Home
gpo.gov
govinfo.gov

e-CFR Navigation Aids

Browse

Simple Search

Advanced Search

 — Boolean

 — Proximity

 

Search History

Search Tips

Corrections

Latest Updates

User Info

FAQs

Agency List

Incorporation By Reference

eCFR logo

Related Resources

Electronic Code of Federal Regulations

e-CFR data is current as of July 9, 2020

Title 10Chapter IPart 73 → Subject Group


Title 10: Energy
PART 73—PHYSICAL PROTECTION OF PLANTS AND MATERIALS


Physical Protection Requirements at Fixed Sites

§73.40   Physical protection: General requirements at fixed sites.

Each licensee shall provide physical protection at a fixed site, or contiguous sites where licensed activities are conducted, against radiological sabotage, or against theft of special nuclear material, or against both, in accordance with the applicable sections of this Part for each specific class of facility or material license. If applicable, the licensee shall establish and maintain physical security in accordance with security plans approved by the Nuclear Regulatory Commission.

[58 FR 13700, Mar. 15, 1993]

§73.45   Performance capabilities for fixed site physical protection systems.

(a) To meet the general performance requirements of §73.20 a fixed site physical protection system shall include the performance capabilities described in paragraphs (b) through (g) of this section unless otherwise authorized by the Commission.

(b) Prevent unauthorized access of persons, vehicles and materials into material access areas and vital areas. To achieve this capability the physical protection system shall:

(1) Detect attempts to gain unauthorized access or introduce unauthorized material across material access or vital area boundaries by stealth or force using the following subsystems and subfunctions:

(i) Barriers to channel persons and material to material access and vital area entry control points and to delay any unauthorized penetration attempts by persons or materials sufficient to assist detection and permit a response that will prevent the penetration; and

(ii) Access detection subsystems and procedures to detect, assess and communicate any unauthorized penetration attempts by persons or materials at the time of the attempt so that the response can prevent the unauthorized access or penetration.

(2) Detect attempts to gain unauthorized access or introduce unauthorized materials into material access areas or vital areas by deceit using the following subsystems and subfunctions:

(i) Access authorization controls and procedures to provide current authorization schedules and entry criteria for both persons and materials; and

(ii) Entry controls and procedures to verify the identity of persons and materials and assess such identity against current authorization schedules and entry criteria before permitting entry and to initiate response measures to deny unauthorized entries.

(c) Permit only authorized activities and conditions within protected areas, material access areas, and vital areas. To achieve this capability the physical protection system shall:

(1) Detect unauthorized activities or conditions within protected areas, material access areas and vital areas using the following subsystems and subfunctions:

(i) Controls and procedures that establish current schedules of authorized activities and conditions in defined areas;

(ii) Boundaries to define areas within which the authorized activities and conditions are permitted; and

(iii) Detection and surveillance subsystems and procedures to discover and assess unauthorized activities and conditions and communicate them so that response can be such as to stop the activity or correct the conditions to satisfy the general performance objective and requirements of §73.20(a).

(d) Permit only authorized placement and movement of strategic special nuclear material within material access areas. To achieve this capability the physical protection system shall:

(1) Detect unauthorized placement and movement of strategic special nuclear material within the material access area using the following subsystems and subfunctions:

(i) Controls and procedures to delineate authorized placement and control for strategic special nuclear material;

(ii) Controls and procedures to establish current authorized placement and movement of all strategic special nuclear material within material access areas;

(iii) Controls and procedures to maintain knowledge of the identity, quantity, placement, and movement of all strategic special nuclear material within material access areas; and

(iv) Detection and monitoring subsystems and procedures to discover and assess unauthorized placement and movement of strategic special nuclear material and communicate them so that response can be such as to return the strategic special nuclear material to authorized placement or control.

(e) Permit removal of only authorized and confirmed forms and amounts of strategic special nuclear material from material access areas. To achieve this capability the physical protection system shall:

(1) Detect attempts at unauthorized removal of strategic special nuclear material from material access areas by stealth or force using the following subsystems and subfunctions:

(i) Barriers to channel persons and materials exiting a material access area to exit control points and to delay any unauthorized strategic special nuclear material removal attempts sufficient to assist detection and assessment and permit a response that will prevent the removal; and satisfy the general performance objective and requirements of §73.20(a); and

(ii) Detection subsystems and procedures to detect, assess and communicate any attempts at unauthorized removal of strategic special nuclear material so that response to the attempt can be such as to prevent the removal and satisfy the general performance objective and requirements of §73.20(a).

(2) Confirm the identity and quantity of strategic special nuclear material presented for removal from a material access area and detect attempts at unauthorized removal of strategic special nuclear material from material access areas by deceit using the following subsystems and subfunctions:

(i) Authorization controls and procedures to provide current schedules for authorized removal of strategic special nuclear material which specify the authorized properties and quantities of material to be removed, the persons authorized to remove the material, and the authorized time schedule;

(ii) Removal controls and procedures to identify and confirm the properties and quantities of material being removed and verify the identity of the persons making the removal and time of removal and assess these against the current authorized removal schedule before permitting removal; and

(iii) Communications subsystems and procedures to provide for notification of an attempted unauthorized or unconfirmed removal so that response can be such as to prevent the removal and satisfy the general performance objective and requirements of §73.20(a).

(f) Provide for authorized access and assure detection of and response to unauthorized penetrations of the protected area to satisfy the general performance objective and requirements of §73.20(a). To achieve this capability the physical protection system shall:

(1) Detect attempts to gain unauthorized access or introduce unauthorized persons, vehicles, or materials into the protected area by stealth or force using the following subsystems and subfunctions:

(i) Barriers to channel persons, vehicles, and materials to protected area entry control points; and to delay any unauthorized penetration attempts or the introduction of unauthorized vehicles or materials sufficient to assist detection and assessment and permit a response that will prevent the penetration or prevent such penetration and satisfy the general performance objective and requirements of §73.20(a); and

(ii) Access detection subsystems and procedures to detect, assess and communicate any unauthorized access or penetrations or such attempts by persons, vehicles, or materials at the time of the act or the attempt so that the response can be such as to prevent the unauthorized access or penetration, and satisfy the general performance objective and requirements of §73.20(a).

(2) Detect attempts to gain unauthorized access or introduce unauthorized persons, vehicles, or materials into the protected area by deceit using the following subsystems and subfunctions:

(i) Access authorization controls and procedures to provide current authorization schedules and entry criteria for persons, vehicles, and materials; and

(ii) Entry controls and procedures to verify the identity of persons, materials and vehicles and assess such identity against current authorization schedules before permitting entry and to initiate response measures to deny unauthorized access.

(g) Response. Each physical protection program shall provide a response capability to assure that the five capabilities described in paragraphs (b) through (f) of this section are achieved and that adversary forces will be engaged and impeded until offsite assistance forces arrive. To achieve this capability a licensee shall:

(1) Establish a security organization to:

(i) Provide trained and qualified personnel to carry out assigned duties and responsibilities; and

(ii) Provide for routine security operations and planned and predetermined response to emergencies and safeguards contingencies.

(2) Establish a predetermined plan to respond to safeguards contingency events.

(3) Provide equipment for the security organization and facility design features to:

(i) Provide for rapid assessment of safeguards contingencies;

(ii) Provide for response by assigned security organization personnel which is sufficiently rapid and effective to achieve the predetermined objective of the response; and

(iii) Provide protection for the assessment and response personnel so that they can complete their assigned duties.

(4) Provide communications networks to:

(i) Transmit rapid and accurate security information among onsite forces for routine security operation, assessment of a contingency, and response to a contingency; and

(ii) Transmit rapid and accurate detection and assessment information to offsite assistance forces.

(5) Assure that a single adversary action cannot destroy the capability of the security organization to notify offsite response forces of the need for assistance.

[44 FR 68193, Nov. 28, 1979]

§73.46   Fixed site physical protection systems, subsystems, components, and procedures.

(a) A licensee physical protection system established pursuant to the general performance objective and requirements of §73.20(a) and the performance capability requirements of §73.45 shall include, but are not necessarily limited to, the measures specified in paragraphs (b) through (h) of this section. The Commission may require, depending on individual facility and site conditions, alternate or additional measures deemed necessary to meet the general performance objective and requirements of §73.20. The Commission also may authorize protection measures other than those required by this section if, in its opinion, the overall level of performance meets the general performance objective and requirements of §73.20 and the performance capability requirements of §73.45.

(b) Security organization. (1) The licensee shall establish a security organization, including guards. If a contract guard force is utilized for site security, the licensee's written agreement with the contractor will clearly show that (i) the licensee is responsible to the Commission for maintaining safeguards in accordance with Commission regulations and the licensee's security plan, (ii) the NRC may inspect, copy, and take away copies of all reports and documents required to be kept by Commission regulations, orders, or applicable license conditions whether such reports and documents are kept by the licensee or the contractor, (iii) the requirement, in §73.46(b)(4) of this section that the licensee demonstrate the ability of physical security personnel to perform their assigned duties and responsibilities, include demonstration of the ability of the contractor's physical security personnel to perform their assigned duties and responsibilities in carrying out the provisions of the Security Plan and these regulations, and (iv) the contractor will not assign any personnel to the site who have not first been made aware of these responsibilities.

(2) The licensee shall have onsite at all times at least one full time member of the security organization with authority to direct the physical protection activities of the security organization.

(3) The licensee shall have a management system to provide for the development, revision, implementation, and enforcement of security procedures. The system shall include:

(i) Written security procedures which document the structure of the security organization and which detail the duties of the Tactical Response Team, guards, watchmen, and other individuals responsible for security. The licensee shall retain a copy of the current procedures as a record until the Commission terminates the license for which these procedures were developed and, if any portion of these procedures is superseded, retain the superseded material for three years after each change; and

(ii) Provision for written approval of such procedures and any revisions thereto by the individual with overall responsibility for the security function.

(4) The licensee may not permit an individual to act as a Tactical Response Team member, armed response person, guard, or other member of the security organization unless the individual has been trained, equipped, and qualified to perform each assigned security duty in accordance with Appendix B of this part, “General Criteria for Security Personnel.” In addition, Tactical Response Team members, armed response personnel, and guards shall be trained, equipped, and qualified for use of their assigned weapons in accordance with paragraphs (b)(6) and (b)(7) of this section. Tactical Response Team members, armed response personnel, and guards shall also be trained and qualified in accordance with either paragraphs (b)(10) and (b)(11) or paragraph (b)(12) of this section. Upon the request of an authorized representative of the Commission, the licensee shall demonstrate the ability of the physical security personnel, whether licensee or contractor employees, to carry out their assigned duties and responsibilities. Each Tactical Response Team member, armed response person, and guard, whether a licensee or contractor employee, shall requalify in accordance with Appendix B of this part. Tactical Response Team members, armed response personnel, and guards shall also requalify in accordance with paragraph (b)(7) of this section at least once every 12 months. The licensee shall document the results of the qualification and requalification. The licensee shall retain the documentation of each qualification and requalification as a record for 3 years after each qualification and requalification.

(5) Within any given period of time, a member of the security organization may not be assigned to, or have direct operational control over, more than one of the redundant elements of a physical protection subsystem if such assignment or control could result in the loss of effectiveness of the subsystem.

(6) Each guard shall be armed with a handgun, as described in appendix B of this part. Each Tactical Response Team member shall be armed with a 9mm semiautomatic pistol. All but one member of the Tactical Response Team shall be armed additionally with either a shotgun or semiautomatic rifle, as described in appendix B of this part. The remaining member of the Tactical Response Team shall carry, as an individually assigned weapon, a rifle of no less caliber than .30 inches or 7.62mm.

(7) In addition to the weapons qualification and requalification criteria of appendix B of this part, Tactical Response Team members, armed response personnel, and guards shall qualify and requalify, at least every 12 months, for day and night firing with assigned weapons in accordance with Appendix H of this part. Tactical Response Team members, armed response personnel, and guards shall be permitted to practice fire prior to qualification and requalification but shall be given only one opportunity to fire for record on the same calendar day. If a Tactical Response Team member, armed response person, or guard fails to qualify or requalify, the licensee shall remove the individual from security duties which require the use of firearms and retrain the individual prior to any subsequent attempt to qualify or requalify. If an individual fails to qualify or requalify on two successive attempts, he or she shall be required to receive additional training and successfully fire two consecutive qualifying scores prior to being reassigned to armed security duties.

(i) In addition, Tactical Response Team members, armed response personnel, and guards shall be prepared to demonstrate day and night firing qualification with their assigned weapons at any time upon request by an authorized representative of the NRC.

(ii) The licensee or the licensee's agent shall document the results of weapons qualification and requalification for day and night firing. The licensee shall retain the documentation of each qualification and requalification as a record for 3 years after each qualification and requalification.

(8) In addition to the training requirements contained in appendix B of this part, Tactical Response Team members shall successfully complete training in response tactics. The licensee shall document the completion of training. The licensee shall retain the documentation of training as a record for three years after training is completed.

(9) The licensee shall conduct Tactical Response Team and guard exercises to demonstrate the overall security system effectiveness and the ability of the security force to perform response and contingency plan responsibilities and to demonstrate individual skills in assigned team duties. During the first 12-month period following the date specified in paragraph (i)(2)(ii) of this section, an exercise must be carried out at least every three months for each shift, half of which are to be force-on-force. Subsequently, during each 12-month period commencing on the anniversary of the date specified in paragraph (i)(2)(ii) of this section, an exercise must be carried out at least every four months for each shift, one third of which are to be force-on-force. The licensee shall use these exercises to demonstrate its capability to respond to attempts to steal strategic special nuclear material. During each of the 12-month periods, the NRC shall observe one of the force-on-force exercises which demonstrates overall security system performance. The licensee shall notify the NRC of the scheduled exercise 60 days prior to that exercise. The licensee shall document the results of all exercises. The licensee shall retain the documentation of each exercise as a record for three years after each exercise is completed.

(10) In addition to the medical examinations and physical fitness requirements of paragraph I.C of Appendix B of this part, each Tactical Response Team member, armed response person, and guard, except as provided in paragraph (b)(10)(v) of this section, shall participate in a physical fitness training program on a continuing basis.

(i) The elements of the physical fitness training program must include, but not necessarily be limited to, the following:

(A) Training sessions of sufficient frequency, duration, and intensity to be of aerobic benefit, e.g., normally a frequency of three times per week, maintaining an intensity of approximately 75 percent of maximum heart rate for 20 minutes;

(B) Activities that use large muscle groups, that can be maintained continuously, and that are rhythmical and aerobic in nature, e.g., running, bicycling, rowing, swimming, or cross-country skiing; and

(C) Musculoskeletal training exercises that develop strength, flexibility, and endurance in the major muscle groups, e.g., legs, arms, and shoulders.

(ii) The licensee shall assess Tactical Response Team members, armed response personnel, and guards for general fitness once every 4 months to determine the effectiveness of the continuing physical fitness training program. Assessments must include a recent health history, measures of cardiovascular fitness, percent of body fat, flexibility, muscular strength, and endurance. Individual exercise programs must be modified to be consistent with the needs of each participating Tactical Response Team member, armed response person, and guard and consistent with the environments in which they must be prepared to perform their duties. Individuals who exceed 4 months without being assessed for general fitness due to excused time off from work must be assessed within 15 calendar days of returning to duty as a Tactical Response Team member, armed response person, or guard.

(iii) Within 30 days prior to participation in the physical fitness training program, the licensee shall give Tactical Response Team members, armed response personnel, and guards a medical examination including a determination and written certification by a licensed physician that there are no medical contraindications, as disclosed by the medical examination, to participation in the physical fitness training program.

(iv) Licensees may temporarily waive an individual's participation in the physical fitness training program on the advice of the licensee's examining physician, during which time the individual may not be assigned duties as a Tactical Response Team member.

(v) Guards whose duties are to staff the central or secondary alarm station and those who control exit or entry portals are exempt from the physical fitness training program specified in paragraph (b)(10) of this section, provided that they are not assigned temporary response guard duties.

(11) In addition to the physical fitness demonstration contained in paragraph I.C of Appendix B of this part, Tactical Response Team members, armed response personnel, and guards shall meet or exceed the requirements in paragraphs (b)(11)(i) through (b)(11)(v) of this section, except as provided in paragraph (b)(11)(vi) of this section, initially and at least once every 12 months thereafter.

(i) For Tactical Response Team members the criteria are a 1-mile run in 8 minutes and 30 seconds or less and a 40-yard dash starting from a prone position in 8 seconds or less. For armed response personnel and guards that are not members of the Tactical Response Team the criteria are a one-half mile run in 4 minutes and 40 seconds or less and a 40-yard dash starting from a prone position in 8.5 seconds or less. The test may be taken in ordinary athletic attire under the supervision of licensee designated personnel. The licensee shall retain a record of each individual's performance for 3 years.

(ii) Incumbent Tactical Response Team members, armed response personnel, and guards shall meet or exceed the qualification criteria within 12 months of NRC approval of the licensee's revised Fixed Site Physical Protection Plan. New employees hired after the approval date shall meet or exceed the qualification criteria prior to assignment as a Tactical Response Team member, armed response person, or guard.

(iii) Tactical Response Team members, armed response personnel, and guards shall be given a medical examination including a determination and written certification by a licensed physician that there are no medical contraindications, as disclosed by the medical examination, to participation in the physical fitness performance testing. The medical examination must be given within 30 days prior to the first administration of the physical fitness performance test, and on an annual basis thereafter.

(iv) The licensee shall place Tactical Response Team members, armed response persons, and guards, who do not meet or exceed the qualification criteria, in a monitored remedial physical fitness training program and relieve them of security duties until they satisfactorily meet or exceed the qualification criteria.

(v) Licensees may temporarily waive the annual performance testing for an individual on the advice of the licensee's examining physician, during which time the individual may not be assigned duties as a Tactical Response Team member.

(vi) Guards whose duties are to staff the central or secondary alarm station and those who control exit or entry portals are exempt from the annual performance testing specified in paragraph (b)(11) of this section, provided that they are not assigned temporary response guard duties.

(12) The licensee may elect to comply with the requirements of this paragraph instead of the requirements of paragraphs (b)(10) and (b)(11) of this section. In addition to the physical fitness qualifications of paragraph I.C of Appendix B of this part, each licensee subject to the requirements of this section shall develop and submit to the NRC for approval site specific, content-based, physical fitness performance tests which will—when administered to each Tactical Response Team member, armed response person, or guard—duplicate the response duties these individuals may need to perform during a strenuous tactical engagement.

(i) The test must be administered to each Tactical Response Team member, armed response person, and guard once every 3 months. The test must specifically address the physical capabilities needed by armed response personnel during a strenuous tactical engagement at the licensed facility. Individuals who exceed 3 months without having been administered the test due to excused time off from work must be tested within 15 calendar days of returning to duty as a Tactical Response Team member, armed response person, or guard.

(ii) Within 30 days before the first administration of the physical fitness performance test, and on an annual basis thereafter, Tactical Response Team members, armed response personnel, and guards shall be given a medical examination including a determination and written certification by a licensed physician that there are no medical contraindications, as disclosed by the medical examination, to participation in the physical fitness performance test.

(iii) Guards whose duties are to staff the central or secondary alarm station and those who control exit or entry portals are exempt from the performance test specified in paragraph (b)(12) of this section, provided that they are not assigned temporary response guard duties.

(c) Physical barrier subsystems. (1) vital equipment must be located only within a vital area, and strategic special nuclear material must be stored or processed only in a material access area. Both vital areas and material access areas must be located within a protected area so that access to vital equipment and to strategic special nuclear material requires passage through at least three physical barriers. The perimeter of the protected area must be provided with two separated physical barriers with an intrusion detection system placed between the two. The inner barrier must be positioned and constructed to enhance assessment of penetration attempts and to delay attempts at unauthorized exit from the protected area. The perimeter of the protected area must also incorporate features and structures that prevent forcible vehicle entry. More than one vital area or material access area may be located within a single protected area.

(2) The physical barriers at the perimeter of the protected area shall be separated from any other barrier designated as a physical barrier for a vital area or material access area within the protected area.

(3) Isolation zones shall be maintained in outdoor areas adjacent to the physical barrier at the perimeter of the protected area and shall be large enough to permit observation of the activities of people on either side of that barrier in the event of its penetration. If parking facilities are provided for employees or visitors, they shall be located outside the isolation zone and exterior to the protected area.

(4) Isolation zones and all exterior areas within the protected area shall be provided with illumination sufficient for the monitoring and observation requirements of paragraphs (c)(3), (e)(8), (h)(4) and (h)(6) of this section, but not less than 0.2 footcandle measured horizontally at ground level.

(5) Strategic special nuclear material, other than alloys, fuel elements or fuel assemblies, shall:

(i) Be stored in a vault when not undergoing processing if the material can be used directly in the manufacture of a nuclear explosive device. Vaults used to protect such material shall be capable of preventing entry to stored SSNM by a single action in a forced entry attempt, except as such single action would both destroy the barrier and render contained SSNM incapable of being removed, and shall provide sufficient delay to prevent removal of stored SSNM prior to arrival of response personnel capable of neutralizing the design basis threat stated in §73.1.

(ii) Be stored in tamper-indicating containers;

(iii) Be processed only in material access areas constructed with barriers that provide significant delay to penetration; and

(iv) Be kept in locked compartments or locked process equipment while undergoing processing except when personally attended.

(6) Enriched uranium scrap (enriched to 20% or greater) in the form of small pieces, cuttings, chips, solutions or in other forms which result from a manufacturing process, contained in 30 gallon or larger containers with a uranium-235 content of less than 0.25 grams per liter, may be stored within a locked and separately fenced area within a larger protected area provided that the storage area fence is no closer than 25 feet to the perimeter of the protected area. The storage area when unoccupied shall be protected by a guard or watchman who shall patrol at intervals not exceeding 4 hours, or by intrusion alarms.

(d) Access control subsystems and procedures. (1) A numbered picture badge identification subsystem shall be used for all individuals who are authorized access to protected areas without escort. An individual not employed by the licensee but who requires frequent and extended access to protected, material access, or vital areas may be authorized access to such areas without escort provided that he receives a picture badge upon entrance into the protected area and returns the badge upon exit from the protected area, and that the badge indicates, (i) Non-employee—no escort required; (ii) areas to which access is authorized and (iii) the period for which access has been authorized. Badges shall be displayed by all individuals while inside the protected areas.

(2) Unescorted access to vital areas, material access areas and controlled access areas shall be limited to individuals who are authorized access to the material and equipment in such areas, and who require such access to perform their duties. Access to material access areas shall include at least two individuals. Authorization for such individuals shall be indicated by the issuance of specially coded numbered badges indicating vital areas, material access areas, and controlled access areas to which access is authorized. No activities other than those which require access to strategic special nuclear material or to equipment used in the processing, use, or storage of strategic special nuclear material, or necessary maintenance, shall be permitted within a material access area.

(3) The licensee shall establish and follow written procedures that will permit access control personnel to identify those vehicles that are authorized and those materials that are not authorized entry to protected, material access, and vital areas. The licensee shall retain a copy of the current procedures as a record until the Commission terminates each license for which the procedures were developed and, if any portion of the procedures is superseded, retain the superseded material for three years after each change.

(4)(i) The licensee shall control all points of personnel and vehicle access into a protected area. Identification and search of all individuals for firearms, explosives, and incendiary devices must be made and authorization must be checked at these points except for Federal, State, and local law enforcement personnel on official duty and United States Department of Energy couriers engaged in the transport of special nuclear material. The search function for detection of firearms, explosives, and incendiary devices must be accomplished through the use of detection equipment capable of detecting both firearms and explosives. The individual responsible for the last access control function (controlling admission to the protected area) shall be isolated within a structure with bullet resisting walls, doors, ceiling, floor, and windows.

(ii) When the licensee has cause to suspect that an individual is attempting to introduce firearms, explosives, or incendiary devices into a protected area, the licensee shall conduct a physical pat-down search of that individual. Whenever firearms or explosives detection equipment at a portal is out of service or not operating satisfactorily, the licensee shall conduct a physical pat-down search of all persons who would otherwise have been subject to search using the equipment.

(5) At the point of personnel and vehicle access into a protected area, all hand-carried packages except those carried by individuals exempted from personal search under the provisions of paragraph (d)(4)(i) of this part must be searched for firearms, explosives, and incendiary devices.

(6) All packages and material for delivery into a protected area must be checked for proper identification and authorization and searched for firearms, explosives, and incendiary devices prior to admittance into the protected area, except those Commission-approved delivery and inspection activities specifically designated by the licensee to be carried out within material access, vital, or protected areas for reasons of safety, security, or operational necessity.

(7) All vehicles, except United States Department of Energy vehicles engaged in transporting special nuclear material and emergency vehicles under emergency conditions, shall be searched for firearms, explosives, and incendiary devices prior to entry into the protected area. Vehicle areas to be searched shall include the cab, engine compartment, undercarriage, and cargo area.

(8) All vehicles, except designated licensee vehicles, requiring entry into the protected area shall be escorted by a member of the security organization while within the protected area, and to the extent practicable shall be off-loaded in an area that is not adjacent to a vital area. Designated licensee vehicles shall be limited in their use to onsite plant functions and shall remain in the protected area except for operational, maintenance, security and emergency purposes. The licensee shall exercise positive control over all such designated vehicles to assure that they are used only by authorized persons and for authorized purposes.

(9) The licensee shall control all points of personnel and vehicle access to material access areas, vital areas, and controlled access areas. At least two armed guards trained in accordance with the provisions contained in paragraph (b)(7) of this section and appendix B of this part shall be posted at each material access area control point whenever in use. Identification and authorization of personnel and vehicles must be verified at the material access area control point. Prior to entry into a material access area, packages must be searched for firearms, explosives, and incendiary devices. All vehicles, materials and packages, including trash, wastes, tools, and equipment exiting from a material access area must be searched for concealed strategic special nuclear material by a team of at least two individuals who are not authorized access to that material access area. Each individual exiting a material access area shall undergo at least two separate searches for concealed strategic special nuclear material. For individuals exiting an area that contains only alloyed or encapsulated strategic special nuclear material, the second search may be conducted in a random manner.

(10) Before exiting from a material access area, containers of contaminated wastes must be drum scanned and tamper sealed by at least two individuals, working and recording their findings as a team, who do not have access to material processing and storage areas. The licensee shall retain the records of these findings for three years after the record is made.

(11) Strategic special nuclear material being prepared for shipment offsite, including product, samples and scrap, shall be packed and placed in sealed containers in the presence of at least two individuals working as a team who shall verify and certify the content of each shipping container through the witnessing of gross weight measurements and nondestructive assay, and through the inspection of tamper seal integrity and associated seal records.

(12) Areas used for preparing strategic special nuclear material for shipment and areas used for packaging and screening trash and wastes shall be controlled access areas and shall be separated from processing and storage areas.

(13) Individuals not permitted by the licensee to enter protected areas without escort must be escorted by a watchman or other individual designated by the licensee while in a protected area and must be badged to indicate that an escort is required. In addition, the individual shall be required to register his or her name, date, time, purpose of visit and employment affiliation, citizenship, and name of the individual to be visited in a log. The licensee shall retain each log as a record for three years after the last entry is made in the log.

(14) All keys, locks, combinations and related equipment used to control access to protected, material access, vital, and controlled access areas shall be controlled to reduce the probability of compromise. Whenever there is evidence that a key, lock, combination, or related equipment may have been compromised it shall be changed. Upon termination of employment of any employee, keys, locks, combinations, and related equipment to which that employee had access, shall be changed.

(15) The licensee may not announce or otherwise communicate to its employees or site contractors the arrival or presence of an NRC safeguards inspector unless specifically requested to do so by the NRC safeguards inspector.

(e) Detection, surveillance and alarm subsystems and procedures. (1) The licensee shall provide an intrusion alarm subsystem with a capability to detect penetration through the isolation zone and to permit response action.

(2) All emergency exits in each protected, material access, and vital area shall be locked to prevent entry from the outside and alarmed to provide local visible and audible alarm annunciation.

(3) All unoccupied vital areas and material access areas shall be locked and protected by an intrusion alarm subsystem which will alarm upon the entry of a person anywhere into the area, upon exit from the area, and upon movement of an individual within the area, except that for process material access areas only the location of the strategic special nuclear material within the area is required to be so alarmed. Vaults and process areas that contain strategic special nuclear material that has not been alloyed or encapsulated shall also be under the surveillance of closed circuit television that is monitored in both alarm stations. Additionally, means shall be employed which require that an individual other than an alarm station operator be present at or have knowledge of access to such unoccupied vaults or process areas.

(4) All manned access control points in the protected area barrier, all security patrols and guard stations within the protected area, and both alarm stations shall be provided with duress alarms.

(5) All alarms required pursuant to this section shall annunciate in a continuously manned central alarm station located within the protected area and in at least one other independent continuously manned onsite station not necessarily within the protected area, so that a single act cannot remove the capability of calling for assistance or responding to an alarm. The alarm stations shall be controlled access areas and their walls, doors, ceiling, floor, and windows shall be bullet-resisting. The central alarm station shall be located within a building so that the interior of the central alarm station is not visible from the perimeter of the protected area. This station may not contain any operational activities that would interfere with the execution of the alarm response function.

(6) All alarms required by this section shall remain operable from independent power sources in the event of the loss of normal power. Switchover to standby power shall be automatic and shall not cause false alarms on annunciator modules.

(7) All alarm devices including transmission lines to annunciators shall be tamper indicating and self-checking e.g., an automatic indication shall be provided when a failure of the alarm system or a component occurs, when there is an attempt to compromise the system, or when the system is on standby power. The annunciation of an alarm at the alarm stations shall indicate the type of alarm (e.g., intrusion alarm, emergency exit alarm, etc.) and location. The status of all alarms and alarm zones shall be indicated in the alarm stations.

(8) All exterior areas within the protected area shall be monitored or periodically checked to detect the presence of unauthorized persons, vehicles, materials, or unauthorized activities.

(9) Methods to observe individuals within material access areas to assure that strategic special nuclear material is not moved to unauthorized locations or in an unauthorized manner shall be provided and used on a continuing basis.

(f) Communication subsystems. (1) Each guard, watchman, or armed response individual on duty shall be capable of maintaining continuous communication with an individual in each continuously manned alarm station required by paragraph (e)(5) of this section, who shall be capable of calling for assistance from other guards, watchmen, and armed response personnel and from law enforcement authorities.

(2) Each alarm station required by paragraph (e)(5) of this section shall have both conventional telephone service and radio or microwave transmitted two-way voice communication, either directly or through an intermediary, for the capability of communication with the law enforcement authorities.

(3) Non-portable communications equipment controlled by the licensee and required by this section shall remain operable from independent power sources in the event of the loss of normal power.

(g) Test and maintenance programs. The licensee shall have a test and maintenance program for intrusion alarms, emergency exit alarms, communications equipment, physical barriers, and other physical protection related devices and equipment used pursuant to this section that shall provide for the following:

(1) Tests and inspections during the installation and construction of physical protection related subsystems and components to assure that they comply with their respective design criteria and performance specifications.

(2) Preoperational tests and inspections of physical protection related subsystems and components to demonstrate their effectiveness and availability with respect to their respective design criteria and performance specifications.

(3) Operational tests and inspections of physical protection related subsystems and components to assure their maintenance in an operable and effective condition, including:

(i) Testing of each intrusion alarm at the beginning and end of any period that it is used. If the period of continuous use is longer than seven days, the intrusion alarm shall also be tested at least once every seven days.

(ii) Testing of communications equipment required for communications onsite, including duress alarms, for performance not less frequently than once at the beginning of each security personnel work shift. Communications equipment required for communications offsite shall be tested for performance not less than once a day.

(4) Preventive maintenance programs shall be established for physical protection related subsystems and components to assure their continued maintenance in an operable and effective condition.

(5) All physical protection related subsystems and components shall be maintained in operable condition. The licensee shall develop and employ corrective action procedures and compensatory measures to assure that the effectiveness of the physical protection system is not reduced by failure or other contingencies affecting the operation of the security related equipment or structures. Repairs and maintenance shall be performed by at least two individuals working as a team who have been trained in the operation and performance of the equipment. The security organization shall be notified before and after service is performed and shall conduct performance verification tests after the service has been completed.

(6) The security program must be reviewed at least every 12 months by individuals independent of both security program management and personnel who have direct responsibility for implementation of the security program. The security program review must include an audit of security procedures and practices, an evaluation of the effectiveness of the physical protection system, an audit of the physical protection system testing and maintenance program, and an audit of commitments established for response by local law enforcement authorities. The results and recommendations of the security program review, and any actions taken, must be documented in a report to the licensee's plant manager and to corporate management at least one level higher than that having responsibility for the day-to-day plant operations. These reports must be maintained in an auditable form, available for inspection for a period of 3 years.

(h) Contingency and response plans and procedures. (1) The licensee shall establish, maintain, and follow an NRC-approved safeguards contingency plan for responding to threats, thefts, and radiological sabotage related to the strategic special nuclear material and nuclear facilities subject to the provisions of this section. Safeguards contingency plans must be in accordance with the criteria in appendix C to this part, “Licensee Safeguards Contingency Plans.” Contingency plans must include, but not limited to, the response requirements listed in paragraphs (h)(2) through (h)(5) of this section. The licensee shall retain the current safeguards contingency plan as a record until the Commission terminates the license and, if any portion of the plan is superseded, retain that superseded portion for 3 years after the effective date of change.

(2) The licensee shall establish and document response arrangements that have been made with local law enforcement authorities. The licensee shall retain documentation of the current arrangements as a record until the Commission terminates each license requiring the arrangements and, if any arrangement is superseded, retain the superseded material for three years after each change.

(3) A Tactical Response Team consisting of a minimum of five (5) members must be available at the facility to fulfill assessment and response requirements. In addition, a force of guards or armed response personnel also must be available to provide assistance as necessary. The size and availability of the additional force must be determined on the basis of site-specific considerations that could affect the ability of the total onsite response force to engage and impede the adversary force until offsite assistance arrives. The rationale for the total number and availabiliy of onsite armed response personnel must be included in the physical protection plans submitted to the Commission for approval.

(4) Upon detection of abnormal presence or activity of persons or vehicles within an isolation zone, a protected area, a material access area, or a vital area, or upon evidence or indication of intrusion into a protected area, a material access area, or a vital area, the licensee security organization shall:

(i) Determine whether or not a threat exists,

(ii) Assess the extent of the threat, if any,

(iii) Take immediate concurrent measures to neutralize the threat by:

(A) Requiring responding guards or other armed response personnel to interpose themselves between vital areas and material access areas and any adversary attempting entry for purposes of radiological sabotage or theft of strategic special nuclear material and to intercept any person exiting with special nuclear material, and

(B) Informing local law enforcement agencies of the threat and requesting assistance.

(5) The licensee shall instruct every guard and all armed response personnel to prevent or impede acts of radiological sabotage or theft of strategic special nuclear material by using force sufficient to counter the force directed at him including the use of deadly force when the guard or other armed response person has a reasonable belief that it is necessary in self-defense or in the defense of others.

(6) To facilitate initial response to detection of penetration of the protected area and assessment of the existence of a threat, a capability of observing the isolation zones and the physical barrier at the perimeter of the protected area shall be provided, preferably by means of closed circuit television or by other suitable means which limit exposure of responding personnel to possible attack.

(7) Alarms occurring within unoccupied vaults and unoccupied material access areas containing unalloyed or unencapsulated strategic special nuclear material shall be assessed by at least two security personnel using closed circuit television (CCTV) or other remote means.

(8) Alarms occurring within unoccupied material access areas that contain only alloyed or encapsulated strategic special nuclear material shall be assessed as in paragraph (h)(7) of this section or by at least two security personnel who shall undergo a search before exiting the material access area.

(i) Implementation schedule for revisions to physical protection plans. (1) By November 28, 1994, each licensee shall submit a revised Fixed Site Physical Protection Plan to the NRC for approval. The revised plan must describe how the licensee will comply with the requirements of paragraphs (b)(10) and (b)(11) of this section or the requirements of (b)(12) of this section. Revised plans must be mailed to the Director, Division of Fuel Management, Office of Nuclear Material Safety and Safeguards, U.S. Nuclear Regulatory Commission, Washington, DC 20555.

(2) Each licensee shall implement the approved plan pursuant to paragraphs (b)(10) and (b)(11) of this section or (b)(12) of this section within 1 year after NRC approval of the revised Fixed Site Physical Protection Plan.

[44 FR 68194, Nov. 28, 1979, as amended at 53 FR 19258, May 27, 1988; 53 FR 23383, June 22, 1988; 53 FR 45452, Nov. 10, 1988; 57 FR 33430, July 29, 1992; 58 FR 29522, May 21, 1993; 58 FR 45784, Aug. 31, 1993; 59 FR 38348, July 28, 1994; 79 FR 75741, Dec. 19, 2014; 84 FR 65646, Nov. 29, 2019]

§73.50   Requirements for physical protection of licensed activities.

Each licensee who is not subject to §73.51, but who possesses, uses, or stores formula quantities of strategic special nuclear material that are not readily separable from other radioactive material and which have total external radiation dose rates in excess of 100 rems per hour at a distance of 3 feet from any accessible surfaces without intervening shielding other than at nuclear reactor facility licensed under parts 50 or 52 of this chapter, shall comply with the following:

(a) Physical security organization. (1) The licensee shall establish a security organization, including guards, to protect his facility against radiological sabotage and the special nuclear material in his possession against theft.

(2) At least one supervisor of the security organization shall be on site at all times.

(3) The licensee shall establish, maintain, and follow written security procedures that document the structure of the security organization and detail the duties of guards, watchmen, and other individuals responsible for security. The licensee shall retain a copy of the current procedures as a record until the Commission terminates each license for which the procedures were developed and, if any portion of the procedures is superseded, retain the superseded material for three years after each change.

(4) The licensee may not permit an individual to act as a guard, watchman, armed response person, or other member of the security organization unless the individual has been trained, equipped, and qualified to perform each assigned security job duty in accordance with appendix B, “General Criteria for Security Personnel,” to this part. Upon the request of an authorized representative of the Commission, the licensee shall demonstrate the ability of the physical security personnel to carry out their assigned duties and responsibilities. Each guard, watchman, armed response person, and other member of the security organization shall requalify in accordance with appendix B to this part at least every 12 months. This requalification must be documented. The licensee shall retain the documentation of each requalification as a record for three years after the requalification.

(b) Physical barriers. (1) The licensee shall locate vital equipment only within a vital area, which, in turn, shall be located within a protected area such that access to vital equipment requires passage through at least two physical barriers. More than one vital area may be within a single protected area.

(2) The licensee shall locate material access areas only within protected areas such that access to the material access area requires passage through at least two physical barriers. More than one material access area may be within a single protected area.

(3) The physical barrier at the perimeter of the protected area shall be separated from any other barrier designated as a physical barrier within the protected area, and the intervening space monitored or periodically checked to detect the presence of persons or vehicles so that the facility security organization can respond to suspicious activity or to the breaching of any physical barrier.

(4) An isolation zone shall be maintained around the physical barrier at the perimeter of the protected area and any part of a building used as part of that physical barrier. The isolation zone shall be monitored to detect the presence of individuals or vehicles within the zone so as to allow response by armed members of the license security organization to be initiated at the time of penetration of the protected area. Parking facilities, both for employees and visitors, shall be located outside the isolation zone.

(5) Isolation zones and clear areas between barriers shall be provided with illumination sufficient for the monitoring required by paragraphs (b) (3) and (4) of this section, but not less than 0.2 foot candles.

(c) Access requirements. The licensee shall control all points of personnel and vehicle access into a protected area, including shipping or receiving areas, and into each vital area. Identification of personnel and vehicles shall be made and authorization shall be checked at such points.

(1) At the point of personnel and vehicle access into a protected area, all individuals, except employees who possess a NRC or United States Department of Energy access authorization, and all hand-carried packages shall be searched for devices such as firearms, explosives, and incendiary devices, or other items which could be used for radiological sabotage. The search shall be conducted either by a physical search or by the use of equipment capable of detecting such devices. Employees who possess an NRC or Department of Energy access authorization shall be searched at random intervals. Subsequent to search, drivers of delivery and service vehicles shall be escorted at all times while within the protection area.

(2) All packages being delivered into the protected area shall be checked for proper identification and authorization. Packages other than hand-carried packages shall be searched at random intervals.

(3) A picture badge identification system shall be used for all individuals who are authorized access to protected areas without escort.

(4) Access to vital areas and material access areas shall be limited to individuals who are authorized access to vital equipment or special nuclear material and who require such access to perform their duties. Authorization for such individuals shall be provided by the issuance of specially coded numbered badges indicating vital areas and material access areas to which access is authorized. Unoccupied vital areas and material access areas shall be protected by an active intrusion alarm system.

(5) Individuals not employed by the licensee must be escorted by a watchman, or other individual designated by the licensee, while in a protected area and must be badged to indicate that an escort is required. In addition, the licensee shall require that each individual not employed by the licensee register his or her name, date, time, purpose of visit, employment affiliation, citizenship, name and badge number of the escort, and name of the individual to be visited. The licensee shall retain the register of information for three years after the last entry is made in the register. Except for a driver of a delivery or service vehicle, an individual not employed by the licensee who requires frequent and extended access to a protected area or a vital area need not be escorted if the individual is provided with a picture badge, which the individual must receive upon entrance into the protected area and return each time he or she leaves the protected area, that indicates—

(i) Nonemployee-no escort required,

(ii) Areas to which access is authorized, and

(iii) The period for which access has been authorized.

(6) No vehicles used primarily for the conveyance of individuals shall be permitted within a protected area except under emergency conditions.

(7) Keys, locks, combinations, and related equipment shall be controlled to minimize the possibility of compromise and promptly changed whenever there is evidence that they have been compromised. Upon termination of employment of any employee, keys, locks, combinations, and related equipment to which that employee had access shall be changed.

(d) Detection aids. (1) All alarms required pursuant to this part shall annunciate in a continuously manned central alarm station located within the protected area and in at least one other continuously manned station, not necessarily within the protected area, such that a single act cannot remove the capability of calling for assistance or otherwise responding to an alarm. All alarms shall be self-checking and tamper indicating. The annunciation of an alarm at the onsite central alarm station shall indicate the type of alarm (e.g., intrusion alarm, emergency exit alarm, etc.) and location. All intrusion alarms, emergency exit alarms, alarm systems, and line supervisory systems shall at minimum meet the performance and reliability levels indicated by GSA Interim Federal Specification W-A-00450 B (GSA-FSS). The GSA Interim Federal Specification has been approved for incorporation by reference by the Director of the Federal Register. A copy of the material is available for inspection at the NRC Library, 11545 Rockville Pike, Rockville, Maryland 20852-2738.

(2) All emergency exits in each protected area and each vital area shall be alarmed.

(e) Communication requirements. (1) Each guard or watchman on duty shall be capable of maintaining continuous communication with an individual in a continuously manned central alarm station within the protected area, who shall be capable of calling for assistance from other guards and watchmen and from local law enforcement authorities.

(2) The alarm stations required by paragraph (d)(1) of this section shall have conventional telephone service for communication with the law enforcement authorities as described in paragraph (e)(1) of this section.

(3) To provide the capability of continuous communication, two-way radio voice communication shall be established in addition to conventional telephone service between local law enforcement authorities and the facility and shall terminate at the facility in a continuously manned central alarm station within the protected area.

(4) All communications equipment, including offsite equipment, shall remain operable from independent power sources in the event of loss of primary power.

(f) Testing and maintenance. Each licensee shall test and maintain intrusion alarms, emergency alarms, communications equipment, physical barriers, and other security related devices or equipment utilized pursuant to this section as follows:

(1) All alarms, communications equipment, physical barriers, and other security related devices or equipment shall be maintained in operable and effective condition.

(2) Each intrusion alarm shall be functionally tested for operability and required performance at the beginning and end of each interval during which it is used for security, but not less frequently than once every seven (7) days.

(3) Communications equipment shall be tested for operability and performance not less frequently than once at the beginning of each security personnel work shift.

(g) Response requirement. (1) The licensee shall establish, maintain, and follow an NRC-approved safeguards contingency plan for responding to threats, thefts, and radiological sabotage related to the special nuclear material and nuclear facilities subject to the provisions of this section. Safeguards contingency plans must be in accordance with the criteria in appendix C to this part, “Licensee Safeguards Contingency Plans.” The licensee shall retain the current safeguards contingency plan as a record until the Commission terminates the license and, if any portion of the plan is superseded, retain the superseded portion for 3 years after the effective date of the change.

(2) The licensee shall establish and document liaison with law enforcement authorities. The licensee shall retain the documentation of the current liaison as a record until the Commission terminates each license for which the liaison was developed and, if any portion of the liaison documentation is superseded, retain the superseded material for three years after each change.

(3) Upon detection of abnormal presence or activity of persons or vehicles within an isolation zone, a protected area, a material access area, or a vital area; or upon evidence or indication of intrusion into a protected area, material access area, or vital area, the licensee security organization shall:

(i) Determine whether or not a threat exists,

(ii) Assess the extent of the threat, if any, and

(iii) Take immediate concurrent measures to neutralize the threat, by:

(A) Requiring responding guards to interpose themselves between material access areas and vital areas and any adversary attempting entry for the purpose of theft of special nuclear material or radiological sabotage and to intercept any person exiting with special nuclear material, and,

(B) Informing local law enforcement agencies of the threat and requesting assistance.

(4) The licensee shall instruct every guard to prevent or impede attempted acts of theft or radiological sabotage by using force sufficient to counter the force directed at him including deadly force when the guard has a reasonable belief it is necessary in self-defense or in the defense of others.

(h) Each licensee shall establish, maintain, and follow an NRC-approved training and qualifications plan outlining the processes by which guards, watchmen, armed response persons, and other members of the security organization will be selected, trained, equipped, tested, and qualified to ensure that these individuals meet the requirements of paragraph (a)(4) of this section.

(Sec. 161i, Pub. L. 83-703, 68 Stat. 948, Pub. L. 93-377, 88 Stat. 475; secs. 201, 204(b)(1), Pub. L. 93-438, 88 Stat. 1242-1243, 1245, Pub. L. 94-79, 89 Stat. 413 (42 U.S.C. 2201, 5841, 5844))

[38 FR 35430, Dec. 28, 1973, as amended at 42 FR 64103, Dec. 22, 1977; 43 FR 11965, Mar. 23, 1978; 43 FR 37426, Aug. 23, 1978; 44 FR 68198, Nov. 28, 1979; 53 FR 19259, May 27, 1988; 57 FR 33430, July 29, 1992; 57 FR 61787, Dec. 29, 1992; 59 FR 50689, Oct. 5, 1994; 63 FR 26962, May 15, 1998; 72 FR 49561, Aug. 28, 2007]

§73.51   Requirements for the physical protection of stored spent nuclear fuel and high-level radioactive waste.

(a) Applicability. Notwithstanding the provisions of §§73.20, 73.50, or 73.67, the physical protection requirements of this section apply to each licensee that stores spent nuclear fuel and high-level radioactive waste pursuant to paragraphs (a)(1)(i), (ii), and (2) of this section. This includes—

(1) Spent nuclear fuel and high-level radioactive waste stored under a specific license issued pursuant to part 72 of this chapter:

(i) At an independent spent fuel storage installation (ISFSI) or

(ii) At a monitored retrievable storage (MRS) installation; or

(2) Spent nuclear fuel and high-level radioactive waste at a geologic repository operations area (GROA) licensed pursuant to part 60 or 63 of this chapter;

(b) General performance objectives. (1) Each licensee subject to this section shall establish and maintain a physical protection system with the objective of providing high assurance that activities involving spent nuclear fuel and high-level radioactive waste do not constitute an unreasonable risk to public health and safety.

(2) To meet the general objective of paragraph (b)(1) of this section, each licensee subject to this section shall meet the following performance capabilities.

(i) Store spent nuclear fuel and high-level radioactive waste only within a protected area;

(ii) Grant access to the protected area only to individuals who are authorized to enter the protected area;

(iii) Detect and assess unauthorized penetration of, or activities within, the protected area;

(iv) Provide timely communication to a designated response force whenever necessary; and

(v) Manage the physical protection organization in a manner that maintains its effectiveness.

(3) The physical protection system must be designed to protect against loss of control of the facility that could be sufficient to cause a radiation exposure exceeding the dose as described in §72.106 of this chapter.

(c) Plan retention. Each licensee subject to this section shall retain a copy of the effective physical protection plan as a record for 3 years or until termination of the license for which procedures were developed.

(d) Physical protection systems, components, and procedures. A licensee shall comply with the following provisions as methods acceptable to NRC for meeting the performance capabilities of §73.51(b)(2). The Commission may, on a specific basis and upon request or on its own initiative, authorize other alternative measures for the protection of spent fuel and high-level radioactive waste subject to the requirements of this section, if after evaluation of the specific alternative measures, it finds reasonable assurance of compliance with the performance capabilities of paragraph (b)(2) of this section.

(1) Spent nuclear fuel and high-level radioactive waste must be stored only within a protected area so that access to this material requires passage through or penetration of two physical barriers, one barrier at the perimeter of the protected area and one barrier offering substantial penetration resistance. The physical barrier at the perimeter of the protected area must be as defined in §73.2. Isolation zones, typically 20 feet wide each, on both sides of this barrier, must be provided to facilitate assessment. The barrier offering substantial resistance to penetration may be provided by an approved storage cask or building walls such as those of a reactor or fuel storage building.

(2) Illumination must be sufficient to permit adequate assessment of unauthorized penetrations of or activities within the protected area.

(3) The perimeter of the protected area must be subject to continual surveillance and be protected by an active intrusion alarm system which is capable of detecting penetrations through the isolation zone and that is monitored in a continually staffed primary alarm station and in one additional continually staffed location. The primary alarm station must be located within the protected area; have bullet-resisting walls, doors, ceiling, and floor; and the interior of the station must not be visible from outside the protected area. A timely means for assessment of alarms must also be provided. Regarding alarm monitoring, the redundant location need only provide a summary indication that an alarm has been generated.

(4) The protected area must be monitored by daily random patrols.

(5) A security organization with written procedures must be established. The security organization must include sufficient personnel per shift to provide for monitoring of detection systems and the conduct of surveillance, assessment, access control, and communications to assure adequate response. Members of the security organization must be trained, equipped, qualified, and requalified to perform assigned job duties in accordance with appendix B to part 73, sections I.A, (1) (a) and (b), B(1)(a), and the applicable portions of II.

(6) Documented liaison with a designated response force or local law enforcement agency (LLEA) must be established to permit timely response to unauthorized penetration or activities.

(7) A personnel identification system and a controlled lock system must be established and maintained to limit access to authorized individuals.

(8) Redundant communications capability must be provided between onsite security force members and designated response force or LLEA.

(9) All individuals, vehicles, and hand-carried packages entering the protected area must be checked for proper authorization and visually searched for explosives before entry.

(10) Written response procedures must be established and maintained for addressing unauthorized penetration of, or activities within, the protected area including Category 5, “Procedures,” of appendix C to part 73. The licensee shall retain a copy of response procedures as a record for 3 years or until termination of the license for which the procedures were developed. Copies of superseded material must be retained for 3 years after each change or until termination of the license.

(11) All detection systems and supporting subsystems must be tamper indicating with line supervision. These systems, as well as surveillance/assessment and illumination systems, must be maintained in operable condition. Timely compensatory measures must be taken after discovery of inoperability, to assure that the effectiveness of the of the security system is not reduced.

(12) The physical protection program must be reviewed once every 24 months by individuals independent of both physical protection program management and personnel who have direct responsibility for implementation of the physical protection program. The physical protection program review must include an evaluation of the effectiveness of the physical protection system and a verification of the liaison established with the designated response force or LLEA.

(13) The following documentation must be retained as a record for 3 years after the record is made or until termination of the license. Duplicate records to those required under §72.180 of part 72 and §73.71 of this part need not be retained under the requirements of this section:

(i) A log of individuals granted access to the protected area;

(ii) Screening records of members of the security organization;

(iii) A log of all patrols;

(iv) A record of each alarm received, identifying the type of alarm, location, date and time when received, and disposition of the alarm; and

(v) The physical protection program review reports.

(e) A licensee that operates a GROA is exempt from the requirements of this section for that GROA after permanent closure of the GROA.

[63 FR 26962, May 15, 1998, as amended at 63 FR 49414, Sept. 16, 1998; 66 FR 55816, Nov. 2, 2001]

§73.54   Protection of digital computer and communication systems and networks.

By November 23, 2009 each licensee currently licensed to operate a nuclear power plant under part 50 of this chapter shall submit, as specified in §50.4 and §50.90 of this chapter, a cyber security plan that satisfies the requirements of this section for Commission review and approval. Each submittal must include a proposed implementation schedule. Implementation of the licensee's cyber security program must be consistent with the approved schedule. Current applicants for an operating license or combined license who have submitted their applications to the Commission prior to the effective date of this rule must amend their applications to include a cyber security plan consistent with this section.

(a) Each licensee subject to the requirements of this section shall provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat as described in §73.1.

(1) The licensee shall protect digital computer and communication systems and networks associated with:

(i) Safety-related and important-to-safety functions;

(ii) Security functions;

(iii) Emergency preparedness functions, including offsite communications; and

(iv) Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions.

(2) The licensee shall protect the systems and networks identified in paragraph (a)(1) of this section from cyber attacks that would:

(i) Adversely impact the integrity or confidentiality of data and/or software;

(ii) Deny access to systems, services, and/or data; and

(iii) Adversely impact the operation of systems, networks, and associated equipment.

(b) To accomplish this, the licensee shall:

(1) Analyze digital computer and communication systems and networks and identify those assets that must be protected against cyber attacks to satisfy paragraph (a) of this section,

(2) Establish, implement, and maintain a cyber security program for the protection of the assets identified in paragraph (b)(1) of this section; and

(3) Incorporate the cyber security program as a component of the physical protection program.

(c) The cyber security program must be designed to:

(1) Implement security controls to protect the assets identified by paragraph (b)(1) of this section from cyber attacks;

(2) Apply and maintain defense-in-depth protective strategies to ensure the capability to detect, respond to, and recover from cyber attacks;

(3) Mitigate the adverse affects of cyber attacks; and

(4) Ensure that the functions of protected assets identified by paragraph (b)(1) of this section are not adversely impacted due to cyber attacks.

(d) As part of the cyber security program, the licensee shall:

(1) Ensure that appropriate facility personnel, including contractors, are aware of cyber security requirements and receive the training necessary to perform their assigned duties and responsibilities.

(2) Evaluate and manage cyber risks.

(3) Ensure that modifications to assets, identified by paragraph (b)(1) of this section, are evaluated before implementation to ensure that the cyber security performance objectives identified in paragraph (a)(1) of this section are maintained.

(4) Conduct cyber security event notifications in accordance with the provisions of §73.77.

(e) The licensee shall establish, implement, and maintain a cyber security plan that implements the cyber security program requirements of this section.

(1) The cyber security plan must describe how the requirements of this section will be implemented and must account for the site-specific conditions that affect implementation.

(2) The cyber security plan must include measures for incident response and recovery for cyber attacks. The cyber security plan must describe how the licensee will:

(i) Maintain the capability for timely detection and response to cyber attacks;

(ii) Mitigate the consequences of cyber attacks;

(iii) Correct exploited vulnerabilities; and

(iv) Restore affected systems, networks, and/or equipment affected by cyber attacks.

(f) The licensee shall develop and maintain written policies and implementing procedures to implement the cyber security plan. Policies, implementing procedures, site-specific analysis, and other supporting technical information used by the licensee need not be submitted for Commission review and approval as part of the cyber security plan but are subject to inspection by NRC staff on a periodic basis.

(g) The licensee shall review the cyber security program as a component of the physical security program in accordance with the requirements of §73.55(m), including the periodicity requirements.

(h) The licensee shall retain all records and supporting technical documentation required to satisfy the requirements of this section as a record until the Commission terminates the license for which the records were developed, and shall maintain superseded portions of these records for at least three (3) years after the record is superseded, unless otherwise specified by the Commission.

[74 FR 13970, Mar. 27, 2009, as amended at 80 FR 67275, Nov. 2, 2015]

§73.55   Requirements for physical protection of licensed activities in nuclear power reactors against radiological sabotage.

(a) Introduction. (1) By March 31, 2010, each nuclear power reactor licensee, licensed under 10 CFR part 50, shall implement the requirements of this section through its Commission-approved Physical Security Plan, Training and Qualification Plan, Safeguards Contingency Plan, and Cyber Security Plan referred to collectively hereafter as “security plans.” Current applicants for an operating license under 10 CFR part 50, or combined license under 10 CFR part 52 who have submitted their applications to the Commission prior to the effective date of this rule must amend their applications to include security plans consistent with this section.

(2) The security plans must identify, describe, and account for site-specific conditions that affect the licensee's capability to satisfy the requirements of this section.

(3) The licensee is responsible for maintaining the onsite physical protection program in accordance with Commission regulations through the implementation of security plans and written security implementing procedures.

(4) Applicants for an operating license under the provisions of part 50 of this chapter or holders of a combined license under the provisions of part 52 of this chapter, shall implement the requirements of this section before fuel is allowed onsite (protected area).

(5) The Tennessee Valley Authority Watts Bar Nuclear Plant, Unit 2, holding a current construction permit under the provisions of part 50 of this chapter, shall meet the revised requirements in paragraphs (a) through (r) of this section as applicable to operating nuclear power reactor facilities.

(6) Applicants for an operating license under the provisions of part 50 of this chapter, or holders of a combined license under the provisions of part 52 of this chapter that do not reference a standard design certification or reference a standard design certification issued after May 26, 2009 shall meet the requirement of §73.55(i)(4)(iii).

(b) General performance objective and requirements. (1) The licensee shall establish and maintain a physical protection program, to include a security organization, which will have as its objective to provide high assurance that activities involving special nuclear material are not inimical to the common defense and security and do not constitute an unreasonable risk to the public health and safety.

(2) To satisfy the general performance objective of paragraph (b)(1) of this section, the physical protection program must protect against the design basis threat of radiological sabotage as stated in §73.1.

(3) The physical protection program must be designed to prevent significant core damage and spent fuel sabotage. Specifically, the program must:

(i) Ensure that the capabilities to detect, assess, interdict, and neutralize threats up to and including the design basis threat of radiological sabotage as stated in §73.1, are maintained at all times.

(ii) Provide defense-in-depth through the integration of systems, technologies, programs, equipment, supporting processes, and implementing procedures as needed to ensure the effectiveness of the physical protection program.

(4) The licensee shall analyze and identify site-specific conditions, including target sets, that may affect the specific measures needed to implement the requirements of this section and shall account for these conditions in the design of the physical protection program.

(5) Upon the request of an authorized representative of the Commission, the licensee shall demonstrate the ability to meet Commission requirements through the implementation of the physical protection program, including the ability of armed and unarmed personnel to perform assigned duties and responsibilities required by the security plans and licensee procedures.

(6) The licensee shall establish, maintain, and implement a performance evaluation program in accordance with appendix B to this part, to demonstrate and assess the effectiveness of armed responders and armed security officers to implement the licensee's protective strategy.

(7) The licensee shall establish, maintain, and implement an access authorization program in accordance with §73.56 and shall describe the program in the Physical Security Plan.

(8) The licensee shall establish, maintain, and implement a cyber security program in accordance with §73.54.

(9) The licensee shall establish, maintain, and implement an insider mitigation program and shall describe the program in the Physical Security Plan.

(i) The insider mitigation program must monitor the initial and continuing trustworthiness and reliability of individuals granted or retaining unescorted access authorization to a protected or vital area, and implement defense-in-depth methodologies to minimize the potential for an insider to adversely affect, either directly or indirectly, the licensee's capability to prevent significant core damage and spent fuel sabotage.

(ii) The insider mitigation program must contain elements from:

(A) The access authorization program described in §73.56;

(B) The fitness-for-duty program described in part 26 of this chapter;

(C) The cyber security program described in §73.54; and

(D) The physical protection program described in this section.

(10) The licensee shall use the site corrective action program to track, trend, correct and prevent recurrence of failures and deficiencies in the physical protection program.

(11) Implementation of security plans and associated procedures must be coordinated with other onsite plans and procedures to preclude conflict during both normal and emergency conditions.

(c) Security plans. (1) Licensee security plans must describe:

(i) How the licensee will implement requirements of this section through the establishment and maintenance of a security organization, the use of security equipment and technology, the training and qualification of security personnel, the implementation of predetermined response plans and strategies, and the protection of digital computer and communication systems and networks.

(ii) Site-specific conditions that affect how the licensee implements Commission requirements.

(2) Protection of security plans. The licensee shall protect the security plans and other security-related information against unauthorized disclosure in accordance with the requirements of §73.21.

(3) Physical Security Plan. The licensee shall establish, maintain, and implement a Physical Security Plan which describes how the performance objective and requirements set forth in this section will be implemented.

(4) Training and Qualification Plan. The licensee shall establish, maintain, and implement, and follow a Training and Qualification Plan that describes how the criteria set forth in appendix B, section VI, to this part, “Nuclear Power Reactor Training and Qualification Plan for Personnel Performing Security Program Duties,” will be implemented.

(5) Safeguards Contingency Plan. The licensee shall establish, maintain, and implement a Safeguards Contingency Plan that describes how the criteria set forth in appendix C, section II, to this part, “Nuclear Power Plant Safeguards Contingency Plans,” will be implemented.

(6) Cyber Security Plan. The licensee shall establish, maintain, and implement a Cyber Security Plan that describes how the criteria set forth in §73.54 “Protection of Digital Computer and Communication systems and Networks” of this part will be implemented.

(7) Security implementing procedures. (i) The licensee shall have a management system to provide for the development, implementation, revision, and oversight of security procedures that implement Commission requirements and the security plans.

(ii) Implementing procedures must document the structure of the security organization and detail the types of duties, responsibilities, actions, and decisions to be performed or made by each position of the security organization.

(iii) The licensee shall:

(A) Provide a process for the written approval of implementing procedures and revisions by the individual with overall responsibility for the security program.

(B) Ensure that revisions to security implementing procedures satisfy the requirements of this section.

(iv) Implementing procedures need not be submitted to the Commission for approval, but are subject to inspection by the Commission.

(d) Security organization. (1) The licensee shall establish and maintain a security organization that is designed, staffed, trained, qualified, and equipped to implement the physical protection program in accordance with the requirements of this section.

(2) The security organization must include:

(i) A management system that provides oversight of the onsite physical protection program.

(ii) At least one member, onsite and available at all times, who has the authority to direct the activities of the security organization and who is assigned no other duties that would interfere with this individual's ability to perform these duties in accordance with the security plans and the licensee protective strategy.

(3) The licensee may not permit any individual to implement any part of the physical protection program unless the individual has been trained, equipped, and qualified to perform their assigned duties and responsibilities in accordance with appendix B, section VI, to this part and the Training and Qualification Plan. Non-security personnel may be assigned duties and responsibilities required to implement the physical protection program and shall:

(i) Be trained through established licensee training programs to ensure each individual is trained, qualified, and periodically re-qualified to perform assigned duties.

(ii) Be properly equipped to perform assigned duties.

(iii) Possess the knowledge, skills, and abilities, to include physical attributes such as sight and hearing, required to perform their assigned duties and responsibilities.

(e) Physical barriers. Each licensee shall identify and analyze site-specific conditions to determine the specific use, type, function, and placement of physical barriers needed to satisfy the physical protection program design requirements of §73.55(b).

(1) The licensee shall:

(i) Design, construct, install and maintain physical barriers as necessary to control access into facility areas for which access must be controlled or denied to satisfy the physical protection program design requirements of paragraph (b) of this section.

(ii) Describe in the physical security plan, physical barriers, barrier systems, and their functions within the physical protection program.

(2) The licensee shall retain, in accordance with §73.70, all analyses and descriptions of the physical barriers and barrier systems used to satisfy the requirements of this section, and shall protect these records in accordance with the requirements of §73.21.

(3) Physical barriers must:

(i) Be designed and constructed to:

(A) Protect against the design basis threat of radiological sabotage;

(B) Account for site-specific conditions; and

(C) Perform their required function in support of the licensee physical protection program.

(ii) Provide deterrence, delay, or support access control.

(iii) Support effective implementation of the licensee's protective strategy.

(4) Consistent with the stated function to be performed, openings in any barrier or barrier system established to meet the requirements of this section must be secured and monitored to prevent exploitation of the opening.

(5) Bullet resisting physical barriers. The reactor control room, the central alarm station, and the location within which the last access control function for access to the protected area is performed, must be bullet-resisting.

(6) Owner controlled area. The licensee shall establish and maintain physical barriers in the owner controlled area as needed to satisfy the physical protection program design requirements of §73.55(b).

(7) Isolation zone. (i) An isolation zone must be maintained in outdoor areas adjacent to the protected area perimeter barrier. The isolation zone shall be:

(A) Designed and of sufficient size to permit observation and assessment of activities on either side of the protected area barrier;

(B) Monitored with intrusion detection equipment designed to satisfy the requirements of §73.55(i) and be capable of detecting both attempted and actual penetration of the protected area perimeter barrier before completed penetration of the protected area perimeter barrier; and

(C) Monitored with assessment equipment designed to satisfy the requirements of §73.55(i) and provide real-time and play-back/recorded video images of the detected activities before and after each alarm annunciation.

(ii) Obstructions that could prevent the licensee's capability to meet the observation and assessment requirements of this section must be located outside of the isolation zone.

(8) Protected area. (i) The protected area perimeter must be protected by physical barriers that are designed and constructed to:

(A) Limit access into the protected area to only those personnel, vehicles, and materials required to perform official duties;

(B) Channel personnel, vehicles, and materials to designated access control portals; and

(C) Be separated from any other barrier designated as a vital area physical barrier, unless otherwise identified in the Physical Security Plan.

(ii) Penetrations through the protected area barrier must be secured and monitored in a manner that prevents or delays, and detects the exploitation of any penetration.

(iii) All emergency exits in the protected area must be alarmed and secured by locking devices that allow prompt egress during an emergency and satisfy the requirements of this section for access control into the protected area.

(iv) Where building walls or roofs comprise a portion of the protected area perimeter barrier, an isolation zone is not necessary provided that the detection and, assessment requirements of this section are met, appropriate barriers are installed, and the area is described in the security plans.

(v) All exterior areas within the protected area, except for areas that must be excluded for safety reasons, must be periodically checked to detect and deter unauthorized personnel, vehicles, and materials.

(9) Vital areas. (i) Vital equipment must be located only within vital areas, which must be located within a protected area so that access to vital equipment requires passage through at least two physical barriers, except as otherwise approved by the Commission and identified in the security plans.

(ii) The licensee shall protect all vital area access portals and vital area emergency exits with intrusion detection equipment and locking devices that allow rapid egress during an emergency and satisfy the vital area entry control requirements of this section.

(iii) Unoccupied vital areas must be locked and alarmed.

(iv) More than one vital area may be located within a single protected area.

(v) At a minimum, the following shall be considered vital areas:

(A) The reactor control room;

(B) The spent fuel pool;

(C) The central alarm station; and

(D) The secondary alarm station in accordance with §73.55(i)(4)(iii).

(vi) At a minimum, the following shall be located within a vital area:

(A) The secondary power supply systems for alarm annunciation equipment; and

(B) The secondary power supply systems for non-portable communications equipment.

(10) Vehicle control measures. Consistent with the physical protection program design requirements of §73.55(b), and in accordance with the site-specific analysis, the licensee shall establish and maintain vehicle control measures, as necessary, to protect against the design basis threat of radiological sabotage vehicle bomb assault.

(i) Land vehicles. Licensees shall:

(A) Design, construct, install, and maintain a vehicle barrier system, to include passive and active barriers, at a stand-off distance adequate to protect personnel, equipment, and systems necessary to prevent significant core damage and spent fuel sabotage against the effects of the design basis threat of radiological sabotage land vehicle bomb assault.

(B) Periodically check the operation of active vehicle barriers and provide a secondary power source, or a means of mechanical or manual operation in the event of a power failure, to ensure that the active barrier can be placed in the denial position to prevent unauthorized vehicle access beyond the required standoff distance.

(C) Provide periodic surveillance and observation of vehicle barriers and barrier systems adequate to detect indications of tampering and degradation or to otherwise ensure that each vehicle barrier and barrier system is able to satisfy the intended function.

(D) Where a site has rail access to the protected area, install a train derailer, remove a section of track, or restrict access to railroad sidings and provide periodic surveillance of these measures.

(ii) Waterborne vehicles. Licensees shall:

(A) Identify areas from which a waterborne vehicle must be restricted, and where possible, in coordination with local, State, and Federal agencies having jurisdiction over waterway approaches, deploy buoys, markers, or other equipment.

(B) In accordance with the site-specific analysis, provide periodic surveillance and observation of waterway approaches and adjacent areas.

(f) Target sets. (1) The licensee shall document and maintain the process used to develop and identify target sets, to include the site-specific analyses and methodologies used to determine and group the target set equipment or elements.

(2) The licensee shall consider cyber attacks in the development and identification of target sets.

(3) Target set equipment or elements that are not contained within a protected or vital area must be identified and documented consistent with the requirements in §73.55(f)(1) and be accounted for in the licensee's protective strategy.

(4) The licensee shall implement a process for the oversight of target set equipment and systems to ensure that changes to the configuration of the identified equipment and systems are considered in the licensee's protective strategy. Where appropriate, changes must be made to documented target sets.

(g) Access controls. (1) Consistent with the function of each barrier or barrier system, the licensee shall control personnel, vehicle, and material access, as applicable, at each access control point in accordance with the physical protection program design requirements of §73.55(b).

(i) To accomplish this, the licensee shall:

(A) Locate access control portals outside of, or concurrent with, the physical barrier system through which it controls access.

(B) Equip access control portals with locking devices, intrusion detection equipment, and surveillance equipment consistent with the intended function.

(C) Provide supervision and control over the badging process to prevent unauthorized bypass of access control equipment located at or outside of the protected area.

(D) Limit unescorted access to the protected area and vital areas, during non-emergency conditions, to only those individuals who require unescorted access to perform assigned duties and responsibilities.

(E) Assign an individual the responsibility for the last access control function (controlling admission to the protected area) and isolate the individual within a bullet-resisting structure to assure the ability of the individual to respond or summon assistance.

(ii) Where vehicle barriers are established, the licensee shall:

(A) Physically control vehicle barrier portals to ensure only authorized vehicles are granted access through the barrier.

(B) Search vehicles and materials for contraband or other items which could be used to commit radiological sabotage in accordance with paragraph (h) of this section.

(C) Observe search functions to ensure a response can be initiated if needed.

(2) Before granting access into the protected area, the licensee shall:

(i) Confirm the identity of individuals.

(ii) Verify the authorization for access of individuals, vehicles, and materials.

(iii) Confirm, in accordance with industry shared lists and databases that individuals are not currently denied access to another licensed facility.

(iv) Search individuals, vehicles, and materials in accordance with paragraph (h) of this section.

(3) Vehicles in the protected area. (i) The licensee shall exercise control over all vehicles inside the protected area to ensure that they are used only by authorized persons and for authorized purposes.

(ii) Vehicles inside the protected area must be operated by an individual authorized unescorted access to the area, or must be escorted by an individual as required by paragraph (g)(8) of this section.

(iii) Vehicle use inside the protected area must be limited to plant functions or emergencies, and keys must be removed or the vehicle otherwise disabled when not in use.

(iv) Vehicles transporting hazardous materials inside the protected area must be escorted by an armed member of the security organization.

(4) Vital areas. (i) Licensees shall control access into vital areas consistent with access authorization lists.

(ii) In response to a site-specific credible threat or other credible information, implement a two-person (line-of-sight) rule for all personnel in vital areas so that no one individual is permitted access to a vital area.

(5) Emergency conditions. (i) The licensee shall design the access control system to accommodate the potential need for rapid ingress or egress of authorized individuals during emergency conditions or situations that could lead to emergency conditions.

(ii) To satisfy the design criteria of paragraph (g)(5)(i) of this section during emergency conditions, the licensee shall implement security procedures to ensure that authorized emergency personnel are provided prompt access to affected areas and equipment.

(6) Access control devices. (i) The licensee shall control all keys, locks, combinations, passwords and related access control devices used to control access to protected areas, vital areas and security systems to reduce the probability of compromise. To accomplish this, the licensee shall:

(A) Issue access control devices only to individuals who have unescorted access authorization and require access to perform official duties and responsibilities.

(B) Maintain a record, to include name and affiliation, of all individuals to whom access control devices have been issued, and implement a process to account for access control devices at least annually.

(C) Implement compensatory measures upon discovery or suspicion that any access control device may have been compromised. Compensatory measures must remain in effect until the compromise is corrected.

(D) Retrieve, change, rotate, deactivate, or otherwise disable access control devices that have been or may have been compromised or when a person with access to control devices has been terminated under less than favorable conditions.

(ii) The licensee shall implement a numbered photo identification badge system for all individuals authorized unescorted access to the protected area and vital areas.

(A) Identification badges may be removed from the protected area only when measures are in place to confirm the true identity and authorization for unescorted access of the badge holder before allowing unescorted access to the protected area.

(B) Except where operational safety concerns require otherwise, identification badges must be clearly displayed by all individuals while inside the protected area and vital areas.

(C) The licensee shall maintain a record, to include the name and areas to which unescorted access is granted, of all individuals to whom photo identification badges have been issued.

(iii) Access authorization program personnel shall be issued passwords and combinations to perform their assigned duties and may be excepted from the requirement of paragraph (g)(6)(i)(A) of this section provided they meet the background requirements of §73.56.

(7) Visitors. (i) The licensee may permit escorted access to protected and vital areas to individuals who have not been granted unescorted access in accordance with the requirements of §73.56 and part 26 of this chapter. The licensee shall:

(A) Implement procedures for processing, escorting, and controlling visitors.

(B) Confirm the identity of each visitor through physical presentation of a recognized identification card issued by a local, State, or Federal government agency that includes a photo or contains physical characteristics of the individual requesting escorted access.

(C) Maintain a visitor control register in which all visitors shall register their name, date, time, purpose of visit, employment affiliation, citizenship, and name of the individual to be visited before being escorted into any protected or vital area.

(D) Issue a visitor badge to all visitors that clearly indicates an escort is required.

(E) Escort all visitors, at all times, while inside the protected area and vital areas.

(F) Deny escorted access to any individual who is currently denied access in industry shared data bases.

(ii) Individuals not employed by the licensee but who require frequent or extended unescorted access to the protected area and/or vital areas to perform duties and responsibilities required by the licensee at irregular or intermittent intervals, shall satisfy the access authorization requirements of §73.56 and part 26 of this chapter, and shall be issued a non-employee photo identification badge that is easily distinguished from other identification badges before being allowed unescorted access to the protected and vital areas. Non-employee photo identification badges must visually reflect that the individual is a non-employee and that no escort is required.

(8) Escorts. The licensee shall ensure that all escorts are trained to perform escort duties in accordance with the requirements of this section and site training requirements.

(i) Escorts shall be authorized unescorted access to all areas in which they will perform escort duties.

(ii) Individuals assigned to visitor escort duties shall be provided a means of timely communication with security personnel to summon assistance when needed.

(iii) Individuals assigned to vehicle escort duties shall be trained and qualified in accordance with appendix B, section VI, of this part and provided a means of continuous communication with security personnel to ensure the ability to summon assistance when needed.

(iv) When visitors are performing work, escorts shall be generally knowledgeable of the activities to be performed by the visitor and report behaviors or activities that may constitute an unreasonable risk to the health and safety of the public and common defense and security, including a potential threat to commit radiological sabotage, consistent with §73.56(f)(1).

(v) Each licensee shall describe visitor to escort ratios for the protected area and vital areas in physical security plans. Implementing procedures shall provide necessary observation and control requirements for all visitor activities.

(h) Search programs. (1) The objective of the search program is to detect, deter, and prevent the introduction of firearms, explosives, incendiary devices, or other items which could be used to commit radiological sabotage. To accomplish this the licensee shall search individuals, vehicles, and materials consistent with the physical protection program design requirements in paragraph (b) of this section, and the function to be performed at each access control point or portal before granting access.

(2) Owner controlled area searches. (i) Where the licensee has established physical barriers in the owner controlled area, the licensee shall implement search procedures for access control points in the barrier.

(ii) For each vehicle access control point, the licensee shall describe in implementing procedures areas of a vehicle to be searched, and the items for which the search is intended to detect and prevent access. Areas of the vehicle to be searched must include, but are not limited to, the cab, engine compartment, undercarriage, and cargo area.

(iii) Vehicle searches must be performed by at least two (2) trained and equipped security personnel, one of which must be armed. The armed individual shall be positioned to observe the search process and provide immediate response.

(iv) Vehicle searches must be accomplished through the use of equipment capable of detecting firearms, explosives, incendiary devices, or other items which could be used to commit radiological sabotage, or through visual and physical searches, or both, to ensure that all items are identified before granting access.

(v) Vehicle access control points must be equipped with video surveillance equipment that is monitored by an individual capable of initiating a response.

(3) Protected area searches. Licensees shall search all personnel, vehicles and materials requesting access to protected areas.

(i) The search for firearms, explosives, incendiary devices, or other items which could be used to commit radiological sabotage shall be accomplished through the use of equipment capable of detecting these items, or through visual and physical searches, or both, to ensure that all items are clearly identified before granting access to protected areas. The licensee shall subject all persons except official Federal, state, and local law enforcement personnel on official duty to these searches upon entry to the protected area. Armed security officers who are on duty and have exited the protected area may re-enter the protected area without being searched for firearms.

(ii) Whenever search equipment is out of service, is not operating satisfactorily, or cannot be used effectively to search individuals, vehicles, or materials, a visual and physical search shall be conducted.

(iii) When an attempt to introduce firearms, explosives, incendiary devices, or other items which could be used to commit radiological sabotage has occurred or is suspected, the licensee shall implement actions to ensure that the suspect individuals, vehicles, and materials are denied access and shall perform a visual and physical search to determine the absence or existence of a threat.

(iv) For each vehicle access portal, the licensee shall describe in implementing procedures areas of a vehicle to be searched before access is granted. Areas of the vehicle to be searched must include, but are not limited to, the cab, engine compartment, undercarriage, and cargo area.

(v) Exceptions to the protected area search requirements for materials may be granted for safety or operational reasons provided the design criteria of §73.55(b) are satisfied, the materials are clearly identified, the types of exceptions to be granted are described in the security plans, and the specific security measures to be implemented for excepted items are detailed in site procedures.

(vi) To the extent practicable, excepted materials must be positively controlled, stored in a locked area, and opened at the final destination by an individual familiar with the items.

(vii) Bulk material excepted from the protected area search requirements must be escorted by an armed member of the security organization to its final destination or to a receiving area where the excepted items are offloaded and verified.

(viii) To the extent practicable, bulk materials excepted from search shall not be offloaded adjacent to a vital area.

(i) Detection and assessment systems. (1) The licensee shall establish and maintain intrusion detection and assessment systems that satisfy the design requirements of §73.55(b) and provide, at all times, the capability to detect and assess unauthorized persons and facilitate the effective implementation of the licensee's protective strategy.

(2) Intrusion detection equipment must annunciate and video assessment equipment shall display concurrently, in at least two continuously staffed onsite alarm stations, at least one of which must be protected in accordance with the requirements of the central alarm station within this section.

(3) The licensee's intrusion detection and assessment systems must be designed to:

(i) Provide visual and audible annunciation of the alarm.

(ii) Provide a visual display from which assessment of the detected activity can be made.

(iii) Ensure that annunciation of an alarm indicates the type and location of the alarm.

(iv) Ensure that alarm devices to include transmission lines to annunciators are tamper indicating and self-checking.

(v) Provide an automatic indication when the alarm system or a component of the alarm system fails, or when the system is operating on the backup power supply.

(vi) Support the initiation of a timely response in accordance with the security plans, licensee protective strategy, and associated implementing procedures.

(vii) Ensure intrusion detection and assessment equipment at the protected area perimeter remains operable from an uninterruptible power supply in the event of the loss of normal power.

(4) Alarm stations. (i) Both alarm stations required by paragraph (i)(2) of this section must be designed and equipped to ensure that a single act, in accordance with the design basis threat of radiological sabotage defined in §73.1(a)(1), cannot disable both alarm stations. The licensee shall ensure the survivability of at least one alarm station to maintain the ability to perform the following functions:

(A) Detect and assess alarms;

(B) Initiate and coordinate an adequate response to an alarm;

(C) Summon offsite assistance; and

(D) Provide command and control.

(ii) Licensees shall:

(A) Locate the central alarm station inside a protected area. The interior of the central alarm station must not be visible from the perimeter of the protected area.

(B) Continuously staff each alarm station with at least one trained and qualified alarm station operator. The alarm station operator must not be assigned other duties or responsibilities which would interfere with the ability to execute the functions described in §73.55(i)(4)(i) of this section.

(C) Not permit any activities to be performed within either alarm station that would interfere with an alarm station operator's ability to execute assigned duties and responsibilities.

(D) Assess and initiate response to all alarms in accordance with the security plans and implementing procedures.

(E) Assess and initiate response to other events as appropriate.

(F) Ensure that an alarm station operator cannot change the status of a detection point or deactivate a locking or access control device at a protected or vital area portal, without the knowledge and concurrence of the alarm station operator in the other alarm station.

(G) Ensure that operators in both alarm stations are knowledgeable of the final disposition of all alarms.

(H) Maintain a record of all alarm annunciations, the cause of each alarm, and the disposition of each alarm.

(iii) Applicants for an operating license under the provisions of part 50 of this chapter, or holders of a combined license under the provisions of part 52 of this chapter, shall construct, locate, protect, and equip both the central and secondary alarm stations to the standards for the central alarm station contained in this section. Both alarm stations shall be equal and redundant, such that all functions needed to satisfy the requirements of this section can be performed in both alarm stations.

(5) Surveillance, observation, and monitoring. (i) The physical protection program must include surveillance, observation, and monitoring as needed to satisfy the design requirements of §73.55(b), identify indications of tampering, or otherwise implement the site protective strategy.

(ii) The licensee shall provide continuous surveillance, observation, and monitoring of the owner controlled area as described in the security plans to detect and deter intruders and ensure the integrity of physical barriers or other components and functions of the onsite physical protection program. Continuous surveillance, observation, and monitoring responsibilities may be performed by security personnel during continuous patrols, through use of video technology, or by a combination of both.

(iii) Unattended openings that intersect a security boundary such as underground pathways must be protected by a physical barrier and monitored by intrusion detection equipment or observed by security personnel at a frequency sufficient to detect exploitation.

(iv) Armed security patrols shall periodically check external areas of the protected area to include physical barriers and vital area portals.

(v) Armed security patrols shall periodically inspect vital areas to include the physical barriers used at all vital area portals.

(vi) The licensee shall provide random patrols of all accessible areas containing target set equipment.

(vii) Security personnel shall be trained to recognize obvious indications of tampering consistent with their assigned duties and responsibilities.

(viii) Upon detection of tampering, or other threats, the licensee shall initiate response in accordance with the security plans and implementing procedures.

(6) Illumination. (i) The licensee shall ensure that all areas of the facility are provided with illumination necessary to satisfy the design requirements of §73.55(b) and implement the protective strategy.

(ii) The licensee shall provide a minimum illumination level of 0.2 foot-candles, measured horizontally at ground level, in the isolation zones and appropriate exterior areas within the protected area. Alternatively, the licensee may augment the facility illumination system by means of low-light technology to meet the requirements of this section or otherwise implement the protective strategy.

(iii) The licensee shall describe in the security plans how the lighting requirements of this section are met and, if used, the type(s) and application of low-light technology.

(j) Communication requirements. (1) The licensee shall establish and maintain continuous communication capability with onsite and offsite resources to ensure effective command and control during both normal and emergency situations.

(2) Individuals assigned to each alarm station shall be capable of calling for assistance in accordance with the security plans and the licensee's procedures.

(3) All on-duty security force personnel shall be capable of maintaining continuous communication with an individual in each alarm station, and vehicle escorts shall maintain continuous communication with security personnel. All personnel escorts shall maintain timely communication with the security personnel.

(4) The following continuous communication capabilities must terminate in both alarm stations required by this section:

(i) Radio or microwave transmitted two-way voice communication, either directly or through an intermediary, in addition to conventional telephone service between local law enforcement authorities and the site.

(ii) A system for communication with the control room.

(5) Non-portable communications equipment must remain operable from independent power sources in the event of the loss of normal power.

(6) The licensee shall identify site areas where communication could be interrupted or cannot be maintained, and shall establish alternative communication measures or otherwise account for these areas in implementing procedures.

(k) Response requirements. (1) The licensee shall establish and maintain, at all times, properly trained, qualified and equipped personnel required to interdict and neutralize threats up to and including the design basis threat of radiological sabotage as defined in §73.1, to prevent significant core damage and spent fuel sabotage.

(2) The licensee shall ensure that all firearms, ammunition, and equipment necessary to implement the site security plans and protective strategy are in sufficient supply, are in working condition, and are readily available for use.

(3) The licensee shall train each armed member of the security organization to prevent or impede attempted acts of radiological sabotage by using force sufficient to counter the force directed at that person, including the use of deadly force when the armed member of the security organization has a reasonable belief that the use of deadly force is necessary in self-defense or in the defense of others, or any other circumstances as authorized by applicable State or Federal law.

(4) The licensee shall provide armed response personnel consisting of armed responders which may be augmented with armed security officers to carry out armed response duties within predetermined time lines specified by the site protective strategy.

(5) Armed responders. (i) The licensee shall determine the minimum number of armed responders necessary to satisfy the design requirements of §73.55(b) and implement the protective strategy. The licensee shall document this number in the security plans.

(ii) The number of armed responders shall not be less than ten (10).

(iii) Armed responders shall be available at all times inside the protected area and may not be assigned other duties or responsibilities that could interfere with their assigned response duties.

(6) Armed security officers. (i) Armed security officers, designated to strengthen onsite response capabilities, shall be onsite and available at all times to carry out their assigned response duties.

(ii) The minimum number of armed security officers designated to strengthen onsite response capabilities must be documented in the security plans.

(7) The licensee shall have procedures to reconstitute the documented number of available armed response personnel required to implement the protective strategy.

(8) Protective strategy. The licensee shall establish, maintain, and implement a written protective strategy in accordance with the requirements of this section and part 73, appendix C, Section II. Upon receipt of an alarm or other indication of a threat, the licensee shall:

(i) Determine the existence and level of a threat in accordance with pre-established assessment methodologies and procedures.

(ii) Initiate response actions to interdict and neutralize threats in accordance with the requirements of part 73, appendix C, section II, the safeguards contingency plan, and the licensee's response strategy.

(iii) Notify law enforcement agencies (local, State, and Federal law enforcement agencies (LLEA)), in accordance with site procedures.

(9) Law enforcement liaison. To the extent practicable, licensees shall document and maintain current agreements with applicable law enforcement agencies to include estimated response times and capabilities.

(10) Heightened security. Licensees shall establish, maintain, and implement a threat warning system which identifies specific graduated protective measures and actions to be taken to increase licensee preparedness against a heightened security threat.

(i) Licensees shall ensure that the specific protective measures and actions identified for each threat level are consistent with the security plans and other emergency plans and procedures.

(ii) Upon notification by an authorized representative of the Commission, licensees shall implement the specific threat level indicated by the Commission representative.

(l) Facilities using mixed-oxide (MOX) fuel assemblies containing up to 20 weight percent plutonium dioxide (PuO2). (1) Commercial nuclear power reactors licensed under 10 CFR parts 50 or 52 and authorized to use special nuclear material in the form of MOX fuel assemblies containing up to 20 weight percent PuO2 shall, in addition to meeting the requirements of this section, protect un-irradiated MOX fuel assemblies against theft or diversion as described in this paragraph.

(2) Commercial nuclear power reactors authorized to use MOX fuel assemblies containing up to 20 weight percent PuO2 are exempt from the requirements of §§73.20, 73.45, and 73.46 for the onsite physical protection of un-irradiated MOX fuel assemblies.

(3) Administrative controls. (i) The licensee shall describe in the security plans the operational and administrative controls to be implemented for the receipt, inspection, movement, storage, and protection of un-irradiated MOX fuel assemblies.

(ii) The licensee shall implement the use of tamper-indicating devices for un-irradiated MOX fuel assembly transport and shall verify their use and integrity before receipt.

(iii) Upon receipt of un-irradiated MOX fuel assemblies, the licensee shall:

(A) Inspect un-irradiated MOX fuel assemblies for damage.

(B) Search un-irradiated MOX fuel assemblies for unauthorized materials.

(iv) The licensee may conduct the required inspection and search functions simultaneously.

(v) The licensee shall ensure the proper placement and control of un-irradiated MOX fuel assemblies as follows:

(A) At least one armed security officer shall be present during the receipt and inspection of un-irradiated MOX fuel assemblies. This armed security officer shall not be an armed responder as required by paragraph (k) of this section.

(B) The licensee shall store un-irradiated MOX fuel assemblies only within a spent fuel pool, located within a vital area, so that access to the un-irradiated MOX fuel assemblies requires passage through at least two physical barriers and the water barrier combined with the additional measures detailed in this section.

(vi) The licensee shall implement a material control and accountability program that includes a predetermined and documented storage location for each un-irradiated MOX fuel assembly.

(4) Physical controls. (i) The licensee shall lock, lockout, or disable all equipment and power supplies to equipment required for the movement and handling of un-irradiated MOX fuel assemblies when movement activities are not authorized.

(ii) The licensee shall implement a two-person, line-of-sight rule within the spent fuel pool area whenever control systems or equipment required for the movement or handling of un-irradiated MOX fuel assemblies must be accessed.

(iii) The licensee shall conduct random patrols of areas containing un-irradiated MOX fuel assemblies to identify indications of tampering and ensure the integrity of barriers and locks.

(iv) Locks, keys, and any other access control device used to secure equipment and power sources required for the movement of un-irradiated MOX fuel assemblies, or openings to areas containing un-irradiated MOX fuel assemblies, must be controlled by the security organization.

(v) Removal of locks used to secure equipment and power sources required for the movement of un-irradiated MOX fuel assemblies or openings to areas containing un-irradiated MOX fuel assemblies must require approval by both the on-duty security shift supervisor and the operations shift manager.

(A) At least one armed security officer shall be present to observe activities involving the movement of un-irradiated MOX fuel assemblies before the removal of the locks and providing power to equipment required for the movement or handling of un-irradiated MOX fuel assemblies.

(B) At least one armed security officer shall be present at all times until power is removed from equipment and locks are secured.

(C) Security officers shall be knowledgeable of authorized and unauthorized activities involving un-irradiated MOX fuel assemblies.

(5) At least one armed security officer shall be present and shall maintain constant surveillance of un-irradiated MOX fuel assemblies when the assemblies are not located in the spent fuel pool or reactor.

(6) The licensee shall maintain at all times the capability to detect, assess, interdict and neutralize threats to un-irradiated MOX fuel assemblies in accordance with the requirements of this section.

(7) MOX fuel assemblies containing greater than 20 weight percent PuO2. (i) Requests for the use of MOX fuel assemblies containing greater than 20 weight percent PuO2 shall be reviewed and approved by the Commission before receipt of MOX fuel assemblies.

(ii) Additional measures for the physical protection of un-irradiated MOX fuel assemblies containing greater than 20 weight percent PuO2 shall be determined by the Commission on a case-by-case basis and documented through license amendment in accordance with 10 CFR 50.90.

(m) Security program reviews. (1) As a minimum the licensee shall review each element of the physical protection program at least every 24 months. Reviews shall be conducted:

(i) Within 12 months following initial implementation of the physical protection program or a change to personnel, procedures, equipment, or facilities that potentially could adversely affect security.

(ii) As necessary based upon site-specific analyses, assessments, or other performance indicators.

(iii) By individuals independent of those personnel responsible for program management and any individual who has direct responsibility for implementing the onsite physical protection program.

(2) Reviews of the security program must include, but not limited to, an audit of the effectiveness of the physical security program, security plans, implementing procedures, cyber security programs, safety/security interface activities, the testing, maintenance, and calibration program, and response commitments by local, State, and Federal law enforcement authorities.

(3) The results and recommendations of the onsite physical protection program reviews, management's findings regarding program effectiveness, and any actions taken as a result of recommendations from prior program reviews, must be documented in a report to the licensee's plant manager and to corporate management at least one level higher than that having responsibility for day-to-day plant operations. These reports must be maintained in an auditable form and available for inspection.

(4) Findings from onsite physical protection program reviews must be entered into the site corrective action program.

(n) Maintenance, testing, and calibration. (1) The licensee shall:

(i) Establish, maintain, and implement a maintenance, testing and calibration program to ensure that security systems and equipment, including secondary and uninterruptible power supplies, are tested for operability and performance at predetermined intervals, maintained in operable condition, and are capable of performing their intended functions.

(ii) Describe the maintenance, testing and calibration program in the physical security plan. Implementing procedures must specify operational and technical details required to perform maintenance, testing, and calibration activities to include, but not limited to, purpose of activity, actions to be taken, acceptance criteria, and the intervals or frequency at which the activity will be performed.

(iii) Identify in procedures the criteria for determining when problems, failures, deficiencies, and other findings are documented in the site corrective action program for resolution.

(iv) Ensure that information documented in the site corrective action program is written in a manner that does not constitute safeguards information as defined in 10 CFR 73.21.

(v) Implement compensatory measures that ensure the effectiveness of the onsite physical protection program when there is a failure or degraded operation of security-related components or equipment.

(2) The licensee shall test each intrusion alarm for operability at the beginning and end of any period that it is used for security, or if the period of continuous use exceeds seven (7) days. The intrusion alarm must be tested at least once every seven (7) days.

(3) Intrusion detection and access control equipment must be performance tested in accordance with the security plans and implementing procedures.

(4) Equipment required for communications onsite must be tested for operability not less frequently than once at the beginning of each security personnel work shift.

(5) Communication systems between the alarm stations and each control room, and between the alarm stations and local law enforcement agencies, to include backup communication equipment, must be tested for operability at least once each day.

(6) Search equipment must be tested for operability at least once each day and tested for performance at least once during each seven (7) day period.

(7) A program for testing or verifying the operability of devices or equipment located in hazardous areas must be specified in the implementing procedures and must define alternate measures to be taken to ensure the timely completion of testing or maintenance when the hazardous condition or other restrictions are no longer applicable.

(8) Security equipment or systems shall be tested in accordance with the site maintenance, testing and calibration procedures before being placed back in service after each repair or inoperable state.

(o) Compensatory measures. (1) The licensee shall identify criteria and measures to compensate for degraded or inoperable equipment, systems, and components to meet the requirements of this section.

(2) Compensatory measures must provide a level of protection that is equivalent to the protection that was provided by the degraded or inoperable, equipment, system, or components.

(3) Compensatory measures must be implemented within specific time frames necessary to meet the requirements stated in paragraph (b) of this section and described in the security plans.

(p) Suspension of security measures. (1) The licensee may suspend implementation of affected requirements of this section under the following conditions:

(i) In accordance with §§50.54(x) and 50.54(y) of this chapter, the licensee may suspend any security measures under this section in an emergency when this action is immediately needed to protect the public health and safety and no action consistent with license conditions and technical specifications that can provide adequate or equivalent protection is immediately apparent. This suspension of security measures must be approved as a minimum by a licensed senior operator before taking this action.

(ii) During severe weather when the suspension of affected security measures is immediately needed to protect the personal health and safety of security force personnel and no other immediately apparent action consistent with the license conditions and technical specifications can provide adequate or equivalent protection. This suspension of security measures must be approved, as a minimum, by a licensed senior operator, with input from the security supervisor or manager, before taking this action.

(2) Suspended security measures must be reinstated as soon as conditions permit.

(3) The suspension of security measures must be reported and documented in accordance with the provisions of §73.71.

(q) Records. (1) The Commission may inspect, copy, retain, and remove all reports, records, and documents required to be kept by Commission regulations, orders, or license conditions, whether the reports, records, and documents are kept by the licensee or a contractor.

(2) The licensee shall maintain all records required to be kept by Commission regulations, orders, or license conditions, until the Commission terminates the license for which the records were developed, and shall maintain superseded portions of these records for at least three (3) years after the record is superseded, unless otherwise specified by the Commission.

(3) If a contracted security force is used to implement the onsite physical protection program, the licensee's written agreement with the contractor must be retained by the licensee as a record for the duration of the contract.

(4) Review and audit reports must be maintained and available for inspection, for a period of three (3) years.

(r) Alternative measures. (1) The Commission may authorize an applicant or licensee to provide a measure for protection against radiological sabotage other than one required by this section if the applicant or licensee demonstrates that:

(i) The measure meets the same performance objectives and requirements specified in paragraph (b) of this section; and

(ii) The proposed alternative measure provides protection against radiological sabotage or theft of un-irradiated MOX fuel assemblies, equivalent to that which would be provided by the specific requirement for which it would substitute.

(2) The licensee shall submit proposed alternative measure(s) to the Commission for review and approval in accordance with §§50.4 and 50.90 of this chapter before implementation.

(3) In addition to fully describing the desired changes, the licensee shall submit a technical basis for each proposed alternative measure. The basis must include an analysis or assessment that demonstrates how the proposed alternative measure provides a level of protection that is at least equal to that which would otherwise be provided by the specific requirement of this section.

(4) Alternative vehicle barrier systems. In the case of vehicle barrier systems required by §73.55(e)(10), the licensee shall demonstrate that:

(i) The alternative measure provides protection against the use of a vehicle as a means of transportation to gain proximity to vital areas;

(ii) The alternative measure provides protection against the use of a vehicle as a vehicle bomb; and

(iii) Based on comparison of the costs of the alternative measures to the costs of meeting the Commission's requirements using the essential elements of 10 CFR 50.109, the costs of fully meeting the Commission's requirements are not justified by the protection that would be provided.

[74 FR 13971, Mar. 27, 2009, as amended at 77 FR 39909, July 6, 2012]

§73.56   Personnel access authorization requirements for nuclear power plants.

(a) Introduction. (1) By March 31, 2010, each nuclear power reactor licensee, licensed under 10 CFR part 50, shall implement the requirements of this section through revisions to its Commission-approved Physical Security Plan.

(2) The licensee shall establish, implement and maintain its access authorization program in accordance with the requirements of this section.

(3) Each applicant for an operating license under the provisions of part 50 of this chapter, and each holder of a combined license under the provisions of part 52 of this chapter, shall implement the requirements of this section before fuel is allowed on site (protected area).

(4) The licensee or applicant may accept, in part or whole, an access authorization program implemented by a contractor or vendor to satisfy appropriate elements of the licensee's access authorization program in accordance with the requirements of this section. Only a licensee shall grant an individual unescorted access. Licensees and applicants shall certify individuals' unescorted access authorization and are responsible to maintain, deny, terminate, or withdraw unescorted access authorization.

(b) Applicability. (1) The following individuals shall be subject to an access authorization program:

(i) Any individual to whom a licensee intends to grant unescorted access to nuclear power plant protected or vital areas or any individual for whom a licensee or an applicant intends to certify unescorted access authorization;

(ii) Any individual whose duties and responsibilities permit the individual to take actions by electronic means, either on site or remotely, that could adversely impact the licensee's or applicant's operational safety, security, or emergency preparedness;

(iii) Any individual who has responsibilities for implementing a licensee's or applicant's protective strategy, including, but not limited to, armed security force officers, alarm station operators, and tactical response team leaders; and

(iv) The licensee or applicant access authorization program reviewing official or contractor or vendor access authorization program reviewers.

(2) Other individuals, at the licensee's or applicant's discretion, including employees of a contractor or a vendor who are designated in access authorization program procedures, are subject to an access authorization program that meets the requirements of this section.

(c) General performance objective. The licensee's or applicant's access authorization program must provide high assurance that the individuals who are specified in paragraph (b)(1), and, if applicable, paragraph (b)(2) of this section are trustworthy and reliable, such that they do not constitute an unreasonable risk to public health and safety or the common defense and security, including the potential to commit radiological sabotage.

(d) Background investigation. In order to grant an individual unescorted access to the protected area or vital area of a nuclear power plant or certify an individual unescorted access authorization, licensees, applicants and contractors or vendors shall ensure that the individual has been subject to a background investigation. The background investigation must include, but is not limited to, the following elements:

(1) Informed consent. Licensees, applicants, and contractors or vendors shall not initiate any element of a background investigation without the informed and signed consent of the subject individual. This consent shall include authorization to share personal information with appropriate entities. The licensee or applicant to whom the individual is applying for unescorted access and unescorted access authorization, respectively, or the contractors or vendors supporting the licensee or applicant shall inform the individual of his or her right to review information collected to assure its accuracy, and provide the individual with an opportunity to correct any inaccurate or incomplete information that is developed by licensees, applicants, or contractors or vendors about the individual.

(i) The subject individual may withdraw his or her consent at any time. Licensees, applicants, and contractors or vendors shall inform the individual that:

(A) Withdrawal of his or her consent will remove the individual's application for access authorization under the licensee's or applicant's access authorization program or contractor or vendor access authorization program; and

(B) Other licensees and applicants shall have access to information documenting the withdrawal. Additionally, the contractors or vendors may have the same access to the information, if such information is necessary for assisting licensees or applicants complying with requirements set forth in this section.

(ii) If an individual withdraws his or her consent, licensees, applicants, and contractors or vendors may not initiate any elements of the background investigation that were not in progress at the time the individual withdrew his or her consent, but shall complete any background investigation elements that are in progress at the time consent is withdrawn. The licensee or applicant shall record the status of the individual's application for unescorted access or unescorted access authorization, respectively. Contractors or vendors may record the status of the individual's application for unescorted access or unescorted access authorization for licensees or applicants. Additionally, licensees, applicants, or contractors or vendors shall collect and maintain the individual's application for unescorted access or unescorted access authorization; his or her withdrawal of consent for the background investigation; the reason given by the individual for the withdrawal; and any pertinent information collected from the background investigation elements that were completed. This information must be shared with other licensees in accordance with paragraph (o)(6) of this section.

(iii) Licensees, applicants, and contractors or vendors shall inform, in writing, any individual who is applying for unescorted access or unescorted access authorization that the following actions are sufficient cause for denial or unfavorable termination of unescorted access or unescorted access authorization status:

(A) Refusal to provide a signed consent for the background investigation;

(B) Refusal to provide, or the falsification of, any personal history information required under this section, including the failure to report any previous denial or unfavorable termination of unescorted access or unescorted access authorization;

(C) Refusal to provide signed consent for the sharing of personal information with other licensees, applicants, or the contractor or vendors under paragraph (d)(4)(v) of this section; or

(D) Failure to report any arrests or legal actions specified in paragraph (g) of this section.

(2) Personal history disclosure. (i) Any individual who is applying for unescorted access or unescorted access authorization shall disclose the personal history information that is required by the licensee's or applicant's access authorization program, including any information that may be necessary for the reviewing official to make a determination of the individual's trustworthiness and reliability.

(ii) Licensees, applicants, and contractors or vendors shall not require an individual to disclose an administrative withdrawal of unescorted access or unescorted access authorization under the requirements of §73.56(g), (h)(7), or (i)(1)(v) of this section. However, the individual must disclose this information if the individual's unescorted access or unescorted access authorization is administratively withdrawn at the time he or she is seeking unescorted access or unescorted access authorization, or the individual's unescorted access or unescorted access authorization was subsequently denied or terminated unfavorably by a licensee, applicant, or contractor or vendor.

(3) Verification of true identity. Licensees, applicants, and contractors or vendors shall verify the true identity of an individual who is applying for unescorted access or unescorted access authorization in order to ensure that the applicant is the person that he or she has claimed to be. At a minimum, licensees, applicants, and contractors or vendors shall validate that the social security number that the individual has provided is his or hers, and, in the case of foreign nationals, validate the claimed non-immigration status that the individual has provided is correct. In addition, licensees and applicants shall also determine whether the results of the fingerprinting required under §73.57 confirm the individual's claimed identity, if such results are available.

(4) Employment history evaluation. Licensees, applicants, and contractors or vendors shall ensure that an employment history evaluation has been completed on a best effort basis, by questioning the individual's present and former employers, and by determining the activities of the individual while unemployed.

(i) For the claimed employment period, the individual must provide the reason for any termination, eligibility for rehire, and other information that could reflect on the individual's trustworthiness and reliability.

(ii) If the claimed employment was military service the individual shall provide a characterization of service, reason for separation, and any disciplinary actions that could affect a trustworthiness and reliability determination.

(iii) If education is claimed in lieu of employment, the individual shall provide any information related to the claimed education that could reflect on the individual's trustworthiness and reliability and, at a minimum, verify that the individual was registered for the classes and received grades that indicate that the individual participated in the educational process during the claimed period.

(iv) If a previous employer, educational institution, or any other entity with which the individual claims to have been engaged fails to provide information or indicates an inability or unwillingness to provide information within 3 business days of the request, the licensee, applicant, or contractor or vendor shall:

(A) Document this refusal or unwillingness in the licensee's, applicant's, or contractor's or vendor's record of the investigation; and

(B) Obtain a confirmation of employment, educational enrollment and attendance, or other form of engagement claimed by the individual from at least one alternate source that has not been previously used.

(v) When any licensee, applicant, contractor, or vendor is seeking the information required for an unescorted access or unescorted access authorization decision under this section and has obtained a signed release from the subject individual authorizing the disclosure of such information, other licensees, applicants, contractors and vendors shall make available the personal or access authorization information requested regarding the denial or unfavorable termination of unescorted access or unescorted access authorization.

(vi) In conducting an employment history evaluation, the licensee, applicant, contractor, or vendor may obtain information and documents by electronic means, including, but not limited to, telephone, facsimile, or e-mail. Licensees, applicants, contractors, or vendors shall make a record of the contents of the telephone call and shall retain that record, and any documents or electronic files obtained electronically, in accordance with paragraph (o) of this section.

(5) Credit history evaluation. Licensees, applicants, contractors and vendors shall ensure that the full credit history of any individual who is applying for unescorted access or unescorted access authorization is evaluated. A full credit history evaluation must include, but is not limited to, an inquiry to detect potential fraud or misuse of social security numbers or other financial identifiers, and a review and evaluation of all of the information that is provided by a national credit-reporting agency about the individual's credit history. For individuals including foreign nationals and United States citizens who have resided outside the United States and do not have established credit history that covers at least the most recent seven years in the United States, the licensee, applicant, contractor or vendor must document all attempts to obtain information regarding the individual's credit history and financial responsibility from some relevant entity located in that other country or countries.

(6) Character and reputation evaluation. Licensees, applicants, contractors, and vendors shall ascertain the character and reputation of an individual who has applied for unescorted access or unescorted access authorization by conducting reference checks. Reference checks may not be conducted with any person who is known to be a close member of the individual's family, including but not limited to, the individual's spouse, parents, siblings, or children, or any individual who resides in the individual's permanent household. The reference checks must focus on the individual's reputation for trustworthiness and reliability.

(7) Criminal history review. The licensee's or applicant's reviewing official shall evaluate the entire criminal history record of an individual who is applying for unescorted access or unescorted access authorization to determine whether the individual has a record of criminal activity that may adversely impact his or her trustworthiness and reliability. A criminal history record must be obtained in accordance with the requirements of §73.57. For individuals who do not have or are not expected to have unescorted access, a criminal history record of the individual shall be obtained in accordance with the requirements set forth in paragraph (k)(1)(ii) of this section.

(e) Psychological assessment. In order to assist in determining an individual's trustworthiness and reliability, licensees, applicants, contractors or vendors shall ensure that a psychological assessment has been completed before the individual is granted unescorted access or certified unescorted access authorization. Individuals who are applying for initial unescorted access or unescorted access authorization, or who have not maintained unescorted access or unescorted access authorization for greater than 365 days, shall be subject to a psychological assessment. The psychological assessment must be designed to evaluate the possible adverse impact of any noted psychological characteristics on the individual's trustworthiness and reliability.

(1) A licensed psychologist or psychiatrist with the appropriate training and experience shall conduct the psychological assessment.

(2) The psychological assessment must be conducted in accordance with the applicable ethical principles for conducting such assessments established by the American Psychological Association or American Psychiatric Association.

(3) At a minimum, the psychological assessment must include the administration and interpretation of a standardized, objective, professionally-accepted psychological test that provides information to identify indications of disturbances in personality or psychopathology that may have adverse implications for an individual's trustworthiness and reliability. A psychiatrist or psychologist specified in paragraph (e) of this section shall establish the predetermined thresholds for each scale, in accordance with paragraph (e)(2) of this section, that must be applied in interpreting the results of the psychological test to determine whether an individual must be interviewed by a licensed psychiatrist or psychologist, under §73.56(e)(4)(i) of this section.

(4) The psychological assessment must include a clinical interview:

(i) If an individual's scores on the psychological test in paragraph (e)(3) of this section identify indications of disturbances in personality or psychopathology that may have implications for an individual's trustworthiness and reliability; or

(ii) If the individual is a member of the population that performs one or more job functions that are critical to the safe and secure operation of the licensee's facility, as defined in paragraph (i)(1)(v)(B) of this section.

(5) In the course of conducting a psychological assessment for those individuals who are specified in paragraph (h) of this section for initial unescorted access or unescorted access authorization category, if the licensed psychologist or psychiatrist identifies or discovers any information, including a medical condition, that could adversely impact the individual's fitness for duty or trustworthiness and reliability, the licensee, applicant, or contractor or vendor shall ensure that the psychologist or psychiatrist contact appropriate medical personnel to obtain further information as need for a determination. The results of the evaluation and a recommendation shall be provided to the licensee's or applicant's reviewing official.

(6) During psychological reassessments, if the licensed psychologist or psychiatrist identifies or discovers any information, including a medical condition, that could adversely impact the fitness for duty or trustworthiness and reliability of those individuals who are currently granted unescorted access or certified unescorted access authorization status, he or she shall inform (1) the reviewing official of the discovery within 24 hours of the discovery and (2) the medical personnel designated in the site implementing procedures, who shall ensure that an appropriate evaluation of the possible medical condition is conducted under the requirements of part 26 of this chapter. The results of the evaluation and a recommendation shall be provided to the licensee's or applicant's reviewing official.

(f) Behavioral observation. (1) Licensee and applicant access authorization programs must include a behavioral observation program that is designed to detect behaviors or activities that may constitute an unreasonable risk to the health and safety of the public and common defense and security, including a potential threat to commit radiological sabotage. Licensees, applicants and contractors or vendors must ensure that the individuals specified in paragraph (b)(1) and, if applicable, (b)(2) of this section are subject to behavioral observation.

(2) Each person subject to the behavior observation program shall be responsible for communicating to the licensee or applicant observed behaviors of individuals subject to the requirements of this section. Such behaviors include any behavior of individuals that may adversely affect the safety or security of the licensee's facility or that may constitute an unreasonable risk to the public health and safety or the common defense and security, including a potential threat to commit radiological sabotage.

(i) Licensees, applicants, and contractors or vendors shall ensure that individuals who are subject to this section also successfully complete initial behavioral observation training and requalification behavior observation training as required in paragraphs (f)(2)(ii) and (iii) of this section.

(ii) Behavioral observation training must be:

(A) Completed before the licensee grants unescorted access or certifies unescorted access authorization or an applicant certifies unescorted access authorization, as defined in paragraph (h)(4)(ii) of this section,

(B) Current before the licensee grants unescorted access update or reinstatement or licensee or applicant certifies unescorted access authorization reinstatement as defined in paragraph (h)(4)(ii) of this section, and

(C) Maintained in a current status during any period of time an individual possesses unescorted access or unescorted access authorization in accordance with paragraph (f)(2)(iv) of this section.

(iii) For initial behavioral observation training, individuals shall demonstrate completion by passing a comprehensive examination that addresses the knowledge and abilities necessary to detect behavior or activities that have the potential to constitute an unreasonable risk to the health and safety of the public and common defense and security, including a potential threat to commit radiological sabotage. Remedial training and re-testing are required for individuals who fail to satisfactorily complete the examination.

(iv) Individuals shall complete refresher training on a nominal 12-month frequency, or more frequently where the need is indicated. Individuals may take and pass a comprehensive examination that meets the requirements of paragraph (f)(2)(iii) of this section in lieu of completing annual refresher training.

(v) Initial and refresher training may be delivered using a variety of media, including, but not limited to, classroom lectures, required reading, video, or computer-based training systems. The licensee, applicant, or contractor or vendor shall monitor the completion of training.

(3) Individuals who are subject to an access authorization program under this section shall at a minimum, report any concerns arising from behavioral observation, including, but not limited to, concerns related to any questionable behavior patterns or activities of others to the reviewing official, his or her supervisor, or other management personnel designated in their site procedures. The recipient of the report shall, if other than the reviewing official, promptly convey the report to the reviewing official, who shall reassess the reported individual's unescorted access or unescorted access authorization status. The reviewing official shall determine the elements of the reassessment based on the accumulated information of the individual. If the reviewing official has a reason to believe that the reported individual's trustworthiness or reliability is questionable, the reviewing official shall either administratively withdraw or terminate the individual's unescorted access or unescorted access authorization while completing the re-evaluation or investigation. If the reviewing official determines from the information provided that there is cause for additional action, the reviewing official may inform the supervisor of the reported individual.

(g) Self-reporting of legal actions. (1) Any individual who has applied for unescorted access or unescorted access authorization or is maintaining unescorted access or unescorted access authorization under this section shall promptly report to the reviewing official, his or her supervisor, or other management personnel designated in site procedures any legal action(s) taken by a law enforcement authority or court of law to which the individual has been subject that could result in incarceration or a court order or that requires a court appearance, including but not limited to an arrest, an indictment, the filing of charges, or a conviction, but excluding minor civil actions or misdemeanors such as parking violations or speeding tickets. The recipient of the report shall, if other than the reviewing official, promptly convey the report to the reviewing official. On the day that the report is received, the reviewing official shall evaluate the circumstances related to the reported legal action(s) and re-determine the reported individual's unescorted access or unescorted access authorization status.

(2) The licensee or applicant shall inform the individual of this obligation, in writing, prior to granting unescorted access or certifying unescorted access authorization.

(h) Granting unescorted access and certifying unescorted access authorization. Licensees and applicants shall implement the requirements of this paragraph for granting or certifying initial or reinstated unescorted access or unescorted access authorization. The investigatory information collected to satisfy the requirements of this section for individuals who are being considered for unescorted access or unescorted access authorization shall be valid for a trustworthiness and reliability determination by a licensee or applicant for 30 calendar days.

(1) Determination basis. (i) The licensee's or applicant's reviewing official shall determine whether to grant, certify, deny, unfavorably terminate, maintain, or administratively withdraw an individual's unescorted access or unescorted access authorization status, based on an evaluation of all of the information required by this section.

(ii) The licensee's or applicant's reviewing official may not grant unescorted access or certify unescorted access authorization status to an individual until all of the information required by this section has been evaluated by the reviewing official and the reviewing official has determined that the accumulated information supports a determination of the individual's trustworthiness and reliability. However, the reviewing official may deny or terminate unescorted access or unescorted access authorization of any individual based on disqualifying information even if not all the information required by this section has been collected or evaluated.

(2) Unescorted access for NRC-certified personnel. Licensees and applicants shall grant unescorted access to any individual who has been certified by the Nuclear Regulatory Commission as suitable for such access.

(3) Access denial. Licensees or applicants may not permit an individual, who is identified as having an access-denied status by another licensee subject to this section, or has an access authorization status other than favorably terminated, to enter any nuclear power plant protected area or vital area, under escort or otherwise, or take actions by electronic means that could adversely impact the licensee's or applicant's safety, security, or emergency response or their facilities, under supervision or otherwise, except upon completion of the initial unescorted access authorization process.

(4) Granting unescorted access and certifying unescorted access authorization—(i) Initial unescorted access or unescorted access authorization. In satisfying the requirements of paragraph (h)(1) of this section, for individuals who have never held unescorted access or unescorted access authorization status or whose unescorted access or unescorted access authorization status has been interrupted for a period of 3 years or more, the licensee, applicant, or contractor or vendor shall satisfy the requirements of paragraphs (d), (e), (f), and (g) of this section. In meeting requirements set forth in paragraph (d)(4) of this section, the licensee, applicant, or contractor or vendor shall evaluate the 3 years before the date on which the application for unescorted access was submitted, or since the individual's eighteenth birthday, whichever is shorter. For the 1-year period preceding the date upon which the individual applies for unescorted access or unescorted access authorization, the licensee, applicant or contractor or vendor shall ensure that the employment history evaluation is conducted with every employer, regardless of the length of employment. For the remaining 2-year period, the licensee, applicant, or contractor or vendor shall ensure that the employment history evaluation is conducted with the employer by whom the individual claims to have been employed the longest within each calendar month.

(ii) Interruption of unescorted access or unescorted access authorization. In satisfying the requirements of paragraph (h)(1) of this section, for individuals who have previously been granted unescorted access or unescorted access authorization, but whose access had been terminated under favorable conditions, licensees, applicants or contractors or vendors shall satisfy the requirements of paragraphs (d), (e), (f), and (g) of this section, with consideration of the specific requirements for periods of interruption described below in paragraphs (h)(4)(ii)(A) or (h)(4)(ii)(B) of this section, as applicable. However, for individuals whose unescorted access or unescorted access authorization was interrupted for less than or equal to 30 calendar days, licensees, applicants, or contractors or vendors must only satisfy the requirements set forth in paragraphs (d)(1), (d)(2), and (d)(3) of this section. The applicable periods of interruption are determined by the number of calendar days between the day after the individual's access was terminated and the day upon which the individual applies for unescorted access or unescorted access authorization.

(A) Update of unescorted access or unescorted access authorization. For individuals whose last unescorted access or unescorted access authorization status has been interrupted for more than 30 calendar days but less than or equal to 365 calendar days, the licensee, applicant or contractor or vendor shall complete the individual's employment history evaluation in accordance with the requirements of paragraph (d)(4) of this section, within 5 business days after reinstatement. The licensee, applicant, or contractor or vendor shall ensure that the employment history evaluation has been conducted with the employer by whom the individual claims to have been employed the longest within the calendar month. However, if the employment history evaluation is not completed within 5 business days of reinstatement due to circumstances that are outside of the licensee's, applicant's, or contractor's or vendor's control and the licensee or applicant, contractor or vendor is not aware of any potentially disqualifying information regarding the individual within the past 5 years, the licensee may extend the individual's unescorted access an additional 5 business days. If the employment history evaluation is not completed within this extended 5 business days, the licensee shall administratively withdraw unescorted access and complete the employment history evaluation in accordance with §73.56(d)(4) of this section. For re-certification of unescorted access authorization, prior to re-certification of unescorted access authorization status of an individual, the licensee or applicant shall complete all the elements stated above including drug screening and employment evaluation.

(B) Reinstatement of unescorted access or unescorted access authorization. For individuals whose last unescorted access or unescorted access authorization status has been interrupted for greater than 365 calendar days but fewer than 3 years the licensee, applicant or contractor or vendor shall evaluate the period of time since the individual last held unescorted access or unescorted access authorization status, up to and including the day the individual applies for re-instated unescorted access authorization. For the 1-year period preceding the date upon which the individual applies for unescorted access authorization, the licensee, applicant, or contractor or vendor shall ensure that the employment history evaluation is conducted with every employer, regardless of the length of employment. For the remaining period, the licensee, applicant or contractor or vendor shall ensure that the employment history evaluation is conducted with the employer by whom the individual claims to have been employed the longest within each calendar month. In addition, the individual shall be subject to the psychological assessment required in §73.56(e).

(5) Accepting unescorted access authorization from other access authorization programs. Licensees who are seeking to grant unescorted access or certify unescorted access authorization or applicants who are seeking to certify unescorted access authorization to an individual who is subject to another access authorization program or another access authorization program that complies with this section may rely on those access authorization programs or access authorization program elements to comply with the requirements of this section. However, the licensee who is seeking to grant unescorted access or the licensee or applicant who is seeking to certify unescorted access authorization shall ensure that the program elements to be accepted have been maintained consistent with the requirements of this section by the other access authorization program.

(6) Information sharing. To meet the requirements of this section, licensees, applicants, and contractors or vendors may rely upon the information that other licensees, applicants, and contractors or vendors who are also subject to this section, have gathered about individuals who have previously applied for unescorted access or unescorted access authorization, and developed about individuals during periods in which the individuals maintained unescorted access or unescorted access authorization status.

(i) Maintaining unescorted access or unescorted access authorization.

(1) Individuals may maintain unescorted access or unescorted access authorization status under the following conditions:

(i) The individual remains subject to a behavioral observation program that complies with the requirements of §73.56(f) of this section.

(ii) The individual successfully completes behavioral observation refresher training or testing on the nominal 12-month frequency required in §73.56(f)(2)(ii) of this section.

(iii) The individual complies with the licensee's or applicant's access authorization program policies and procedures to which he or she is subject, including the self-reporting of legal actions responsibility specified in paragraph (g) of this section.

(iv) The individual is subject to an annual (within 365 calendar days) supervisory review conducted in accordance with the requirements of the licensee's or applicant's behavioral observation program. The individual shall be subject to a supervisory interview in accordance with the requirements of the licensee's or applicant's behavioral observation program, if the supervisor does not have the frequent interaction with the individual throughout the review period needed to form an informed and reasonable opinion regarding the individual's behavior, trustworthiness, and reliability.

(v) The licensee's or applicant's reviewing official determines that the individual continues to be trustworthy and reliable. This determination must, at a minimum, be based on the following:

(A) A criminal history update and credit history re-evaluation for any individual with unescorted access. The criminal history update and credit history re-evaluation must be completed within 5 years of the date on which these elements were last completed.

(B) For individuals who perform one or more of the job functions described in this paragraph, the trustworthiness and reliability determination must be based on a criminal history update and credit history re-evaluation within three years of the date on which these elements were last completed, or more frequently, based on job assignment as determined by the licensee or applicant, and a psychological re-assessment within 5 years of the date on which this element was last completed:

(1) Individuals who have extensive knowledge of defensive strategies and design and/or implementation of the plant's defense strategies, including—

(i) Site security supervisors;

(ii) Site security managers;

(iii) Security training instructors; and

(iv) Corporate security managers;

(2) Individuals in a position to grant an applicant unescorted access or unescorted access authorization, including site access authorization managers;

(3) Individuals assigned a duty to search for contraband or other items that could be used to commit radiological sabotage (i.e., weapons, explosives, incendiary devices);

(4) Individuals who have access, extensive knowledge, or administrative control over plant digital computer and communication systems and networks as identified in §73.54, including—

(i) Plant network systems administrators;

(ii) IT personnel who are responsible for securing plant networks; or

(5) Individuals qualified for and assigned duties as: armed security officers, armed responders, alarm station operators, response team leaders, and armorers as defined in the licensee's or applicant's Physical Security Plan; and reactor operators, senior reactor operators and non-licensed operators. Non-licensed operators include those individuals responsible for the operation of plant systems and components, as directed by a reactor operator or senior reactor operator. A non-licensed operator also includes individuals who monitor plant instrumentation and equipment and principally perform their duties outside of the control room.

(C) The criminal history update and the credit history re-evaluation shall be completed within 30 calendar days of each other.

(vi) If the criminal history update, credit history re-evaluation, psychological re-assessment, if required, and supervisory review and interview, if applicable, have not been completed and the information evaluated by the reviewing official within the time frame specified under paragraph (v) of this section, the licensee or applicant shall administratively withdraw the individual's unescorted access or unescorted access authorization until these requirements have been met.

(2) If an individual who has unescorted access or unescorted access authorization status is not subject to an access authorization program that meets the requirements of this part for more than 30 continuous days, then the licensee or applicant shall terminate the individual's unescorted access or unescorted access authorization status and the individual shall meet the requirements in this section, as applicable, to regain unescorted access or unescorted access authorization.

(j) Access to vital areas. Licensees or applicants shall establish, implement, and maintain a list of individuals who are authorized to have unescorted access to specific nuclear power plant vital areas during non-emergency conditions. The list must include only those individuals who have a continued need for access to those specific vital areas in order to perform their duties and responsibilities. The list must be approved by a cognizant licensee or applicant manager or supervisor who is responsible for directing the work activities of the individual who is granted unescorted access to each vital area, and updated and re-approved no less frequently than every 31 days.

(k) Trustworthiness and reliability of background screeners and access authorization program personnel. Licensees, applicants, and contractors or vendors shall ensure that any individual who collects, processes, or has access to personal information that is used to make unescorted access or unescorted access authorization determinations under this section has been determined to be trustworthy and reliable.

(1) Background screeners. Licensees, applicants, and contractors or vendors who rely on individuals who are not directly under their control to collect and process information that will be used by a reviewing official to make unescorted access or unescorted access authorization determinations shall ensure that a trustworthiness and reliability evaluation of such individuals has been completed to support a determination that such individuals are trustworthy and reliable. At a minimum, the following checks are required:

(i) Verify the individual's true identity as specified in paragraph (d)(3) of this section;

(ii) A local criminal history review and evaluation based on information obtained from an appropriate State or local court or agency in which the individual resided;

(iii) A credit history review and evaluation;

(iv) An employment history review and evaluation covering the past 3 years; and

(v) An evaluation of character and reputation.

(2) Access authorization program personnel. Licensees, applicants, and contractors or vendors shall ensure that any individual who evaluates personal information for the purpose of processing applications for unescorted access or unescorted access authorization, including but not limited to a psychologist or psychiatrist who conducts psychological assessments under §73.56(e), has access to the files, records, and personal information associated with individuals who have applied for unescorted access or unescorted access authorization, or is responsible for managing any databases that contain such files, records, and personal information has been determined to be trustworthy and reliable, as follows:

(i) The individual is subject to an access authorization program that meets the requirements of this section; or

(ii) The licensee, applicant, and contractor or vendor determines that the individual is trustworthy and reliable based upon an evaluation that meets the requirements of §73.56(d)(1) through (d)(6) and (e) and either a local criminal history review and evaluation as specified in §73.56(k)(1)(ii) or a criminal history check that meets the requirements of §73.56(d)(7).

(l) Review procedures. Each licensee and applicant shall include a procedure for the notification of individuals who are denied unescorted access, unescorted access authorization, or who are unfavorably terminated. Additionally, procedures must include provisions for the review, at the request of the affected individual, of a denial or unfavorable termination of unescorted access or unescorted access authorization that may adversely affect employment. The procedure must contain a provision to ensure the individual is informed of the grounds for the denial or unfavorable termination and allow the individual an opportunity to provide additional relevant information and an opportunity for an objective review of the information upon which the denial or unfavorable termination of unescorted access or unescorted access authorization was based. The procedure must provide for an impartial and independent internal management review. Licensees and applicants shall not grant unescorted access or certify unescorted access authorization, or permit the individual to maintain unescorted access or unescorted access authorization during the review process.

(m) Protection of information. Each licensee, applicant, contractor, or vendor shall establish and maintain a system of files and procedures to ensure personal information is not disclosed to unauthorized persons.

(1) Licensees, applicants and contractors or vendors shall obtain signed consent from the subject individual that authorizes the disclosure of any information collected and maintained under this section before disclosing the information, except for disclosures to the following individuals:

(i) The subject individual or his or her representative, when the individual has designated the representative in writing for specified unescorted access authorization matters;

(ii) NRC representatives;

(iii) Appropriate law enforcement officials under court order;

(iv) A licensee's, applicant's, or contractor's or vendor's representatives who have a need to have access to the information in performing assigned duties, including determinations of trustworthiness and reliability and audits of access authorization programs;

(v) The presiding officer in a judicial or administrative proceeding that is initiated by the subject individual;

(vi) Persons deciding matters under the review procedures in paragraph (k) of this section; or

(vii) Other persons pursuant to court order.

(2) All information pertaining to a denial or unfavorable termination of the individual's unescorted access or unescorted access authorization shall be promptly provided, upon receipt of a written request by the subject individual or his or her designated representative as designated in writing. The licensee or applicant may redact the information to be released to the extent that personal privacy information, including the name of the source of the information is withheld.

(3) A contract with any individual or organization who collects and maintains personal information that is relevant to an unescorted access or unescorted access authorization determination must require that such records be held in confidence, except as provided in paragraphs (m)(1) through (m)(2) of this section.

(4) Licensees, applicants, or contractors or vendors and any individual or organization who collects and maintains personal information on behalf of a licensee, applicant, or contractor or vendor, shall establish, implement, and maintain a system and procedures for the secure storage and handling of the information collected.

(n) Audits and corrective action. Each licensee and applicant shall be responsible for the continuing effectiveness of the access authorization program, including access authorization program elements that are provided by the contractors or vendors, and the access authorization programs of any of the contractors or vendors that are accepted by the licensee or applicant. Each licensee, applicant, and contractor or vendor shall ensure that access authorization programs and program elements are audited to confirm compliance with the requirements of this section and those comprehensive actions are taken to correct any non-conformance that is identified.

(1) Each licensee and applicant shall ensure that its entire access authorization program is audited nominally every 24 months. Licensees, applicants and contractors or vendors are responsible for determining the appropriate frequency, scope, and depth of additional auditing activities within the nominal 24-month period based on the review of program performance indicators, such as the frequency, nature, and severity of discovered problems, personnel or procedural changes, and previous audit findings.

(2) Access authorization program services that are provided to a licensee or applicant by contractor or vendor personnel who are off site or are not under the direct daily supervision or observation of the licensee's or applicant's personnel must be audited by the licensee or applicant on a nominal 12-month frequency. In addition, any access authorization program services that are provided to contractors or vendors by subcontractor personnel who are off site or are not under the direct daily supervision or observation of the contractor's or vendor's personnel must be audited by the licensee or applicant on a nominal 12-month frequency.

(3) Licensee's and applicant's contracts with contractors or vendors must reserve the licensee's or applicant's right to audit the contractors or vendors and the contractor's or vendor's subcontractors providing access authorization program services at any time, including at unannounced times, as well as to review all information and documentation that is reasonably relevant to the performance of the program.

(4) Licensee's and applicant's contracts with the contractors or vendors, and contractors' or vendors' contracts with subcontractors, must also require that the licensee or applicant shall be provided access to and be permitted to take away copies of any documents or data that may be needed to assure that the contractor or vendor and its subcontractors are performing their functions properly and that staff and procedures meet applicable requirements.

(5) Audits must focus on the effectiveness of the access authorization program or program element(s), as appropriate. At least one member of the licensee or applicant audit team shall be a person who is knowledgeable of and practiced with meeting the performance objectives and requirements of the access authorization program or program elements being audited. The individuals performing the audit of the access authorization program or program element(s) shall be independent from both the subject access authorization programs' management and from personnel who are directly responsible for implementing the access authorization program or program elements being audited.

(6) The results of the audits, along with any recommendations, must be documented in the site corrective action program in accordance with §73.55(b)(10) and reported to senior management having responsibility in the area audited and to management responsible for the access authorization program. Each audit report must identify conditions that are adverse to the proper performance of the access authorization program, the cause of the condition(s), and, when appropriate, recommended corrective actions, and corrective actions taken. The licensee, applicant, or contractor or vendor shall review the audit findings and take any additional corrective actions, to include re-auditing of the deficient areas where indicated, to preclude repetition of the condition.

(7) Licensees and applicants may jointly conduct audits, or may accept audits of the contractors or vendors that were conducted by other licensees and applicants who are subject to this section, if the audit addresses the services obtained from the contractor or vendor by each of the sharing licensees and applicants. The contractors or vendors may jointly conduct audits, or may accept audits of its subcontractors that were conducted by other licensees, applicants, or contractors or vendors who are subject to this section, if the audit addresses the services obtained from the subcontractor by each of the sharing licensees, applicants, and the contractors or vendors.

(i) Licensees, applicants, and contractors or vendors shall review audit records and reports to identify any areas that were not covered by the shared or accepted audit and ensure that authorization program elements and services upon which the licensee, applicant, or contractor or vendor relies are audited, if the program elements and services were not addressed in the shared audit.

(ii) Sharing licensees and applicants need not re-audit the same contractor or vendor for the same time. Sharing contractors or vendors need not re-audit the same subcontractor for the same time.

(iii) Sharing licensees, applicants, and contractors or vendors shall maintain a copy of the shared audits, including findings, recommendations, and corrective actions.

(o) Records. Licensee, applicants, and contractors or vendors shall maintain the records that are required by the regulations in this section for the period specified by the appropriate regulation. If a retention period is not otherwise specified, these records must be retained until the Commission terminates the facility's license, certificate, or other regulatory approval.

(1) Records may be stored and archived electronically, provided that the method used to create the electronic records meets the following criteria:

(i) Provides an accurate representation of the original records;

(ii) Prevents unauthorized access to the records;

(iii) Prevents the alteration of any archived information and/or data once it has been committed to storage; and

(iv) Permits easy retrieval and re-creation of the original records.

(2) Licensees and applicants who are subject to this section shall retain the following records:

(i) Records of the information that must be collected under paragraphs (d) and (e) of this section that results in the granting of unescorted access or certifying of unescorted access authorization for at least 5 years after the licensee or applicant terminates or denies an individual's unescorted access or unescorted access authorization or until the completion of all related legal proceedings, whichever is later;

(ii) Records pertaining to denial or unfavorable termination of unescorted access or unescorted access authorization and related management actions for at least 5 years after the licensee or applicant terminates or denies an individual's unescorted access or unescorted access authorization or until the completion of all related legal proceedings, whichever is later; and

(iii) Documentation of the granting and termination of unescorted access or unescorted access authorization for at least 5 years after the licensee or applicant terminates or denies an individual's unescorted access or unescorted access authorization or until the completion of all related legal proceedings, whichever is later. Contractors or vendors may maintain the records that are or were pertinent to granting, certifying, denying, or terminating unescorted access or unescorted access authorization that they collected for licensees or applicants. If the contractors or vendors maintain the records on behalf of a licensee or an applicant, they shall follow the record retention requirement specified in this section. Upon termination of a contract between the contractor and vendor and a licensee or applicant, the contractor or vendor shall provide the licensee or applicant with all records collected for the licensee or applicant under this chapter.

(3) Licensees, applicants, and contractors or vendors shall retain the following records for at least 3 years or until the completion of all related proceedings, whichever is later:

(i) Records of behavioral observation training conducted under paragraph (f)(2) of this section; and

(ii) Records of audits, audit findings, and corrective actions taken under paragraph (n) of this section.

(4) Licensees, applicants, and contractors or vendors shall retain written agreements for the provision of services under this section, for three years after termination or completion of the agreement, or until completion of all proceedings related to a denial or unfavorable termination of unescorted access or unescorted access authorization that involved those services, whichever is later.

(5) Licensees, applicants, and contractors or vendors shall retain records of the background investigations, psychological assessments, supervisory reviews, and behavior observation program actions related to access authorization program personnel, conducted under paragraphs (d) and (e) of this section, for the length of the individual's employment by or contractual relationship with the licensee, applicant, or the contractor or vendor and three years after the termination of employment, or until the completion of any proceedings relating to the actions of such access authorization program personnel, whichever is later.

(6) Licensees, applicants, and the contractors or vendors who have been authorized to add or manipulate data that is shared with licensees subject to this section shall ensure that data linked to the information about individuals who have applied for unescorted access or unescorted access authorization, which is specified in the licensee's or applicant's access authorization program documents, is retained.

(i) If the shared information used for determining individual's trustworthiness and reliability changes or new or additional information is developed about the individual, the licensees, applicants, and the contractors or vendors that acquire this information shall correct or augment the data and ensure it is shared with licensees subject to this section. If the changed, additional or developed information has implications for adversely affecting an individual's trustworthiness and reliability, the licensee, applicant, or the contractor or vendor who discovered or obtained the new, additional or changed information, shall, on the day of discovery, inform the reviewing official of any licensee or applicant access authorization program under which the individual is maintaining his or her unescorted access or unescorted access authorization status of the updated information.

(ii) The reviewing official shall evaluate the shared information and take appropriate actions, which may include denial or unfavorable termination of the individual's unescorted access authorization. If the notification of change or updated information cannot be made through usual methods, licensees, applicants, and the contractors or vendors shall take manual actions to ensure that the information is shared as soon as reasonably possible. Records maintained in any database(s) must be available for NRC review.

(7) If a licensee or applicant administratively withdraws an individual's unescorted access or unescorted access authorization status caused by a delay in completing any portion of the background investigation or for a licensee or applicant initiated evaluation, or re-evaluation that is not under the individual's control, the licensee or applicant shall record this administrative action to withdraw the individual's unescorted access or unescorted access authorization with other licensees subject to this section. However, licensees and applicants shall not document this administrative withdrawal as denial or unfavorable termination and shall not respond to a suitable inquiry conducted under the provisions of 10 CFR parts 26, a background investigation conducted under the provisions of this section, or any other inquiry or investigation as denial nor unfavorable termination. Upon favorable completion of the background investigation element that caused the administrative withdrawal, the licensee or applicant shall immediately ensure that any matter that could link the individual to the administrative action is eliminated from the subject individual's access authorization or personnel record and other records, except if a review of the information obtained or developed causes the reviewing official to unfavorably terminate or deny the individual's unescorted access.

[74 FR 13979, Mar. 27, 2009, as amended at 77 FR 39909, July 6, 2012, 81 FR 86910, Dec. 2, 2016]

§73.57   Requirements for criminal history records checks of individuals granted unescorted access to a nuclear power facility, a non-power reactor, or access to Safeguards Information.

(a) General. (1) Each licensee who is authorized to engage in an activity subject to regulation by the Commission shall comply with the requirements of this section.

(2) Each applicant for a license to engage in an activity subject to regulation by the Commission, as well as each entity who has provided written notice to the Commission of intent to file an application for licensing, certification, permitting, or approval of a product subject to regulation by the Commission shall submit fingerprints for those individuals who will have access to Safeguards Information.

(3) Before receiving its operating license under 10 CFR part 50 or before the Commission makes its finding under §52.103(g) of this chapter, each applicant for a license to operate a nuclear power reactor (including an applicant for a combined license) or a non-power reactor may submit fingerprints for those individuals who will require unescorted access to the nuclear power facility or non-power reactor facility.

(b) General performance objective and requirements. (1) Except those listed in paragraph (b)(2) of this section, each licensee subject to the provisions of this section shall fingerprint each individual who is permitted unescorted access to the nuclear power facility, the non-power reactor facility in accordance with paragraph (g) of this section, or access to Safeguards Information. The licensee will then review and use the information received from the Federal Bureau of Investigation (FBI) and, based on the provisions contained in this section, determine either to continue to grant or to deny further unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information for that individual. Individuals who do not have unescorted access or access to Safeguards Information shall be fingerprinted by the licensee and the results of the criminal history records check shall be used before making a determination for granting unescorted access to the nuclear power facility, non-power reactor facility, or to Safeguards Information.

(2) Licensees need not fingerprint in accordance with the requirements of this section for the following categories:

(i) For unescorted access to the nuclear power facility or the non-power reactor facility (but must adhere to provisions contained in §§73.21 and 73.22): NRC employees and NRC contractors on official agency business; individuals responding to a site emergency in accordance with the provisions of §73.55(a); offsite emergency response personnel who are responding to an emergency at a non-power reactor facility; a representative of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement at designated facilities who has been certified by the NRC; law enforcement personnel acting in an official capacity; Federal, State or local government employees who have had equivalent reviews of FBI criminal history data; and individuals employed at a facility who possess “Q” or “L” clearances or possess another active government granted security clearance (i.e., Top Secret, Secret, or Confidential);

(ii) For access to Safeguards Information only but must adhere to provisions contained in §§73.21, 73.22, and 73.23: the categories of individuals specified in 10 CFR 73.59.

(iii) Any licensee currently processing criminal history requests through the FBI pursuant to Executive Order 10450 need not also submit such requests to the NRC under this section; and

(iv) Upon further notice to licensees and without further rulemaking, the Commission may waive certain requirements of this section on a temporary basis.

(v) Individuals who have a valid unescorted access authorization to a non-power reactor facility on November 7, 2012 are not required to undergo a new fingerprint-based criminal history records check pursuant to paragraph (g) of this section, until such time that the existing authorization expires, is terminated, or is otherwise to be renewed.

(3) The licensee shall notify each affected individual that the fingerprints will be used to secure a review of his/her criminal history record, and inform the individual of proper procedures for revising the record or including explanation in the record.

(4) Fingerprinting is not required if the licensee is reinstating the unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information granted an individual if:

(i) The individual returns to the same nuclear power utility or non-power reactor facility that granted access and such access has not been interrupted for a continuous period of more than 365 days; and

(ii) The previous access was terminated under favorable conditions.

(5) Fingerprints need not be taken, in the discretion of the licensee, if an individual who is an employee of a licensee, contractor, manufacturer, or supplier has been granted unescorted access to a nuclear power facility, a non-power reactor facility, or to Safeguards Information by another licensee, based in part on a criminal history records check under this section. The criminal history records check file may be transferred to the gaining licensee in accordance with the provisions of paragraph (f)(3) of this section.

(6) All fingerprints obtained by the licensee under this section must be submitted to the Attorney General of the United States through the Commission.

(7) The licensee shall review the information received from the Attorney General and consider it in making a determination for granting unescorted access to the individual or access to Safeguards Information.

(8) A licensee shall use the information obtained as part of a criminal history records check solely for the purpose of determining an individual's suitability for unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information.

(c) Prohibitions. (1) A licensee may not base a final determination to deny an individual unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information solely on the basis of information received from the FBI involving:

(i) An arrest more than 1 year old for which there is no information of the disposition of the case; or

(ii) An arrest that resulted in dismissal of the charge or an acquittal.

(2) A licensee may not use information received from a criminal history check obtained under this section in a manner that would infringe upon the rights of any individual under the First Amendment to the Constitution of the United States, nor shall the licensee use the information in any way which would discriminate among individuals on the basis of race, religion, national origin, sex, or age.

(d) Procedures for processing of fingerprint checks. (1) For the purpose of complying with this section, licensees shall, using an appropriate method listed in §73.4, submit to the NRC's Division of Facilities and Security, Mail Stop TWB 05B32M, one completed, legible standard fingerprint card (Form FD-258, ORIMDNRCOOOZ) or, where practicable, other fingerprint records for each individual requiring unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information, to the Director of the NRC's Division of Facilities and Security, marked for the attention of the Division's Criminal History Check Section. Copies of these forms may be obtained by writing the Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, by calling 301-415-5877, or by email to [email protected] Guidance on what alternative formats might be practicable is referenced in §73.4. The licensee shall establish procedures to ensure that the quality of the fingerprints taken results in minimizing the rejection rate of fingerprint cards due to illegible or incomplete cards.

(2) The Commission will review applications for criminal history checks for completeness. Any Form FD-258 or other fingerprint record containing omissions or evident errors will be returned to the licensee for corrections. The fee for processing fingerprint checks includes one free resubmission if the initial submission is returned by the FBI because the fingerprint impressions cannot be classified. The one free resubmission must have the FBI Transaction Control Number reflected on the resubmission. If additional submissions are necessary, they will be treated as an initial submittal and require a second payment of the processing fee. The payment of a new processing fee entitles the submitter to an additional free resubmittal, if necessary. Previously rejected submissions may not be included with the third submission because the submittal will be rejected automatically.

(3)(i) Fees for the processing of fingerprint checks are due upon application. Licensees shall submit payment with the application for the processing of fingerprints through corporate check, certified check, cashier's check, money order, or electronic payment, made payable to “U.S. NRC.” (For guidance on making electronic payments, contact the Security Branch, Division of Facilities and Security, at (301) 415-7404). Combined payment for multiple applications is acceptable.

(ii) The application fee is the sum of the user fee charged by the FBI for each fingerprint card or other fingerprint record submitted by the NRC on behalf of a licensee, and an administrative processing fee assessed by the NRC. The NRC processing fee covers administrative costs associated with NRC handling of licensee fingerprint submissions. The Commission publishes the amount of the fingerprint records check application fee on the NRC public Web site. (To find the current fee amount, go to the Electronic Submittals page at http://www.nrc.gov/site-help/e-submittals.html and see the link for the Criminal History Program.) The Commission will directly notify licensees who are subject to this regulation of any fee changes.

(4) The Commission will forward to the submitting licensee all data received from the FBI as a result of the licensee's application(s) for criminal history checks, to include the FBI fingerprint record.

(e) Right to correct and complete information. (1) Prior to any final adverse determination, the licensee shall make available to the individual the contents of records obtained from the FBI for the purpose of assuring correct and complete information. Confirmation of receipt by the individual of this notification must be maintained by the licensee for a period of 1 year from the date of the notification.

(2) If after reviewing the record, an individual believes that it is incorrect or incomplete in any respect and wishes changes, corrections, or updating (of the alleged deficiency), or to explain any matter in the record, the individual may initiate challenge procedures. These procedures include direct application by the individual challenging the record to the agency, i.e., law enforcement agency, that contributed the questioned information or direct challenge as to the accuracy or completeness of any entry on the criminal history record to the Federal Bureau of Investigation Criminal Investigative Services Division, 1000 Custer Hollow Road, Clarksburg, WV 26537-9700 as set forth in 28 CFR 16.30 through 16.34. In the latter case, the FBI then forwards the challenge to the agency that submitted the data requesting that agency to verify or correct the challenged entry. Upon receipt of an official communication directly from the agency that contributed the original information, the FBI Criminal Justice Information Services Division makes any changes necessary in accordance with the information supplied by that agency. Licensees must provide at least 10 days for an individual to initiate action to challenge the results of an FBI criminal history records check after the record being made available for his/her review. The licensee may make a final adverse determination based upon the criminal history record, if applicable, only upon receipt of the FBI's confirmation or correction of the record.

(3) In addition to the right to obtain records from the FBI in paragraph (e)(1) of this section and the right to initiate challenge procedures in paragraph (e)(2) of this section, an individual participating in an NRC adjudication and seeking to obtain Safeguards Information for use in that adjudication may appeal a final adverse determination by the NRC Office of Administration to the presiding officer of the proceeding. The request may also seek to have the Chief Administrative Judge designate an officer other than the presiding officer of the proceeding to review the adverse determination.

(f) Protection of information. (1) Each licensee who obtains a criminal history record on an individual under this section shall establish and maintain a system of files and procedures for protection of the record and the personal information from unauthorized disclosure.

(2) The licensee may not disclose the record or personal information collected and maintained to persons other than the subject individual, his/her representative, or to those who have a need to have access to the information in performing assigned duties in the process of granting or denying unescorted access to the nuclear power facility, the non-power reactor facility or access to Safeguards Information. No individual authorized to have access to the information may re-disseminate the information to any other individual who does not have a need to know.

(3) The personal information obtained on an individual from a criminal history record check may be transferred to another licensee:

(i) Upon the individual's written request to the licensee holding the data to re-disseminate the information contained in his/her file; and

(ii) The gaining licensee verifies information such as name, date of birth, social security number, sex, and other applicable physical characteristics for identification.

(4) The licensee shall make criminal history records obtained under this section available for examination by an authorized representative of the NRC to determine compliance with the regulations and laws.

(5) The licensee shall retain all fingerprint and criminal history records received from the FBI, or a copy if the individual's file has been transferred, on an individual (including data indicating no record) for one year after termination or denial of unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information.

(g) Fingerprinting requirements for unescorted access for non-power reactor licensees. (1) No person shall be permitted unescorted access to a non-power reactor facility unless that person has been determined by an NRC-approved reviewing official to be trustworthy and reliable based on the results of an FBI fingerprint-based criminal history records check obtained in accordance with this paragraph. The reviewing official is required to have unescorted access in accordance with this section or access to Safeguards Information.

(2) Each non-power reactor licensee subject to the requirements of this section shall obtain the fingerprints for a criminal history records check for each individual who is seeking or permitted:

(i) Unescorted access to vital areas of the non-power reactor facility; or

(ii) Unescorted access to special nuclear material in the non-power reactor facility provided the individual who is seeking or permitted unescorted access possesses the capability and knowledge to make unauthorized use of the special nuclear material in the non-power reactor facility or to remove the special nuclear material from the non-power reactor in an unauthorized manner.

[52 FR 6314, Mar. 2, 1987; 52 FR 7821, Mar. 13, 1987]

Editorial Note: For Federal Register citations affecting §73.57, see the List of CFR Sections Affected, which appears in the Finding Aids section of the printed volume and at www.govinfo.gov.

§73.58   Safety/security interface requirements for nuclear power reactors.

(a) Each operating nuclear power reactor licensee with a license issued under part 50 or 52 of this chapter shall comply with the requirements of this section.

(b) The licensee shall assess and manage the potential for adverse effects on safety and security, including the site emergency plan, before implementing changes to plant configurations, facility conditions, or security.

(c) The scope of changes to be assessed and managed must include planned and emergent activities (such as, but not limited to, physical modifications, procedural changes, changes to operator actions or security assignments, maintenance activities, system reconfiguration, access modification or restrictions, and changes to the security plan and its implementation).

(d) Where potential conflicts are identified, the licensee shall communicate them to appropriate licensee personnel and take compensatory and/or mitigative actions to maintain safety and security under applicable Commission regulations, requirements, and license conditions.

[74 FR 13987, Mar. 27, 2009]

§73.59   Relief from fingerprinting, identification and criminal history records checks and other elements of background checks for designated categories of individuals.

Fingerprinting, and the identification and criminal history records checks required by section 149 of the Atomic Energy Act of 1954, as amended, and other elements of background checks are not required for the following individuals prior to granting access to Safeguards Information, including Safeguards Information designated as Safeguards Information-Modified Handling as defined in 10 CFR 73.2:

(a) An employee of the Commission or the Executive Branch of the United States government who has undergone fingerprinting for a prior U.S. government criminal history records check;

(b) A member of Congress;

(c) An employee of a member of Congress or Congressional committee who has undergone fingerprinting for a prior U.S. government criminal history records check;

(d) The Comptroller General or an employee of the Government Accountability Office who has undergone fingerprinting for a prior U.S. Government criminal history records check;

(e) The Governor of a State or his or her designated State employee representative;

(f) A representative of a foreign government organization that is involved in planning for, or responding to, nuclear or radiological emergencies or security incidents who the Commission approves for access to Safeguards Information, including Safeguards Information designated as Safeguards Information—Modified Handling;

(g) Federal, State, or local law enforcement personnel;

(h) State Radiation Control Program Directors and State Homeland Security Advisors or their designated State employee representatives;

(i) Agreement State employees conducting security inspections on behalf of the NRC pursuant to an agreement executed under section 274.i. of the Atomic Energy Act of 1954, as amended;

(j) Representatives of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement who have been certified by the NRC;

(k) Any agent, contractor, or consultant of the aforementioned persons who has undergone equivalent criminal history records and background checks to those required by 10 CFR 73.22(b) or 73.23(b).

(l) Tribal official or the Tribal official's designated representative, and Tribal law enforcement personnel.

[73 FR 63580, Oct. 24, 2008, as amended at 77 FR 34206, June 11, 2012]

§73.60   Additional requirements for physical protection at nonpower reactors.

Each nonpower reactor licensee who, pursuant to the requirements of part 70 of this chapter, possesses at any site or contiguous sites subject to control by the licensee uranium-235 (contained in uranium enriched to 20 percent or more in the U-235 isotope), uranium-233, or plutonium, alone or in any combination in a quantity of 5000 grams or more computed by the formula, grams = (grams contained U-235) + 2.5 (grams U-233 + grams plutonium), shall protect the special nuclear material from theft or diversion pursuant to the requirements of paragraphs 73.67 (a), (b), (c), and (d), in addition to this section, except that a licensee is exempt from the requirements of paragraphs (a), (b), (c), (d), and (e) of this section to the extent that it possesses or uses special nuclear material that is not readily separable from other radioactive material and that has a total external radiation dose rate in excess of 100 rems per hour at a distance of 3 feet from any accessible surface without intervening shielding.

(a) Access requirements. (1) Special nuclear material shall be stored or processed only in a material access area. No activities other than those which require access to special nuclear material or equipment employed in the process, use, or storage of special nuclear material, shall be permitted within a material access area.

(2) Material access areas shall be located only within a protected area to which access is controlled.

(3) Special nuclear material not in process shall be stored in a vault equipped with an intrusion alarm or in a vault-type room, and each such vault or vault-type room shall be controlled as a separate material access area.

(4) Enriched uranium scrap in the form of small pieces, cuttings, chips, solutions or in other forms which result from a manufacturing process, contained in 30-gallon or larger containers, with a uranium-235 content of less than 0.25 grams per liter, may be stored within a locked and separately fenced area which is within a larger protected area provided that the storage area is no closer than 25 feet to the perimeter of the protected area. The storage area when unoccupied shall be protected by a guard or watchman who shall patrol at intervals not exceeding 4 hours, or by intrusion alarms.

(5) Admittance to a material access area shall be under the control of authorized individuals and limited to individuals who require such access to perform their duties.

(6) Prior to entry into a material access area, packages shall be searched for devices such as firearms, explosives, incendiary devices, or counterfeit substitute items which could be used for theft or diversion of special nuclear material.

(7) Methods to observe individuals within material access areas to assure that special nuclear material is not diverted shall be provided and used on a continuing basis.

(b) Exit requirement. Each individual, package, and vehicle shall be searched for concealed special nuclear material before exiting from a material access area unless exit is into a contiguous material access area. The search may be carried out by a physical search or by use of equipment capable of detecting the presence of concealed special nuclear material.

(c) Detection aid requirement. Each unoccupied material access area shall be locked and protected by an intrusion alarm on active status. All emergency exits shall be continuously alarmed.

(d) Testing and maintenance. Each licensee shall test and maintain intrusion alarms, physical barriers, and other devices utilized pursuant to the requirements of this section as follows:

(1) Intrusion alarms, physical barriers, and other devices used for material protection shall be maintained in operable condition.

(2) Each intrusion alarm shall be inspected and tested for operability and required functional performance at the beginning and end of each interval during which it is used for material protection, but not less frequently than once every seven (7) days.

(e) Response requirement. Each licensee shall establish, maintain, and follow an NRC-approved safeguards contingency plan for responding to threats, thefts, and radiological sabotage related to the special nuclear material and nuclear facilities subject to the provisions of this section. Safeguards contingency plans must be in accordance with the criteria in Appendix C to this part, “Licensee Safeguards Contingency Plans.”

(f) In addition to the fixed-site requirements set forth in this section and in §73.67, the Commission may require, depending on the individual facility and site conditions, any alternate or additional measures deemed necessary to protect against radiological sabotage at nonpower reactors licensed to operate at or above a power level of 2 megawatts thermal.

[38 FR 35430, Dec. 28, 1973, as amended at 44 FR 68199, Nov. 28, 1979; 57 FR 33431, July 29, 1992; 58 FR 13700, Mar. 15, 1993]

§73.61   Relief from fingerprinting and criminal history records check for designated categories of individuals permitted unescorted access to certain radioactive materials or other property.

Notwithstanding any other provision of the Commission's regulations, fingerprinting and the identification and criminal history records checks required by section 149 of the Atomic Energy Act of 1954, as amended, are not required for the following individuals prior to granting unescorted access to radioactive materials or other property that the Commission determines by regulation or order to be of such significance to the public health and safety or the common defense and security as to warrant fingerprinting and background checks:

(a) An employee of the Commission or of the Executive Branch of the U.S. Government who has undergone fingerprinting for a prior U.S. Government criminal history check;

(b) A Member of Congress;

(c) An employee of a member of Congress or Congressional committee who has undergone fingerprinting for a prior U.S. Government criminal history check;

(d) The Governor of a State or his or her designated State employee representative;

(e) Federal, State, or local law enforcement personnel;

(f) State Radiation Control Program Directors and State Homeland Security Advisors or their designated State employee representatives;

(g) Agreement State employees conducting security inspections on behalf of the NRC pursuant to an agreement executed under section 274.i. of the Atomic Energy Act;

(h) Representatives of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement who have been certified by the NRC.

[72 FR 4948, Feb. 2, 2007]

Need assistance?