 Stat. 688, as amended (42 U.S.C. 2021); sec. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846); Pub. L. 95-601, sec. 10, 92 Stat. 2951 as amended by Pub. L. 102- 486, sec. 7902, 106 Stat. 3123 (42 U.S.C. 5851); sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332); secs. 131, 132, 133, 135, 137, 141, Pub. L. 97-425, 96 Stat. 2229, 2230, 2232, 2241, sec. 148, Pub. L. 100-203, 101 Stat. 1330-235 (42 U.S.C. 10151, 10152, 10153, 10155, 10157, 10161, 10168); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 549 (2005). Section 72.44(g) also issued under secs. 142(b) and 148(c), (d), Pub. L. 100-203, 101 Stat. 1330-232, 1330-236 (42 U.S.C. 10162(b), 10168(c), (d)). Section 72.46 also issued under sec. 189, 68 Stat. 955 (42 U.S.C. 2239); sec. 134, Pub. L. 97-425, 96 Stat. 2230 (42 U.S.C. 10154). Section 72.96(d) also issued under sec. 145(g), Pub. L. 100-203, [[Page 63573]] 101 Stat. 1330-235 (42 U.S.C. 10165(g)). Subpart J also issued under secs. 2(2), 2(15), 2(19), 117(a), 141(h), Pub. L. 97-425, 96 Stat. 2202, 2203, 2204, 2222, 2224 (42 U.S.C. 10101, 10137(a), 10161(h)). Subparts K and L are also issued under sec. 133, 98 Stat. 2230 (42 U.S.C. 10153) and sec. 218(a), 96 Stat. 2252 (42 U.S.C. 10198). 0 36. In Sec. 72.22, paragraph (f) is added to read as follows: Sec. 72.22 Contents of application: General and financial information. * * * * * (f) Each applicant for a license under this part to receive, transfer, and possess power reactor spent fuel, power reactor-related Greater than Class C (GTCC) waste, and other radioactive materials associated with spent fuel storage in an independent spent fuel storage installation (ISFSI) shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23, as applicable. 0 37. In Sec. 72.44, paragraph (h) is added to read as follows: Sec. 72.44 License conditions. * * * * * (h) Each licensee shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23, as applicable. 0 38. In Sec. 72.212, paragraph (b)(5)(v) is redesignated as (b)(5)(vi) and a new paragraph (b)(5)(v) is added to read as follows: Sec. 72.212 Conditions of general license issued under Sec. 72.210. * * * * * (b) * * * (5) * * * (v) Each general licensee that receives and possesses power reactor spent fuel and other radioactive materials associated with spent fuel storage shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. * * * * * 0 39. In Sec. 72.236, paragraph (n) is added to read as follows: Sec. 72.236 Specific requirements for spent fuel storage cask approval and fabrication. * * * * * (n) Safeguards Information shall be protected against unauthorized disclosure in accordance with the requirements of Sec. 73.21 and the requirements of Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. PART 73--PHYSICAL PROTECTION OF PLANTS AND MATERIALS 0 40. The authority citation for part 73 continues to read as follows: Authority: Secs. 53, 161, 149, 68 Stat. 930, 948, as amended, sec. 147, 94 Stat. 780 (42 U.S.C. 2073, 2167, 2169, 2201); sec. 201, as amended, 204, 88 Stat. 1242, as amended, 1245, sec. 1701, 106 Stat. 2951, 2952, 2953 (42 U.S.C. 5841, 5844, 2297f); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. 109-58, 119 Stat. 594 (2005). Section 73.1 also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C, 10155, 10161). Section 73.37(f) also issued under sec. 301, Pub. L. 96-295, 94 Stat. 789 (42 U.S.C. 5841 note). Section 73.57 is issued under sec. 606, Pub. L. 99-399, 100 Stat. 876 (42 U.S.C. 2169). 0 41. In Sec. 73.1, paragraph (b)(7) is revised to read as follows: Sec. 73.1 Purpose and scope. * * * * * (b) * * * (7) This part prescribes requirements for the protection of Safeguards Information (including Safeguards Information with the designation or marking: Safeguards Information--Modified Handling) in the hands of any person, whether or not a licensee of the Commission, who produces, receives, or acquires that information. * * * * * 0 42. In Sec. 73.2, new definitions Background Check, Individual Authorized Access to Safeguards Information, Individual Authorized Access to Safeguards Information--Modified Handling, Quantities of Concern, Safeguards Information--Modified Handling, and Trustworthiness and Reliability, are added in alphabetical order and the definitions of ``Need to know'' and Safeguards Information are revised to read as follows: Sec. 73.2 Definitions. * * * * * Background check includes, at a minimum, a Federal Bureau of Investigation (FBI) criminal history records check (including verification of identity based on fingerprinting), employment history, education, and personal references. Individuals engaged in activities subject to regulation by the Commission, applicants for licenses to engage in Commission-regulated activities, and individuals who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission are required under Sec. 73.57 to conduct fingerprinting and criminal history records checks before granting access to Safeguards Information. A background check must be sufficient to support the trustworthiness and reliability determination so that the person performing the check and the Commission have assurance that granting individuals access to Safeguards Information does not constitute an unreasonable risk to the public health and safety or the common defense and security. * * * * * Individual Authorized Access to Safeguards Information is an individual authorized to have access to and handle such information pursuant to the requirements of Sec. Sec. 73.21 and 73.22 of this part. Individual Authorized Access to Safeguards Information--Modified Handling is an individual authorized to have access to and handle Safeguards Information designated as Safeguards Information--Modified Handling information pursuant to the requirements of Sec. Sec. 73.21 and 73.23 of this part. * * * * * ``Need to know'' means a determination by a person having responsibility for protecting Safeguards Information (including Safeguards Information designated as Safeguards Information--Modified Handling) that a proposed recipient's access to Safeguards Information is necessary in the performance of official, contractual, licensee, applicant, or certificate holder employment. In an adjudication, ``need to know'' means a determination by the originator of the information that the information is necessary to enable the proposed recipient to proffer and/or adjudicate a specific contention in that proceeding, and the proposed recipient of the specific Safeguards Information possesses demonstrable knowledge, skill, training, or education to effectively utilize the specific Safeguards Information in the proceeding. Where the information is in the possession of the originator and the NRC staff (dual possession), whether in its original form or incorporated into another document or other matter by the recipient, the NRC staff makes the determination. In the event of a dispute regarding the ``need to know'' determination, the presiding officer of the proceeding shall make the ``need to know'' determination. * * * * * [[Page 63574]] Quantities of Concern means the quantities of the radionuclides meeting or exceeding the threshold limits set forth in Table I-1 of Appendix I of this part. * * * * * Safeguards Information means information not classified as National Security Information or Restricted Data which specifically identifies a licensee's or applicant's detailed control and accounting procedures for the physical protection of special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; detailed security measures (including security plans, procedures, and equipment) for the physical protection of source, byproduct, or special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; security measures for the physical protection of and location of certain plant equipment vital to the safety of production or utilization facilities; and any other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, the unauthorized disclosure of which, as determined by the Commission through order or regulation, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of source, byproduct, or special nuclear material. Safeguards Information--Modified Handling is the designation or marking applied to Safeguards Information which the Commission has determined requires handling requirements modified from the specific Safeguards Information handling requirements that are applicable to Safeguards Information needing a higher level of protection. * * * * * Trustworthiness and reliability are characteristics of an individual considered dependable in judgment, character, and performance, such that disclosure of Safeguards Information (including Safeguards Information designated as Safeguards Information--Modified Handling) to that individual does not constitute an unreasonable risk to the public health and safety or common defense and security. A determination of trustworthiness and reliability for this purpose is based upon a background check. * * * * * 0 43. Section 73.8(b) is revised to read as follows: Sec. 73.8 Information collection requirements: OMB approval. * * * * * (b) The approved information collection requirements contained in this part appear in Sec. Sec. 73.5, 73.20, 73.21, 73.22, 73.23, 73.24, 73.25, 73.26, 73.27, 73.37, 73.40, 73.45, 73.46, 73.50, 73.55, 73.56, 73.57, 73.60, 73.67, 73.70, 73.71, 73.72, 73.73, 73.74, and appendices B, C, and G. * * * * * 0 44. Section 73.21 is revised to read as follows: Sec. 73.21 Protection of Safeguards Information: Performance Requirements. (a) General performance requirement. (1) Each licensee, certificate holder, applicant, or other person who produces, receives, or acquires Safeguards Information (including Safeguards Information with the designation or marking: Safeguards Information--Modified Handling) shall ensure that it is protected against unauthorized disclosure. To meet this general performance requirement, such licensees, certificate holders, applicants, or other persons subject to this section shall: (i) Establish, implement, and maintain an information protection system that includes the applicable measures for Safeguards Information specified in Sec. 73.22 related to: Power reactors; a formula quantity of strategic special nuclear material; transportation of or delivery to a carrier for transportation of a formula quantity of strategic special nuclear material or more than 100 grams of irradiated reactor fuel; uranium hexafluoride production or conversion facilities; fuel fabrication facilities; uranium enrichment facilities; independent spent fuel storage installations; and geologic repository operations areas. (ii) Establish, implement, and maintain an information protection system that includes the applicable measures for Safeguards Information specified in Sec. 73.23 related to: Panoramic and underwater irradiators that possess greater than 370 TBq (10,000 Ci) of byproduct material in the form of sealed sources; manufacturers and distributors of items containing source material, or byproduct or special nuclear material in greater than or equal to Category 2 quantities of concern; research and test reactors that possess special nuclear material of moderate strategic significance or special nuclear material of low strategic significance; and transportation of source, byproduct, or special nuclear material in greater than or equal to Category 1 quantities of concern. (iii) Protect the information in accordance with the requirements of Sec. 73.22 if the Safeguards Information is not described in paragraphs (a)(1)(i) and (a)(1)(ii) of this section. (2) Information protection procedures employed by Federal, State, and local law enforcement agencies are presumed to meet the general performance requirement in Sec. 73.21(a)(1). (b) Commission Authority. (1) Pursuant to Section 147 of the Atomic Energy Act of 1954, as amended, the Commission may impose, by order or regulation, Safeguards Information protection requirements different from or in addition to those specified in this Part on any person who produces, receives, or acquires Safeguards Information. (2) The Commission may require, by regulation or order, that information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, related to facilities or materials not specifically described in Sec. Sec. 73.21, 73.22 or 73.23 be protected under this Part. 0 45. Section 73.22 is added to read as follows: Sec. 73.22 Protection of Safeguards Information: Specific Requirements. This section contains specific requirements for the protection of Safeguards Information in the hands of any person subject to the requirements of Sec. 73.21(a)(1)(i) and related to power reactors; a formula quantity of strategic special nuclear material; transportation of or delivery to a carrier for transportation of a formula quantity of strategic special nuclear material or more than 100 grams of irradiated reactor fuel; uranium hexafluoride production or conversion facilities, fuel fabrication facilities, and uranium enrichment facilities; independent spent fuel storage installations; geologic repository operations areas and Safeguards Information in the hands of any person subject to the requirements of Sec. 73.21(a)(1)(iii). (a) Information to be protected. The types of information and documents that must be protected as Safeguards Information include non- public security-related requirements such as: (1) Physical Protection. Information not classified as Restricted Data or National Security Information related to physical protection, including: (i) The composite physical security plan for the facility or site; (ii) Site-specific drawings, diagrams, sketches, or maps that substantially represent the final design features of the [[Page 63575]] physical security system not easily discernible by members of the public; (iii) Alarm system layouts showing the location of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power sources for security equipment, and duress alarms not easily discernible by members of the public; (iv) Physical security orders and procedures issued by the licensee for members of the security organization detailing duress codes, patrol routes and schedules, or responses to security contingency events; (v) Site-specific design features of plant security communications systems; (vi) Lock combinations, mechanical key design, or passwords integral to the physical security system; (vii) Documents and other matter that contain lists or locations of certain safety-related equipment explicitly identified in the documents or other matter as vital for purposes of physical protection, as contained in security plans, contingency measures, or plant specific safeguards analyses; (viii) The composite safeguards contingency plan/measures for the facility or site; (ix) The composite facility guard qualification and training plan/ measures disclosing features of the physical security system or response procedures; (x) Information relating to on-site or off-site response forces, including size, armament of response forces, and arrival times of such forces committed to respond to security contingency events; (xi) The adversary characteristics document and related information, including implementing guidance associated with the Design Basis Threat in Sec. 73.1(a)(1) or (a)(2); and (xii) Engineering and safety analyses, security-related procedures or scenarios, and other information revealing site-specific details of the facility or materials if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material. (2) Physical protection in transit. Information not classified as Restricted Data or National Security Information related to the transportation of, or delivery to a carrier for transportation of a formula quantity of strategic special nuclear material or more than 100 grams of irradiated reactor fuel, including: (i) The composite physical security plan for transportation; (ii) Schedules and itineraries for specific shipments of source material, byproduct material, high-level nuclear waste, or irradiated reactor fuel. Schedules for shipments of source material, byproduct material, high-level nuclear waste, or irradiated reactor fuel are no longer controlled as Safeguards Information 10 days after the last shipment of a current series; (iii) Vehicle immobilization features, intrusion alarm devices, and communications systems; (iv) Arrangements with and capabilities of local police response forces, and locations of safe havens identified along the transportation route; (v) Limitations of communications during transport; (vi) Procedures for response to security contingency events; (vii) Information concerning the tactics and capabilities required to defend against attempted sabotage, or theft and diversion of formula quantities of special nuclear material, irradiated reactor fuel, or related information; and (viii) Engineering or safety analyses, security-related procedures or scenarios and other information related to the protection of the transported material if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material. (3) Inspections, audits and evaluations. Information not classified as National Security Information or Restricted Data pertaining to safeguards and security inspections and reports, including: (i) Portions of inspection reports, evaluations, audits, or investigations that contain details of a licensee's or applicant's physical security system or that disclose uncorrected defects, weaknesses, or vulnerabilities in the system. Disclosure of corrected defects, weaknesses, or vulnerabilities is subject to an assessment taking into account such factors as trending analyses and the impacts of disclosure on licensees having similar physical security systems; and (ii) Reports of investigations containing general information may be released after corrective actions have been completed, unless withheld pursuant to other authorities, e.g., the Freedom of Information Act (5 U.S.C. 552). (4) Correspondence. Portions of correspondence insofar as they contain Safeguards Information as set forth in paragraphs (a)(1) through (a)(3) of this section. (5) Other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, that the Commission determines by order or regulation could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material or a facility. (b) Conditions for access. (1) Except as the Commission may otherwise authorize, no person may have access to Safeguards Information unless the person has an established ``need to know'' for the information and has undergone a Federal Bureau of Investigation (FBI) criminal history records check using the procedures set forth in Sec. 73.57. (2) In addition, a person to be granted access to Safeguards Information must be trustworthy and reliable, based on a background check or other means approved by the Commission. (3) The categories of individuals specified in 10 CFR 73.59 are exempt from the criminal history records check and background check requirements in paragraphs (b)(1) and (b)(2) of this section by virtue of their occupational status. (4) For persons participating in an NRC adjudicatory proceeding, the ``need to know'' determination shall be made by the originator of the Safeguards Information upon receipt of a request for access to the Safeguards Information. Where the information is in the possession of the originator and the NRC staff, whether in its original form or incorporated into another document or other matter by the recipient, the NRC staff shall make the determination. In the event of a dispute regarding the ``need to know'' determination, the presiding officer of the proceeding shall determine whether the ``need to know'' findings in Sec. 73.2 can be made. (5) Except as the Commission may otherwise authorize, no person may disclose Safeguards Information to any other person except as set forth in this section. (c) Protection while in use or storage. (1) While in use, matter containing Safeguards Information must be under the control of an individual authorized access to Safeguards Information. This requirement is satisfied if the [[Page 63576]] Safeguards Information is attended by such an individual even though the information is in fact not constantly being used. Safeguards Information within alarm stations, or rooms continuously occupied by authorized individuals need not be stored in a locked security storage container. (2) While unattended, Safeguards Information must be stored in a locked security storage container. The container shall not identify the contents of the matter contained and must preclude access by individuals not authorized access in accordance with the provisions of this section. Knowledge of lock combinations protecting Safeguards Information must be limited to a minimum number of personnel for operating purposes who have a ``need to know'' and are otherwise authorized access to Safeguards Information in accordance with the provisions of this Part. Access to lock combinations must be strictly controlled so as to prevent disclosure to an individual not authorized access to Safeguards Information. (d) Preparation and marking of documents or other matter. (1) Each document or other matter that contains Safeguards Information as described in Sec. 73.21(a)(1)(i) and this section must be marked to indicate the presence of such information in a conspicuous manner on the top and bottom of each page. The first page of the document or other matter must also contain: (i) The name, title, and organization of the individual authorized to make a Safeguards Information determination, and who has determined that the document or other matter contains Safeguards Information; (ii) The date the determination was made; and (iii) An indication that unauthorized disclosure will be subject to civil and criminal sanctions. (2) In addition to the markings at the top and bottom of each page, any transmittal letters or memoranda to or from the NRC which do not in themselves contain Safeguards Information shall be marked to indicate that attachments or enclosures contain Safeguards Information but that the transmittal document or other matter does not (i.e., ``When separated from Safeguards Information enclosure(s), this document is decontrolled provided the transmittal document does not otherwise warrant protection from unauthorized disclosure''). (3) Any transmittal document or other matter forwarding Safeguards Information must alert the recipient that protected information is enclosed. Certification that a document or other matter contains Safeguards Information must include the name and title of the certifying official and date designated. Portion marking is required only for correspondence to and from the NRC (i.e., cover letters, but not attachments) that contains Safeguards Information. The portion marking must be sufficient to allow the recipient to identify and distinguish those sections of the transmittal document or other information containing the Safeguards Information from non-Safeguards Information. (4) Marking of documents or other matter containing or transmitting Safeguards Information shall, at a minimum include the words ``Safeguards Information'' to ensure identification of protected information for the protection of facilities and material covered by Sec. 73.22. (e) Reproduction of matter containing Safeguards Information. Safeguards Information may be reproduced to the minimum extent necessary consistent with need without permission of the originator. Equipment used to reproduce Safeguards Information must be evaluated to ensure that unauthorized individuals cannot access Safeguards Information (e.g., unauthorized individuals cannot access Safeguards Information by gaining access to retained memory or network connectivity). (f) External transmission of documents and material. (1) Documents or other matter containing Safeguards Information, when transmitted outside an authorized place of use or storage, must be packaged in two sealed envelopes or wrappers to preclude disclosure of the presence of protected information. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words ``Safeguards Information.'' The outer envelope or wrapper must be opaque, addressed to the intended recipient, must contain the address of the sender, and may not bear any markings or indication that the document or other matter contains Safeguards Information. (2) Safeguards Information may be transported by any commercial delivery company that provides service with computer tracking features, U.S. first class, registered, express, or certified mail, or by any individual authorized access pursuant to these requirements. (3) Except under emergency or extraordinary conditions, Safeguards Information shall be transmitted outside an authorized place of use or storage only by NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or electronic mail through the internet, provided that the information is encrypted by a method (Federal Information Processing Standard [FIPS] 140-2 or later) approved by the appropriate NRC Office; the information is produced by a self contained secure automatic data process system; and transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission. Physical security events required to be reported pursuant to Sec. 73.71 are considered to be extraordinary conditions. (g) Processing of Safeguards Information on electronic systems. (1) Safeguards Information may be stored, processed or produced on a stand-alone computer (or computer system) for processing of Safeguards Information. ``Stand-alone'' means a computer or computer system to which access is limited to individuals authorized access to Safeguards Information. A stand-alone computer or computer system shall not be physically or in any other way connected to a network accessible by users who are not authorized access to Safeguards Information. (2) Each computer not located within an approved and lockable security storage container that is used to process Safeguards Information must have a removable storage medium with a bootable operating system. The bootable operating system must be used to load and initialize the computer. The removable storage medium must also contain the software application programs. Data may be saved on either the removable storage medium that is used to boot the operating system, or on a different removable storage medium. The removable storage medium must be secured in a locked security storage container when not in use. (3) A mobile device (such as a laptop computer) may also be used for the processing of Safeguards Information provided the device is secured in a locked security storage container when not in use. Other systems may be used if approved for security by the appropriate NRC office. (4) Any electronic system that has been used for storage, processing or production of Safeguards Information must be free of recoverable Safeguards Information prior to being returned to nonexclusive use. [[Page 63577]] (h) Removal from Safeguards Information category. Documents or other matter originally containing Safeguards Information must be removed from the Safeguards Information category at such time as the information no longer meets the criteria contained in this part. Care must be exercised to ensure that any document or other matter decontrolled not disclose Safeguards Information in some other form or be combined with other unprotected information to disclose Safeguards Information. The authority to determine that a document or other matter may be decontrolled will only be exercised by the NRC, with NRC approval, or in consultation with the individual or organization that made the original determination. (i) Destruction of matter containing Safeguards Information. Documents or other matter containing Safeguards Information shall be destroyed when no longer needed. The information can be destroyed by burning, shredding or any other method that precludes reconstruction by means available to the public at large. Piece sizes no wider than one quarter inch composed of several pages or documents and thoroughly mixed are considered completely destroyed. 0 46. Section 73.23 is added to read as follows: Sec. 73.23 Protection of Safeguards Information--Modified Handling: Specific Requirements. This section contains specific requirements for the protection of Safeguards Information in the hands of any person subject to the requirements of Sec. 73.21(a)(1)(ii) and related to panoramic and underwater irradiators that possess greater than 370 TBq (10,000 Ci) of byproduct material in the form of sealed sources; manufacturers and distributors of items containing source material, or byproduct or special nuclear material in greater than or equal to Category 2 quantities of concern; transportation of more than 1000 Tbq (27,000 Ci) but less than or equal to 100 grams of spent nuclear fuel; research and test reactors that possess special nuclear material of moderate strategic significance or special nuclear material of low strategic significance; and transportation of source, byproduct, or special nuclear material in greater than or equal to Category 1 quantities of concern. The requirements of this section distinguish Safeguards Information requiring modified handling requirements (SGI-M) from the specific Safeguards Information handling requirements applicable to facilities and materials needing a higher level of protection, as set forth in Sec. 73.22. (a) Information to be protected. The types of information and documents that must be protected as Safeguards Information--Modified Handling include non-public security-related requirements such as protective measures, interim compensatory measures, additional security measures, and the following, as applicable: (1) Physical Protection. Information not classified as Restricted Data or National Security Information related to physical protection, including: (i) The composite physical security plan for the facility or site; (ii) Site specific drawings, diagrams, sketches, or maps that substantially represent the final design features of the physical security system not easily discernible by members of the public; (iii) Alarm system layouts showing the location of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power sources for security equipment, and duress alarms not easily discernible by members of the public; (iv) Physical security orders and procedures issued by the licensee for members of the security organization detailing duress codes, patrol routes and schedules, or responses to security contingency events; (v) Site specific design features of plant security communications systems; (vi) Lock combinations, mechanical key design, or passwords integral to the physical security system; (vii) The composite facility guard qualification and training plan/ measures disclosing features of the physical security system or response procedures; (viii) Descriptions of security activities which disclose features of the physical security system or response measures; (ix) Information relating to onsite or offsite response forces, including size, armament of the response forces, and arrival times of such forces committed to respond to security contingency events; and (x) Engineering and safety analyses, security-related procedures or scenarios, and other information revealing site-specific details of the facility or materials if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material. (2) Physical protection in transit. Information not classified as Restricted Data or National Security Information related to the physical protection of shipments of more than 1000 Tbq (27,000 Ci) but less than or equal to 100 grams of spent nuclear fuel, source material and byproduct material in Category 1 quantities of concern, and special nuclear material in less than a formula quantity (except for those materials covered under Sec. 73.22), including: (i) Information regarding transportation security measures, including physical security plans and procedures, immobilization devices, and escort requirements, more detailed than NRC regulations; (ii) Scheduling and itinerary information for shipments (scheduling and itinerary information for shipments that are inherently self- disclosing, such as a shipment that created extensive news coverage or an announcement by a public official confirming receipt, may be decontrolled after shipment departure). Scheduling and itinerary information for shipments that are not inherently self-disclosing may be decontrolled 2 days after the shipment is completed. Scheduling and itinerary information used for the purpose of preplanning, coordination, and advance notification may be shared with others on a ``need to know'' basis and need not be designated as Safeguards Information-Modified Handling); (iii) Arrangements with and capabilities of local police response forces, and locations of safe havens identified along the transportation route; (iv) Details of alarm and communication systems, communication procedures, and duress codes; (v) Procedures for response to security contingency events; and (vi) Engineering or safety analyses, security-related procedures or scenarios and other information related to the protection of the transported material if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material. (3) Inspections, audits and evaluations. Information not classified as National Security Information or Restricted Data pertaining to safeguards and security inspections and reports, including: [[Page 63578]] (i) Portions of inspection reports, evaluations, audits, or investigations that contain details of a licensee's or applicant's physical security system or that disclose uncorrected defects, weaknesses, or vulnerabilities in the system. Disclosure of corrected defects, weaknesses, or vulnerabilities is subject to an assessment taking into account such factors as trending analyses and the impacts of disclosure on licensees having similar physical security systems; and (ii) Reports of investigations containing general information may be released after the corrective actions have been completed, unless withheld pursuant to other authorities, e.g., the Freedom of Information Act (5 U.S.C. 552). (4) Correspondence. Portions of correspondence insofar as they contain Safeguards Information designated as Safeguards Information- Modified Handling, as set forth in paragraphs (a)(1) through (a)(3) of this section. (5) Other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, that the Commission determines by order or regulation could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material or a facility. (b) Conditions for access. (1) Except as the Commission may otherwise authorize, no person may have access to Safeguards Information designated as Safeguards Information-Modified Handling unless the person has an established ``need to know'' for the information and has undergone a Federal Bureau of Investigation criminal history records check using the procedures set forth in Sec. 73.57. (2) In addition, a person to be granted access to Safeguards Information must be trustworthy and reliable, based on a background check or other means approved by the Commission. (3) The categories of individuals specified in 10 CFR 73.59 are exempt from the criminal history records check and background check requirements in paragraphs (b)(1) and (b)(2) of this section by virtue of their occupational status: (4) For persons participating in an NRC adjudicatory proceeding, the ``need to know'' determination shall be made by the originator of the Safeguards Information designated as Safeguards Information- Modified Handling upon receipt of a request for access to the Safeguards Information designated as Safeguards Information-Modified Handling. Where the information is in the possession of the originator and the NRC staff, whether in its original form or incorporated into another document or other matter by the recipient, the NRC staff shall make the determination. In the event of a dispute regarding the ``need to know'' determination, the presiding officer of the proceeding shall determine whether the ``need to know'' findings in Sec. 73.2 can be made. (5) Except as the Commission may otherwise authorize, no person may disclose Safeguards Information designated as Safeguards Information- Modified Handling to any other person except as set forth in this section. (c) Protection while in use or storage. (1) While in use, matter containing Safeguards Information designated as Safeguards Information-Modified Handling must be under the control of an individual authorized access to such information. This requirement is satisfied if the Safeguards Information designated as Safeguards Information-Modified Handling is attended by such an individual even though the information is in fact not constantly being used. Safeguards Information designated as Safeguards Information- Modified Handling within alarm stations, or rooms continuously occupied by authorized individuals, need not be locked in a file drawer or cabinet. (2) While unattended, Safeguards Information designated as Safeguards Information-Modified Handling must be stored in a locked file drawer or cabinet. The container shall not identify the contents of the matter contained and must preclude access by individuals not authorized access in accordance with the provisions of this section. Knowledge of lock combinations or access to keys protecting Safeguards Information designated as Safeguards Information-Modified Handling must be limited to a minimum number of personnel for operating purposes who have a ``need to know'' and are otherwise authorized access to Safeguards Information in accordance with the provisions of this Part. Access to lock combinations must be strictly controlled so as to prevent disclosure to an individual not authorized access to Safeguards Information designated as Safeguards Information-Modified Handling. (d) Preparation and marking of documents or other matter. (1) Each document or other matter that contains Safeguards Information designated as Safeguards Information-Modified Handling as described in Sec. 73.23(a) and in this section must be marked to indicate the presence of Safeguards Information with modified handling requirements in a conspicuous manner on the top and bottom of each page. The first page of the document or other matter must also contain: (i) The name, title, and organization of the individual authorized to make a ``Safeguards Information designated as Safeguards Information-Modified Handling'' determination, and who has determined that the document or other matter contains Safeguards Information designated as Safeguards Information-Modified Handling; (ii) The date the determination was made; and (iii) An indication that unauthorized disclosure will be subject to civil and criminal sanctions. (2) In addition to the markings at the top and bottom of each page, any transmittal letters or memoranda to or from the NRC which do not in themselves contain Safeguards Information designated as Safeguards Information-Modified Handling shall be marked to indicate that attachments or enclosures contain Safeguards Information designated as Safeguards Information-Modified Handling but that the transmittal document does not (i.e., ``When separated from Safeguards Information designated as Safeguards Information-Modified Handling enclosure(s), this document is decontrolled provided the transmittal document does not otherwise warrant protection from unauthorized disclosure''). (3) Any transmittal document or other matter forwarding Safeguards Information designated as Safeguards Information-Modified Handling must alert the recipient that protected information is enclosed. Certification that a document or other matter contains Safeguards Information designated as Safeguards Information-Modified Handling must include the name and title of the certifying official and date designated. Portion marking is required only for correspondence to and from the NRC (i.e., cover letters, but not attachments) that contains Safeguards Information designated as Safeguards Information-Modified Handling. The portion marking must be sufficient to allow the recipient to identify and distinguish those sections of the transmittal document or other information containing the Safeguards Information from non- Safeguards Information. (4) Marking of documents or other matter containing or transmitting Safeguards Information with modified handling requirements shall, at a minimum include the words [[Page 63579]] ``Safeguards Information-Modified Handling'' to ensure identification of protected information for the protection of facilities and material covered by Sec. 73.23. (e) Reproduction of matter containing Safeguards Information designated as Safeguards Information-Modified Handling. Safeguards Information designated as Safeguards Information-Modified Handling may be reproduced to the minimum extent necessary, consistent with need, without permission of the originator. Equipment used to reproduce Safeguards Information designated as Safeguards Information-Modified Handling must be evaluated to ensure that unauthorized individuals cannot access the information (e.g. , unauthorized individuals cannot access Safeguards Information by gaining access to retained memory or network connectivity). (f) External transmission of documents and material. (1) Documents or other matter containing Safeguards Information designated as Safeguards Information-Modified Handling, when transmitted outside an authorized place of use or storage, must be packaged in two sealed envelopes or wrappers to preclude disclosure of the presence of protected information. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words ``Safeguards Information-Modified Handling.'' The outer envelope or wrapper must be opaque, addressed to the intended recipient, must contain the address of the sender, and may not bear any markings or indication that the document contains Safeguards Information designated as Safeguards Information-Modified Handling. (2) Safeguards Information designated Safeguards Information- Modified Handling may be transported by any commercial delivery company that provides service with computer tracking features, U.S. first class, registered, express, or certified mail, or by any individual authorized access pursuant to these requirements. (3) Except under emergency or extraordinary conditions, Safeguards Information designated as Safeguards Information-Modified Handling must be transmitted electronically only by protected telecommunications circuits (including facsimile) or encryption by a method (Federal Information Processing Standard [FIPS] 140-2 or later) approved by the appropriate NRC office. For the purpose of this section, emergency or extraordinary conditions are defined as any circumstances that require immediate communications in order to report, summon assistance for, or respond to a security contingency event or an event that has potential security significance. Physical security events required to be reported pursuant to Sec. 73.71 are considered to be extraordinary conditions. (g) Processing of Safeguards Information-Modified Handling on electronic systems. (1) Safeguards Information designated for modified handling may be stored, processed or produced on a computer or computer system, provided that the system is assigned to the licensee's or contractor's facility. Safeguards Information designated as Safeguards Information- Modified Handling files must be protected, either by a password or encryption, to prevent unauthorized individuals from gaining access. Word processors such as typewriters are not subject to these requirements as long as they do not transmit information off-site. Note: if Safeguards Information designated as Safeguards Information- Modified Handling is produced on a typewriter, the ribbon must be properly marked and be removed and stored in the same manner as other Safeguards Information designated as Safeguards Information-Modified Handling. (2) Safeguards Information designated as Safeguards Information- Modified Handling files may be transmitted over a network if the file is encrypted. In such cases, the licensee will select a commercially available encryption system that the National Institute of Standards and Technology (NIST) has validated as conforming to Federal Information Processing Standards (FIPS) 140-2 or later. Safeguards Information designated as Safeguards Information-Modified Handling files shall be properly labeled to indicate the presence of Safeguards Information with modified handling requirements and saved to removable matter and stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be used for the processing of Safeguards Information designated as Safeguards Information-Modified Handling provided the device is secured in an appropriate locked storage container when not in use. Other systems may be used if approved for security by the appropriate NRC office. (4) Any electronic system that has been used for storage, processing or production of Safeguards Information must be free of recoverable Safeguards Information designated as Safeguards Information-Modified Handling prior to being returned to nonexclusive use. (h) Removal from Safeguards Information-Modified Handling category. Documents or other matter originally containing Safeguards Information designated as Safeguards Information-Modified Handling must be removed from the Safeguards Information category at such time as the information no longer meets the criteria contained in this Part. Care must be exercised to ensure that any document or other matter decontrolled shall not disclose Safeguards Information in some other form or be combined with other unprotected information to disclose Safeguards Information. The authority to determine that a document or other matter may be decontrolled will only be exercised by the NRC, with NRC approval, or in consultation with the individual or organization that made the original determination. (i) Destruction of matter containing Safeguards Information designated as Safeguards Information-Modified Handling. Documents or other matter containing Safeguards Information shall be destroyed when no longer needed. The information can be destroyed by burning, shredding, or any other method that precludes reconstruction by means available to the public at large. Piece sizes no wider than one quarter inch composed of several pages or documents and thoroughly mixed are considered completely destroyed. 0 47. In Sec. 73.37, paragraphs (f)(2)(iv), (f)(3)(iii) and (iv), and (g) are revised as follows: Sec. 73.37 Requirement for the physical protection of irradiated reactor fuel in transit. * * * * * (f) * * * (2) * * * (iv) A statement that the information described below in Sec. 73.37(f)(3) is required by NRC regulations to be protected in accordance with the requirements of Sec. Sec. 73.21 and 73.22. (3) * * * (iii) For the case of a single shipment whose schedule is not related to the schedule of any subsequent shipment, a statement that schedule information must be protected in accordance with the provisions of Sec. Sec. 73.21 and 73.22 until at least 10 days after the shipment has entered or originated within the state. (iv) For the case of a shipment in a series of shipments whose schedules are related, a statement that schedule information must be protected in accordance with the provisions of Sec. Sec. 73.21 and 73.22 until 10 days after the last shipment in the series has entered or originated within the state [[Page 63580]] and an estimate of the date on which the last shipment in the series will enter or originate within the state. * * * * * (g) State officials, state employees, and other individuals, whether or not licensees of the Commission, who receive schedule information of the kind specified in Sec. 73.37(f)(3) shall protect that information against unauthorized disclosure as specified in Sec. Sec. 73.21 and 73.22. 0 48. In Sec. 73.57 the section heading and paragraphs (a)(1) and (2) and (b)(2)(i) and (ii) are revised and paragraph (e)(3) is added to read as follows: Sec. 73.57 Requirements for criminal history records checks of individuals granted unescorted access to a nuclear power facility or access to Safeguards Information. (a) General. (1) Each licensee who is authorized to operate a nuclear power reactor under part 50 of this chapter, or to engage in an activity subject to regulation by the Commission shall comply with the requirements of this section. (2) Each applicant for a license to operate a nuclear power reactor under part 50 of this chapter or to engage in an activity subject to regulation by the Commission, as well as each entity who has provided written notice to the Commission of intent to file an application for licensing, certification, permitting, or approval of a product subject to regulation by the Commission shall submit fingerprints for those individuals who will have access to Safeguards Information. * * * * * (b) * * * (2) * * * (i) For unescorted access to the nuclear power facility (but must adhere to provisions contained in Sec. Sec. 73.21 and 73.22): NRC employees and NRC contractors on official agency business; individuals responding to a site emergency in accordance with the provisions of Sec. 73.55(a); a representative of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement at designated facilities who has been certified by the NRC; law enforcement personnel acting in an official capacity; State or local government employees who have had equivalent reviews of FBI criminal history data; and individuals employed at a facility who possess ``Q'' or ``L'' clearances or possess another active government granted security clearance, i.e., Top Secret, Secret, or Confidential; (ii) For access to Safeguards Information only but must adhere to provisions contained in Sec. Sec. 73.21, 73.22, and 73.23: the categories of individuals specified in 10 CFR 73.59. * * * * * (e) * * * (3) In addition to the right to obtain records from the FBI in paragraph (e)(1) of this section and the right to initiate challenge procedures in paragraph (e)(2) of this section, an individual participating in an NRC adjudication and seeking to obtain Safeguards Information for use in that adjudication may appeal a final adverse determination by the NRC Office of Administration to the presiding officer of the proceeding. The request may also seek to have the Chief Administrative Judge designate an officer other than the presiding officer of the proceeding to review the adverse determination. * * * * * 0 49. Section 73.59 is revised to read as follows: Sec. 73.59. Relief from fingerprinting, identification and criminal history records checks and other elements of background checks for designated categories of individuals. Fingerprinting, and the identification and criminal history records checks required by section 149 of the Atomic Energy Act of 1954, as amended, and other elements of background checks are not required for the following individuals prior to granting access to Safeguards Information, including Safeguards Information designated as Safeguards Information-Modified Handling as defined in 10 CFR 73.2: (a) An employee of the Commission or the Executive Branch of the United States government who has undergone fingerprinting for a prior U.S. government criminal history records check; (b) A member of Congress; (c) An employee of a member of Congress or Congressional committee who has undergone fingerprinting for a prior U.S. government criminal history records check; (d) The Comptroller General or an employee of the Government Accountability Office who has undergone fingerprinting for a prior U.S. Government criminal history records check; (e) The Governor of a State or his or her designated State employee representative; (f) A representative of a foreign government organization that is involved in planning for, or responding to, nuclear or radiological emergencies or security incidents who the Commission approves for access to Safeguards Information, including Safeguards Information designated as Safeguards Information--Modified Handling; (g) Federal, State, or local law enforcement personnel; (h) State Radiation Control Program Directors and State Homeland Security Advisors or their designated State employee representatives; (i) Agreement State employees conducting security inspections on behalf of the NRC pursuant to an agreement executed under section 274.i. of the Atomic Energy Act of 1954, as amended; (j) Representatives of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement who have been certified by the NRC; (k) Any agent, contractor, or consultant of the aforementioned persons who has undergone equivalent criminal history records and background checks to those required by 10 CFR 73.22(b) or 73.23(b). 0 50. A new Appendix I to part 73 is added to read as follows: APPENDIX I TO PART 73--CATEGORY 1 AND 2 RADIOACTIVE MATERIALS Table I-1--Quantities of Concern Threshold Limits ---------------------------------------------------------------------------------------------------------------- Category 1 Category 2 -------------------------------------------------------------------------------- Radionuclides Curies Curies Terabecquerels (TBq)(Ci)\1\ Terabecquerels (TBq)(Ci)\1\ ---------------------------------------------------------------------------------------------------------------- Americium-241.................. 6 x 10\1\.......... 1.6 x 10\3\....... 6 x 10-\1\........ 1.6 x 10\1\ Americium-241/Be............... 6 x 10\1\.......... 1.6 x 10\3\....... 6 x 10-\1\........ 1.6 x 10\1\ Californium-252................ 2 x 10\1\.......... 5.4 x 10\2\....... 2 x 10-\1\........ 5.4 Curium-244..................... 5 x 10\1\.......... 1.4 x 10\3\....... 5 x 10-\1\........ 1.4 x 10\1\ Cobalt-60...................... 3 x 10\1\.......... 8.1 x 10\2\....... 3 x 10-\1\........ 8.1 [[Page 63581]] Cesium-137..................... 1 x 10\2\.......... 2.7 x 10\3\....... 1................. 2.7 x 10\1\ Gadolinium-153................. 1 x 10\3\.......... 2.7 x 10\4\....... 1 x 10\1\......... 2.7 x 10\2\ Iridium-192.................... 8 x 10\1\.......... 2.2 x 10\3\....... 8 x 10-\1\........ 2.2 x 10\1\ Promethium-147................. 4 x 10\4\.......... 1.1 x 10\6\....... 4 x 10\2\......... 1.1 x 10\4\ Plutonium-238.................. 6 x 10\1\.......... 1.6 x 10\3\....... 6 x 10-\1\........ 1.6 x 10\1\ Plutonium-239/Be............... 6 x 10\1\.......... 1.6 x 10\3\....... 6 x 10-\1\........ 1.6 x 10\1\ Radium-226..................... 4 x 10\1\.......... 1.1 x 10\3\....... 4 x 10-\1\........ 1.1 x 10\1\ Selenium-75.................... 2 x 10\2\.......... 5.4 x 10\3\....... 2................. 5.4 x 10\1\ Strontium-90 (Y-90)............ 1 x 10\3\.......... 2.7 x 10\4\....... 1 x 10\1\......... 2.7 x 10\2\ Thulium-170.................... 2 x 10\4\.......... 5.4 x 10\5\....... 2 x 10\2\......... 5.4 x 10\3\ Ytterbium-169.................. 3 x 10\2\.......... 8.1 x 10\3\....... 3................. 8.1 x 10\1\ ---------------------------------------------------------------------------------------------------------------- \1\ The regulatory standard values are given in TBq. Curie (Ci) values are provided for practical usefulness only and are rounded after conversion. Calculations Concerning Multiple Sources or Multiple Radionuclides The ``sum of fractions'' methodology for evaluating combinations of multiple sources or multiple radionuclides, is to be used in determining whether a facility or activity meets or exceeds the threshold limits and is thus subject to the physical and/or information security requirements of this part. I. If multiple sources and/or multiple radionuclides are present in a facility or activity, the sum of the fractions of the activity of each of the radionuclides must be determined to verify the facility or activity is less than the Category 1 or 2 limits of Table 1, as appropriate. Otherwise, if the calculated sum of the fractions ratio, using the following equation, is greater than or equal to 1.0, then the facility or activity meets or exceeds the threshold limits of Table 1 and the applicable physical and/or information security provisions of this part apply. II. Use the equation below to calculate the sum of the fractions ratio by inserting the actual activity of the applicable radionuclides from Table 1 or of the individual sources (of the same radionuclides from Table 1) in the numerator of the equation and the corresponding threshold activity limit from Table 1 in the denominator of the equation. Sum of the fraction calculations must be performed in metric values (i.e., TBq) and the numerator and denominator values must be in the same units. R1 = activity for radionuclides or source number 1 R2 = activity for radionuclides or source number 2 RN = activity for radionuclides or source number n AR1 = activity limit for radionuclides or source number 1 AR2 = activity limit for radionuclides or source number 2 ARN = activity limit for radionuclides or source number n [GRAPHIC] [TIFF OMITTED] TR24OC08.000 PART 76--CERTIFICATION OF GASEOUS DIFFUSION PLANTS 0 51. The authority citation for part 76 is revised to read as follows: Authority: Secs. 161, 68 Stat. 948, as amended, secs. 1312, 1701, as amended, 106 Stat. 2932, 2951, 2952, 2953, 110 Stat. 1321- 349 (42 U.S.C. 2201, 2297b-11, 2297f); secs. 201, as amended, 204, 206, 88 Stat. 1244, 1245, 1246 (42 U.S.C. 5841, 5842, 5845, 5846). Sec. 234(a), 83 Stat. 444, as amended by Pub. L. 104-134, 110 Stat. 1321, 1321-349 (42 U.S.C. 2243(a)); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 549 (2005). Sec. 76.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat. 2951 (42 U.S.C. 5851). Sec. 76.22 is also issued under sec. 193(f), as amended, 104 Stat. 2835, as amended by Pub. L. 104-134, 110 Stat. 1321, 1321-349 (42 U.S.C. 2243(f)). Sec. 76.35(j) also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). 0 52. In Sec. 76.113, paragraph (c) is revised to read as follows: Sec. 76.113 Formula quantities of strategic special nuclear material--Category I. * * * * * (c) The requirements for the protection of Safeguards Information pertaining to formula quantities of strategic special nuclear material (Category I) are contained in Sec. Sec. 73.21 and 73.22 of this chapter. Information designated by the U.S. Department of Energy (DOE) as Unclassified Controlled Nuclear Information must be protected in accordance with DOE requirements. * * * * * 0 53. In Sec. 76.115, paragraph (d) is added to read as follows: Sec. 76.115 Special nuclear material of moderate strategic significance--Category II. * * * * * (d) The requirements for the protection of Safeguards Information pertaining to special nuclear material of moderate strategic significance--Category II are contained in Sec. Sec. 73.21 and 73.22 of this chapter. Information designated by the U.S. Department of Energy (DOE) as Unclassified Controlled Nuclear Information must be protected in accordance with DOE requirements. 0 54. In Sec. 76.117, paragraph (c) is added to read as follows: Sec. 76.117 Special nuclear material of low strategic significance-- Category III. * * * * * (c) The requirements for the protection of Safeguards Information pertaining to special nuclear material of low strategic significance-- Category III are contained in Sec. Sec. 73.21 and 73.22 of this chapter. Information designated by the U.S. Department of Energy (DOE) as Unclassified Controlled Nuclear Information must be protected in accordance with DOE requirements. PART 150--EXEMPTIONS AND CONTINUED REGULATORY AUTHORITY IN AGREEMENT STATES AND IN OFFSHORE WATERS UNDER SECTION 274 0 55. The authority citation for part 150 is revised to read as follows: Authority: Sec. 161, 68 Stat. 948, as amended, sec. 274, 73 Stat. 688 (42 U.S.C. 2201, 2021); sec. 201, 88 Stat. 1242, as amended (42 U.S.C. 5841); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). [[Page 63582]] Sections 150.3, 150.15, 150.15a, 150.31, 150.32 also issued under secs. 11e(2), 81, 68 Stat. 923, 935, as amended, secs. 83, 84, 92 Stat. 3033, 3039 (42 U.S.C. 2014e(2), 2111, 2113, 2114). Section 150.14 also issued under sec. 53, 68 Stat. 930, as amended (42 U.S.C. 2073). Section 150.15 also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 150.17a also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Section 150.30 also issued under sec. 234, 83 Stat. 444 (42 U.S.C. 2282). 0 56. In Sec. 150.15, paragraph (a)(9) is added to read as follows: Sec. 150.15 Persons not exempt. (a) * * * (9) The requirements for the protection of Safeguards Information in Sec. 73.21 and the requirements in Sec. 73.22 or Sec. 73.23 of this chapter, as applicable. * * * * * Dated at Rockville, Maryland this 14th day of October 2008. For the Nuclear Regulatory Commission. Annette L. Vietti-Cook, Secretary of the Commission. [FR Doc. E8-24904 Filed 10-23-08; 8:45 am] BILLING CODE 7590-01-P