 | |||||||
|
|||||||
| |||||||
| |||||||
| |||||||
 |
Home |  |
Who We Are | |
What We Do | |
Nuclear Reactors | |
Nuclear Materials | |
Radioactive Waste | |
Public Involvement |  |
Electronic Reading Room |  |
NUCLEAR REGULATORY COMMISSION10 CFR Parts 2, 10, 11, 25, and 95RIN 3150-AF97 Conformance to National Policies For Access to and Protection of Classified Information AGENCY: Nuclear Regulatory Commission. ACTION: Final rule. SUMMARY: The Nuclear Regulatory Commission (NRC) is amending its regulations to conform the requirements for the protection of and access to classified information to new national security policy documents. This final rule is necessary to ensure that classified information in the possession of NRC licensees, certificate holders, and others under the NRC's regulatory requirements is protected in accordance with current national policies. EFFECTIVE DATE: May 3, 1999. FOR FURTHER INFORMATION CONTACT: James J. Dunleavy, Division of Facilities and Security, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001 telephone (301) 415-7404, E-mail JJD1@NRC.GOV. SUPPLEMENTARY INFORMATION: I. BackgroundOn August 3, 1998 (63 FR 41206), the NRC published a proposed rule in the Federal Register to amend 10 CFR parts 10, 11, 25, and 95 to conform its requirements for the protection of classified Information at licensee, certificate holder and other facilities to new national security policy documents. The national requirements for the protection of and access to classified National Security Information were revised by the issuance of the National Industrial Security Program Operating Manual (NISPOM), Executive Order 12958, "Classified National Security Information," dated April 17, 1995, and Executive Order 12968, "Access to Classified Information," dated August 2, 1995. The final rule amends the provisions of 10 CFR parts 2, 10, 11, 25, and 95 that deal with requirements for access to and protection of classified information that have been changed or added by the NISPOM, the executive orders, or new national guidelines on the scope and adjudication of personnel security investigations. Specifically, changes include a new definition in 10 CFR part 10 for the "Personnel Security Review Panel" and revisions to a number of definitions in parts 10, 11, 25, and 95 to reflect a change in the name of the Division of Security to the Division of Facilities and Security. Additionally, several changes to definitions were made to reflect: A change in responsibility for certain decisions from the Executive Director for Operations to the Deputy Executive Director for Management Services; revised due process procedures; a new requirement for a facility clearance for those licensees or others who require access to classified information at a facility other than their own; additional information on the scope and reporting requirements for the Foreign Ownership, Control, or Influence (FOCI) program; a requirement to resubmit an update to the Security Practice Procedures Plan every five years; a requirement for a visitor control program; and greater specificity as to when particular reports are required. The rule also adopts new requirements in areas where the executive orders, the NISPOM, or the adjudicative guidelines require specific procedures not included in the previous versions of the rules. These new requirements include: The change to a three member Personnel Security Review Panel from three Review Examiners, acting individually, reviewing the record of a case where an individual's eligibility for access authorization or employment clearance is in question; an explicit notification that individuals whose eligibility for access authorization or employment clearance is in question have the right to be represented by counsel or other representative at their own expense and that they have a right to the documents, records, and reports which form the basis for the question of their eligibility to the extent they are unclassified and do not reveal a confidential source, and to the entire investigative file, as permitted by national security and other applicable law; a change to the period between reinvestigations for "L" and "R" access authorizations from five years to ten years; a change to the fee schedules of 10 CFR parts 11 and 25 due to a change in the investigative requirements for "Q," "L," "U," and "R" access authorizations; and changing the security classification markings to conform to Executive Order 12958. The rule also eliminates the proposed changes to §§25.15 and 95.35 that would have permitted access to most Secret Restricted Data based on an "L" clearance rather than a "Q" clearance. The rule also incorporates a change to §§25.11 and 95.11, "Specific exemptions," to clarify requirements for requesting and approving exemptions. This change was based on experience with exemption requests following publication of the proposed rule and is intended to follow more closely the language of §50.12, "Specific exemptions." Finally, the rule amends paragraph 11.15(e)(1) and appendix A to 10 CFR part 25 to reflect recent Office of Personnel Management investigative cost changes. Most of the changes have resulted in significant cost decreases for affected parties. For example, the cost of a single scope background investigation for a "U" or "Q" access authorization is reduced from $3275 to $2856. Where costs have increased, it has been on the order of two to three dollars. II. Comments on the Proposed RuleThe Commission received three letters commenting on the proposed rule, one from the U.S. Enrichment Corporation, one from the Department of Defense (DoD), and one from the Department of Energy (DOE). Copies of the letters are available for public inspection and copying for a fee at the Commission's Public Document Room, located at 2120 L Street, NW. (Lower Level), Washington, DC. Comments from the USECComment: The commenter provided a comment on 10 CFR 2.790(d), "Public inspections, exemptions, requests for withholding." They stated that "10 CFR 2.790(d) now provides for protection of a licensee's physical security plan and material control and accounting program documents. It seems appropriate to protect classified matter protection plans from public disclosure in the same way as physical security plans and fundamental nuclear material controls plans are protected." Response: Classified matter protection plans have always been considered as a part of the physical protection plan and have been protected from public disclosure. NRC, however, has no objection to clarifying this issue in the rulemaking and has adopted the recommendation by adding "classified matter protection" to §2.790(d). Comment: The commenter recommended that §11.3 be clarified to indicate more prominently that the scope of the rule is only applicable to those licensees who possess formula quantities of strategic special nuclear material. Response: Section 11.3 has been modified for clarity. Comment: The commenter noted that "As currently described in 10 CFR 95.5, a container must have both a "Test Certification Label" and a "General Services Administration Approved Security Container" marking to qualify as a "Security Container." Since either reflects acceptable qualification, one or the other should be adequate and both should not be required." Response: Section 95.5 has been modified for clarity. Comment: The commenter stated that "It is unclear (to USEC) what constitutes a significant event or change affecting foreign ownership, control, or influence (FOCI). It is our understanding that the NRC is responsible for making FOCI determinations. Therefore, the NRC should establish criteria that licensees and certificate holders can use to make the determination of what events/changes should be reported to the NRC. For example, in 10 CFR 95.19(b) the NRC has described what `minor, non-substantive changes' include." Response: The rule language in 10 CFR 95.17 has been modified to describe the types of significant changes that will require NRC notification. Comment: The commenter stated that "The language of 10 CFR 95.19(a) indicates that any change to the security procedures and controls would require the certificate holder to obtain prior Cognizant Security Agency (CSA) approval. The rule, however, only requires prior approval of substantive changes. Further, the language is inconsistent with other parts of the regulations with regard to the definition of "substantive." Section 50.54(p)(1), the process followed by the agency concerning the preparation and maintenance of safeguards contingency plan procedures for part 50 licensees, describe substantive changes as those that decrease the effectiveness of the security plan. Therefore, to (i) clarify that prior approval is only needed for substantive changes, and (ii) be consistent with other parts of the regulations, USEC requests that the rule language in 10 CFR 95.19(a) be modified. * * *" Response: It has always been NRC policy that only substantive changes require prior CSA approval. Section 95.19(a) clearly states, "Except as specified in paragraph (b) of this section each licensee * * * shall obtain prior approval * * *." Section 95.19(b) states "A licensee or other person may effect a minor, non-substantive change to an approved Standard Practice Procedures Plan for the safeguarding of classified matter without receiving prior CSA approval * * *." The current language is clear. The examples cited as substantive changes in §95.19(a) fully qualify as changes affecting the security of NRC classified matter. If a licensee were to change a classified mailing address without notification to the CSA, it is likely that other facilities would continue to send classified information to the old classified mailing address which was no longer qualified to receive it. That would create a serious threat of compromise to the information. The change to a new location for the approved facility would have potential major impacts on the security of the classified matter. Facility approval is granted based on the physical and procedural safeguards at a given location. If a licensee could move the facility without prior approval, it would be very similar to granting the right to initially approve themselves. Therefore these comments have not been adopted. Comment: The commenter indicated that "10 CFR 95.25(i) requires the inventory of a container found open. Because the NRC does not require an initial inventory of container contents, it is not clear what purpose the latter inventory serves. Regulations (10 CFR 95.41) were revised in 1996 to remove inventory requirements for classified documents, with the exception of external receipt and dispatch records. Further, inventories may no longer have much meaning since documents, computer disks, and other ADP media are easily copied with today's technology. Finally, 10 CFR 95.25(i) has reporting language that is unnecessary and should be eliminated. Finding an open security container would constitute an infraction and would, therefore, be reportable under 10 CFR 95.57." Response: For the reasons cited by the commenter, the rule language in Section 95.25(i) has been modified to eliminate the requirements for an inventory and report. Comment: The commenter stated that "10 CFR 95.25(j)(7) requires that keys and spare locks be changed or rotated every 12 months. It is not clear why locks and keys are treated differently than combinations. Combinations only require change out if evidence of compromise exists. Changing locks every 12 months can be an expensive procedure at a large facility employing several thousand people." Because both devices serve the same purpose (i.e., physical controls which deny access to classified matter), the commenter believes they should be treated consistently. Response: Although the comment is not unreasonable, the national requirement, as reflected in section 509310, "Supervision of Keys and Padlocks," of the NISPOM, is explicit. It states, "Use of key-operated padlocks are subject to the following requirements: (i) A key and lock custodian shall be appointed to ensure proper custody and handling of keys and locks used for protection of classified material; * * *; (vii) locks shall be changed or rotated at least annually, and shall be replaced after loss or compromise of their operable keys; * * *" The NRC requirement is a direct implementation of the national policy. Comment: The commenter noted that "10 CFR 95.33(f) provides an example of the type of refresher briefing that would be appropriate to meet the requirements of this section, namely, the use of "audio/video materials and by issuing written materials." The example appears to preclude written or audio/video by themselves, both of which are adequate training tools. The commenter requests that the rule language in 10 CFR 95.33(f) be modified to permit either audio-visual or written materials. Response: It has never been NRC's intent to require both audio-visual and written materials. We agree with the commenter that either alone, or both together, is an acceptable approach. The paragraph has been modified to clarify this point. Comment: The commenter noted that "10 CFR 95.34(b)(1) requires that certain information concerning foreign visitors be provided to the NRC 60 days in advance of the visit. USEC operates a commercial uranium enrichment facility and already implements a security program which precludes the dissemination/exposure of classified information to Foreign Nationals. * * * As a commercial operation with extensive foreign customers, USEC cannot operate under such conditions. Our security program has already been reviewed and determined to be effective in precluding foreign nationals from gaining access to classified information. Security plans for all visits by foreign nationals are prepared, maintained, and available for review by the NRC. In this way, the NRC can still track the movement of foreign nationals and analyze potential threats. * * * Finally, the retention period for maintenance of records described in 10 CFR 95.34(b)(2) calls for five years. It does not appear that this change is related to the National Industrial Security Program." Response: Although the NISPOM requires security controls for foreign nationals, it does not contain a requirement for a 60-day advance notification of visits by foreign nationals. NRC agrees that the proposed 60-day requirement is not needed and that the existing controls dealing with foreign nationals are adequate. However, the requirement to maintain the records of these visits for five years is consistent with the NRC requirements under §95.36 for the International Atomic Energy Agency (IAEA) inspectors. NRC has modified §95.34 to remove the 60-day notification requirement but is maintaining the five-year recordkeeping requirement. Comment: The commenter noted that the proposed changes to §95.35 ". * * * could save hundreds of thousands of dollars by essentially eliminating the need for "Q" clearances at our facilities. However, USEC clearances are maintained by the DOE and we are required to follow DOE personnel security regulations per NRC/DOE agreement. And although the Secretary of Energy signed the National Industrial Security Program required by Presidential Executive Order, it should be noted that, DOE's Office of Safeguards and Security does not endorse this concept. This discrepancy between the two agencies may result in complications for USEC." Response: As noted below, DOE strongly objects to a reduction in the investigative requirements for access to Secret Restricted Data until such time as DOE and DoD reconcile their significant differences in the protection requirements of Secret Restricted Data. Because DOE rather than NRC maintains security clearances for the commenter, USEC apparently desires to avoid complications that may result from differing standards between NRC and DOE. The commenter is the organization that would be most affected by this change. No other licensee or certificate holder commented on this change. NRC has decided to withdraw the proposed change and allow the current requirements to remain in effect until DOE and DoD reconcile their significant differences in the protection requirements of Secret Restricted Data. Comment: The commenter stated that "while the proposed regulations (§95.57) should reduce the number of telephonic reports, it will not decrease the greater administrative burden on the certificate holder created by the required written reports. NRC should adopt a reporting system similar to that used by the power reactor industry and required by 10 CFR 73.71. Specifically, 10 CFR 95.57(a) should explain what type of event would require a one hour report (similar to 10 CFR 73.71(a)(1)). * * * Similarly, 10 CFR 95.57(b) should be revised to include those events not rising to the level of events described in 10 CFR 95.57(a). Events involving infractions, losses, or compromises should be logged for review. All loggable events should be sent to the NRC on a quarterly basis. * * * The requirement for 30 day written reports (follow up) should be eliminated for all except one hour reports. Experience has shown that these follow up reports involve extensive review by management and are time intensive. By using the logging process identified in 10 CFR 73.71, the NRC would still receive written indication of an event for inspection review or follow up. Such loggable events could show corrective actions or problem report numbers for further review if desired. Also, the NRC should consider a single point of contact for reportable events. The proposed reporting requirements require multiple reports within NRC. * * * Experience has shown that time delays may occur before the proper NRC individual can be located. This places severe time constraints on a licensee/certificate holder who must make a determination for reporting and notify two separate offices within the NRC of an event. USEC believes that the criteria for submission of NRC Form 790 more appropriately belongs in §95.37, "Classification and Preparation of Documents." Additionally, NRC has changed the requirement for submission of Form 790 from monthly to "* * * as completed basis or every 30 days." Typically, the NRC has used the 30 day time period for submission of reports or events, not standard document submission. Because USEC files this form on a regular basis, we prefer to keep the current wording, * * * on a monthly basis. * * *" Response: NRC agrees that examples of events requiring one-hour reporting should be included and §95.57(a) has been revised to include these examples. NRC is also amenable to reducing the formal reporting requirements for security infractions to accommodate the logging procedure recommended by the commenter. We do not agree that quarterly reporting is adequate and have changed the rule to provide for submission of logs on a monthly basis. NRC does not agree that a single point of contact is practical for events of a high level of significance (note that we have agreed above to significantly reduce the number of events that will qualify for one-hour reporting). Because only truly serious events will now qualify, it is important that both the CSA and the NRC regional office be notified promptly. This change has not been adopted. NRC agrees that restoring the reporting requirement for the NRC Form 790 to "monthly" is acceptable and has so revised §95.57(c). However, NRC will not remove the "as completed" option for those entities that prefer to submit information electronically as documents are classified. NRC does not see any particular advantage to moving the reporting requirement to a different paragraph and has not adopted that recommendation. The commenter also provided comments on the NRC document, "Standard Practice Procedures Plan Standard Format and Content for the Protection of Classified Matter for NRC Licensees, Certificate Holder, and Related Organizations," which is not a part of this rulemaking. Comments From the DoDComment: The commenter noted that "During the development of the NISPOM, it became necessary to resolve dissimilar requirements for the handling of RD between the Department of Energy, the Commission, and this Department. For the past 40+ years, the Defense Department has successfully handled and stored RD according to its classification level, protecting SECRET/RD as SECRET national security information. * * * We have been working to resolve these differing requirements since 1995 * * * and that * * * in the interim, in (their) view * * * unnecessarily costly background investigations are continuing to be run in Energy and the Commission for access to the same information that is accessed based on a lesser investigation in the Defense Department. * * * Therefore, the Defense Department fully supports §§25.15 and 95.35 of the referenced proposed rule." Response: NRC does not have significant numbers of licensee or certificate holder personnel with "Q" clearances. Most of those with "Q" clearances are at USEC. USEC commented that a discrepancy between DOE and NRC personnel security requirements for access to Secret Restricted Data may result in complications for USEC. As noted above, NRC has elected not to make these revisions to its rules until DOE and DoD reconcile their significant differences in the protection requirements of Secret Restricted Data. Comments from the Department of Energy (DOE)Comment: The commenter stated that they ". * * * have significant concerns that this rule, if amended as stated in your proposal, will compromise some of the nations most sensitive nuclear weapons information. Our position remains unchanged from our comment to the previous revision to this regulation. During the process of developing a single security standard for. * * * the protection of classified information, it was discovered that significant differences existed between the Department of Energy and the Department of Defense in the protection of Secret Restricted Data. * * * The two agencies agreed to work toward a solution. We are still in the process of reconciling those differences. * * * Neither the NISPOM nor the NISPOM Supplement allow for access to Secret Restricted Data based on an "L" access authorization. * * * When information is created, there is no distinction within Secret Restricted Data of "critical" or "nuclear weapons design, manufacturing, or vulnerability." Without the identification and marking of this type of information, the implementation of the requirement within NRC would be impossible. If this requirement were implemented, it poses a potential threat to Secret Restricted Data, that is, this country's most sensitive weapons design information being accessed by "L" cleared individuals." Response: As stated above, because DOE strongly objects to changing the rule until DOE and DoD reconcile their significant differences in the protection requirements of Secret Restricted Data, and USEC, the organization most affected by this aspect of the rule, advised that a discrepancy between DOE and NRC on this issue may result in complications for them, NRC has decided not to modify §§25.15 and 95.35 at this time. III. The Final RuleWith the exception of the items addressed under "Comments on the Proposed Rule," clarifying changes to §§25.11 and 95.11, "Specific exemptions," a slight change to fees charged for investigations in §11.15 and Appendix A to 10 CFR part 25, and minor editorial and clarifying changes, the final rule is the same as the proposed rule. The specific changes from the proposed rule are--
Section 95.57 has been changed to provide examples of the types of events that would require one-hour reporting, to reduce the number of events requiring one-hour reporting, and to replace some of the existing reports with a log maintained by a licensee/certificate holder. Small Business Regulatory Enforcement Fairness ActIn accordance with the Small Business Regulatory Enforcement Fairness Act of 1996, the NRC has determined that this action is not a major rule and has verified this determination with the Office of Information and Regulatory Affairs of OMB. Environmental Impact: Categorical ExclusionThe NRC has determined that this final rule is the type of action described as a categorical exclusion in 10 CFR 51.22(c)(1). Therefore, neither an environmental impact statement nor an environmental assessment has been prepared for this final rule. Paperwork Reduction Act StatementThis final rule amends information collection requirements that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501, et seq.). These requirements were approved by the Office of Management and Budget, approval numbers 3150-0046, 3150-0047, 3150-0050, and 3150-0062. The public reporting burden for this information collection is estimated to average 12.5 hours per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the information collection. The average burden hours per response for the proposed rule was estimated at 8.3 hours instead of 7.5 hours because the recordkeeping hours were not included in the burden estimate. The final rule burden increase includes the reduction of 8 responses and 4 burden hours because of the deletion of the requirement at 10 CFR 95.34(b)(1) for advance notification of foreign visitors. Send comments on any aspect of this information collection, including suggestions for reducing the burden, to the Records Management Branch (T-6 F33), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by Internet electronic mail at BJS1@NRC.GOV; and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202, (3150-0046,-0047,-0050, and-0062), Office of Management and Budget, Washington, DC 20503. Public Protection NotificationIf a means used to impose an information collection does not display a currently valid OMB control number, the NRC may not conduct or sponsor, and a person is not required to respond to, the information collection. Regulatory AnalysisThe Commission has prepared a regulatory analysis for this final regulation. The analysis examines the costs and benefits of the alternatives considered by the Commission. The analysis is available for inspection in the NRC Public Document Room, 2120 L Street, NW (Lower Level), Washington, DC. Single copies of the analysis may be obtained from James J. Dunleavy, Division of Facilities and Security, Office of Administration, U. S. Nuclear Regulatory Commission, Washington, DC 20555, telephone: (301) 415-7404, e-mail: JJD1@nrc.gov. Regulatory Flexibility CertificationAs required by the Regulatory Flexibility Act of 1980, 5 U.S.C. 605(b), the Commission certifies that this rule will not have a significant economic impact upon a substantial number of small entities. The NRC carefully considered the effect on small entities in developing this final rule on the protection of classified information and has determined that none of the facilities affected by this rule would qualify as a small entity under the NRC's size standards (10 CFR 2.810). Backfit AnalysisThe NRC has determined that the backfit rules in 10 CFR 50.109 and 76.76 apply to this rulemaking initiative because it falls within the criteria in 10 CFR 50.109(a)(1) and 76.76(a)(1). However, a backfit analysis is not required because this rulemaking falls under the 10 CFR 50.109(a)(4)(iii) and 76.76(a)(4)(iii) exceptions for a regulatory action that involves "redefining what level of protection to the . . . common defense and security should be regarded as adequate." Furthermore, the NRC has determined that this rulemaking does not constitute a backfit under the backfit rule in 10 CFR 72.62(a). List of Subjects10 CFR Part 2Administrative practice and procedure, Antitrust, Byproduct material, Classified information, Environmental protection, Nuclear material, Nuclear power plants and reactors, Penalties, Sex discrimination, Source material, Special nuclear material, Waste treatment and disposal. 10 CFR Part 10Administrative practice and procedure, Classified information, Criminal penalties, Investigations, Security measures. 10 CFR Part 11Hazardous materials--transportation, Investigations, Nuclear Materials, Reporting and recordkeeping requirements, Security measures, Special nuclear material. 10 CFR Part 25Classified information, Criminal penalties, Investigations, Reporting and recordkeeping requirements, Security measures. 10 CFR Part 95Classified information, Criminal penalties, Reporting and recordkeeping requirements, Security measures. For the reasons set out in the preamble and under the authority of the Atomic Energy Act of 1954, as amended; the Energy Reorganization Act of 1974, as amended; and 5 U.S.C. 553; the NRC is adopting the following amendments to 10 CFR parts 2, 10, 11, 25, and 95. PART 2--RULES OF PRACTICE FOR DOMESTIC LICENSING PROCEEDINGS AND ISSUANCE OF ORDERS1. The authority citation for part 2 continues to read as follows: Authority: Secs.161, 181, 68 Stat. 948, 953, as amended (42 U.S.C. 2201, 2231); sec. 191, as amended, Pub. L. 87-615, 76 Stat. 409 (42 U.S.C. 2241); sec. 201, 88 Stat.1242, as amended (42 U.S.C. 5841); 5 U.S.C. 552. Section 2.101 also issued under secs. 53, 62, 63, 81, 103, 104, 105, 68 Stat. 930, 932, 933, 935, 936, 937, 938, as amended (42 U.S.C. 2073, 2092, 2093, 2111, 2133, 2134, 2135); sec. 114(f), Pub. L. 97-425, 96 Stat. 2213, as amended (42 U.S.C. 10134(f)); sec. 102, Pub. L. 91-190, 83 Stat. 853, as amended (42 U.S.C. 4332); sec. 301, 88 Stat. 1248 (42 U.S.C. 5871). Sections 2.102, 2.103, 2.104, 2.105, 2.721 also issued under secs. 102, 103, 104, 105, 183, 189, 68 Stat. 936, 937, 938, 954, 955, as amended (42 U.S.C. 2132, 2133, 2134, 2135, 2233, 2239). Section 2.105 also issued under Pub. L. 97-415, 96 Stat. 2073 (42 U.S.C. 2239). Sections 2.200-2.206 also issued under secs. 161 b, i, o, 182, 186, 234, 68 Stat. 948-951, 955, 83 Stat. 444, as amended (42 U.S.C. 2201 (b), (i), (o), 2236, 2282); sec. 206, 88 Stat 1246 (42 U.S.C. 5846). Sections 2.205(j) also issued under Pub. L. 101-410, 104 Stat. 890, as amended by section 31001(s), Pub. L. 104-134, 110 Stat. 1321-373 (28 U.S.C. 2461 note). Sections 2.600-2.606 also issued under sec. 102, Pub. L. 91-190, 83 Stat. 853, as amended (42 U.S.C. 4332). Sections 2.700a, 2.719 also issued under 5 U.S.C. 554. Sections 2.754, 2.760, 2.770, 2.780 also issued under 5 U.S.C. 557. Section 2.764 also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 2.790 also issued under sec. 103, 68 Stat. 936, as amended (42 U.S.C. 2133) and 5 U.S.C. 552. Sections 2.800 and 2.808 also issued under 5 U.S.C. 553. Section 2.809 also issued under 5 U.S.C. 553 and sec. 29, Pub. L. 85-256, 71 Stat. 579, as amended (42 U.S.C. 2039). Subpart K also issued under sec. 189, 68 Stat. 955 (42 U.S.C. 2239); sec. 134, Pub. L. 97-425, 96 Stat. 2230 (42 U.S.C. 10154). Subpart L also issued under sec. 189, 68 Stat. 955 (42 U.S.C. 2239). Appendix A also issued under sec. 6, Pub. L. 91-560, 84 Stat. 1473 (42 U.S.C. 2135). 2. In §2.790 paragraph (d)(1) is revised to read as follows: §2.790--Public Inspections, exemptions, requests for withholding. * * * * * (d) * * * (1) Correspondence and reports to or from the NRC which contain information or records concerning a licensee's or applicant's physical protection, classified matter protection, or material control and accounting program for special nuclear material not otherwise designated as Safeguards Information or classified as National Security Information or Restricted Data. * * * * * PART 10--CRITERIA AND PROCEDURES FOR DETERMINING ELIGIBILITY FOR ACCESS TO RESTRICTED DATA OR NATIONAL SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE3. The authority citation for part 10 is revised to read as follows: Authority: Secs. 145, 161, 68 Stat. 942, 948, as amended (42 U.S.C. 2165, 2201); sec. 201, 88 Stat. 1242, as amended (42 U.S.C. 5841); E.O. 10450, 3 CFR parts 1949--1953 COMP., p. 936, as amended; E.O. 10865, 3 CFR 1959-1963 COMP., p. 398, as amended; 3 CFR Table 4.; E.O. 12968, 3 CFR 1995 COMP., p.396. 4. Section 10.1 is revised to read as follows: §10.1--Purpose. (a) This part establishes the criteria, procedures, and methods for resolving questions concerning: (1) The eligibility of individuals who are employed by or applicants for employment with NRC contractors, agents, and licensees of the NRC, individuals who are NRC employees or applicants for NRC employment, and other persons designated by the Deputy Executive Director for Management Services of the NRC, for access to Restricted Data pursuant to the Atomic Energy Act of 1954, as amended, and the Energy Reorganization Act of 1974, or for access to national security information; and (2) The eligibility of NRC employees, or the eligibility of applicants for employment with the NRC, for employment clearance. (b) This part is published to implement the Atomic Energy Act of 1954, as amended, the Energy Reorganization Act of 1974, as amended, Executive Order 10865, 25 FR 1583 (February 24, 1960) Executive Order 10450, 18 FR 2489 (April 27, 1954), and Executive Order 12968, 60 FR 40245 (August 2, 1995). 5. In §10.2, paragraph (d) is revised to read as follows: §10.2--Scope. * * * * * (d) Any other person designated by the Deputy Executive Director for Management Services of the Nuclear Regulatory Commission. 6. In §10.5, the introductory text is removed, the paragraph designations preceding each of the defined terms are removed, the definitions are rearranged in alphabetical order, and the definitions of Access Authorization, Employment Clearance, National Security Information, are revised and the definition of NRC Personnel Security Review Panel is added to read as follows: §10.5--Definitions. Access authorization means an administrative determination that an individual (including a consultant) who is employed by or an applicant for employment with the NRC, NRC contractors, agents, and licensees of the NRC, or other person designated by the Deputy Executive Director for Management Services, is eligible for a security clearance for access to Restricted Data or National Security Information. * * * * * Employment Clearance means an administrative determination that an individual (including a consultant) who is an NRC employee or applicant for NRC employment and other persons designated by the Deputy Executive Director for Management Services of the NRC is eligible for employment or continued employment pursuant to subsection 145(b) of the Atomic Energy Act of 1954, as amended. * * * * * National Security Information means information that has been determined pursuant to Executive Order 12958 or any predecessor order to require protection against unauthorized disclosure and that is so designated. * * * * * NRC Personnel Security Review Panel means an appeal panel appointed by the Deputy Executive Director for Management Services and consisting of three members, two of whom shall be selected from outside the security field. One member of the Panel shall be designated as Chairman. * * * * * 7. In §10.10 the introductory text of paragraph (d) is revised to read as follows: §10.10--Application of the criteria. * * * * * (d) In resolving a question concerning the eligibility or continued eligibility of an individual for access authorization and/or employment clearance, the following principles shall be applied by the Director, Division of Facilities and Security, Hearing Examiners, and the NRC Personnel Security Review Panel: * * * * * 8. In §10.12, paragraphs (a) and (c) are revised to read as follows: §10.12--Interview and other investigation. (a) The Director, Division of Facilities and Security, Office of Administration, may authorize the granting of access authorization and/or employment clearance on the basis of the information in the possession of the NRC or may authorize an interview with the individual, if the individual consents to be interviewed, or other investigation as the Director deems appropriate. On the basis of this interview and/or an investigation, the Director may authorize the granting of access authorization and/or employment clearance. * * * * * (c) If the Director, Division of Facilities and Security, cannot make a favorable finding regarding the eligibility of an individual for access authorization and/or employment clearance, the question of the individual's eligibility must be resolved in accordance with the procedures set forth in §10.20 et seq. 9. Section 10.20 is revised to read as follows: §10.20--Purpose of the procedures. These procedures establish methods for the conduct of hearings and administrative review of questions concerning an individual's eligibility for an access authorization and/or an employment clearance pursuant to the Atomic Energy Act of 1954, as amended, and Executive Orders 10450, 10865, and 12968 when a resolution favorable to the individual cannot be made on the basis of the interview or other investigation. 10. Section 10.21 is revised to read as follows: §10.21--Suspension of access authorization and/or employment clearance. In those cases where information is received which raises a question concerning the continued eligibility of an individual for an access authorization and/or an employment clearance, the Director, Division of Facilities and Security, through the Director, Office of Administration, shall forward to the Deputy Executive Director for Management Services or other Deputy Executive Director, his or her recommendation as to whether the individual's access authorization and/or employment clearance should be suspended pending the final determination resulting from the operation of the procedures provided in this part. In making this recommendation the Director, Division of Facilities and Security, shall consider factors such as the seriousness of the derogatory information developed, the degree of access of the individual to classified information, and the individual's opportunity by reason of his or her position to commit acts adversely affecting the national security. An individual's access authorization and/or employment clearance may not be suspended except by the direction of the Executive Director for Operations, Deputy Executive Director for Management Services or other Deputy Executive Director. 11. Section 10.22 is revised to read as follows: §10.22--Notice to individual. A notification letter, prepared by the Division of Facilities and Security, approved by the Office of the General Counsel, and signed by the Director, Office of Administration, must be presented to each individual whose eligibility for an access authorization and/or an employment clearance is in question. Where practicable, the letter will be presented to the individual in person. The letter will be accompanied by a copy of this part and must state: (a) That reliable information in the possession of the NRC has created a substantial doubt concerning the individual's eligibility for an access authorization and/or an employment clearance; (b) The information that creates a substantial doubt regarding the individual's eligibility for an access authorization and/or an employment clearance, that must be as comprehensive and detailed as the national security interests and other applicable law permit; (c) That the individual has the right to be represented by counsel or other representative at their own expense; (d) That the individual may request within 20 days of the date of the notification letter, any documents, records and reports which form the basis for the question of their eligibility for an access authorization and/or an employment clearance. The individual will be provided within 30 days all such documents, records and reports to the extent they are unclassified and do not reveal a confidential source. The individual may also request the entire investigative file, which will be promptly provided, as permitted by the national security interests and other applicable law; (e) That unless the individual files with the Director, Office of Administration, a written request for a hearing within 20 days of the individual's receipt of the notification letter or 20 days after receipt of the information provided in response to a request made under paragraph (d) of this section, whichever is later, the Director, Division of Facilities and Security, through the Director, Office of Administration, will submit a recommendation as to the final action to the Deputy Executive Director for Management Services on the basis of the information in the possession of the NRC; (f) That if the individual files a written request for a hearing with the Director, Office of Administration, the individual shall file with that request a written answer under oath or affirmation that admits or denies specifically each allegation and each supporting fact contained in the notification letter. A general denial is not sufficient to controvert a specific allegation. If the individual is without knowledge, he or she shall so state and that statement will operate as a denial. The answer must also state any additional facts and information that the individual desires to have considered in explanation or mitigation of allegations in the notification letter. Failure to specifically deny or explain or deny knowledge of any allegation or supporting fact will be deemed an admission that the allegation or fact is true. (g) That if the individual does not want to exercise his or her right to a hearing, but does want to submit an answer to the allegations in the notification letter, the individual may do so by filing with the Director, Office of Administration, within 20 days of receipt of the notification letter or 20 days after receipt of the information provided in response to a request made under paragraph (d) of this section, whichever is later, a written answer in accordance with the requirements of paragraph (f) of this section; (h) That the procedures in §10.24 et seq. will apply to any hearing and review. 12. In §10.23, paragraph (a) is revised to read as follows: §10.23--Failure of individual to request a hearing. (a) In the event the individual fails to file a timely written request for a hearing pursuant to §10.22, a recommendation as to the final action to be taken will be made by the Director, Division of Facilities and Security, through the Director, Office of Administration, to the Deputy Executive Director for Management Services on the basis of the information in the possession of the NRC, including any answer filed by the individual. * * * * * 13. In §10.25, paragraphs (a) and (c) are revised to read as follows: §10.25--NRC Hearing Counsel. (a) Hearing Counsel assigned pursuant to §10.24 will, before the scheduling of the hearing, review the information in the case and will request the presence of witnesses and the production of documents and other physical evidence relied upon by the Director, Division of Facilities and Security, in making a finding that a question exists regarding the eligibility of the individual for an NRC access authorization and/or an employment clearance in accordance with the provisions of this part. When the presence of a witness and the production of documents and other physical evidence is deemed by the Hearing Counsel to be necessary or desirable for a determination of the issues, the Director, Division of Facilities and Security, will make arrangements for the production of evidence and for witnesses to appear at the hearing by subpoena or otherwise. * * * * * (c) The individual is responsible for producing witnesses in his or her own behalf and/or presenting other evidence before the Hearing Examiner to support the individual's answer and defense to the allegations contained in the notification letter. When requested by the individual, however, the Hearing Counsel may assist the individual to the extent practicable and necessary. The Hearing Counsel may at his or her discretion request the Director, Division of Facilities and Security, to arrange for the issuance of subpoenas for witnesses to attend the hearing in the individual's behalf, or for the production of specific documents or other physical evidence, provided a showing of the necessity for assistance has been made. 14. In §10.27 paragraph (c) is revised to read as follows: §10.27--Prehearing proceedings. * * * * * (c) The parties will be notified by the Hearing Examiner at least ten days in advance of the hearing of the time and place of the hearing. For good cause shown, the Hearing Examiner may order postponements or continuances from time to time. If, after due notice, the individual fails to appear at the hearing, or appears but is not prepared to proceed, the Hearing Examiner shall, unless good cause is shown, return the case to the Director, Division of Facilities and Security, who shall make a recommendation on final action to be taken, through the Director, Office of Administration, to the Deputy Executive Director for Management Services on the basis of the information in the possession of the NRC. 15. In §10.28, paragraph (n) is revised to read as follows: §10.28--Conduct of hearing. * * * * * (n) A written transcript of the entire proceeding must be made by a person possessing appropriate NRC access authorization and/or employment clearance and, except for portions containing Restricted Data or National Security Information, or other lawfully withholdable information, a copy of the transcript will be furnished the individual without cost. The transcript or recording will be made part of the applicant's or employee's personnel security file. 16. Section 10.31 is revised to read as follows: §10.31--Actions on the recommendations. (a) Upon receipt of the findings and recommendation from the Hearing Examiner, and the record, the Director, Office of Administration, shall forthwith transmit it to the Deputy Executive Director for Management Services who has the discretion to return the record to the Director, Office of Administration, for further proceedings by the Hearing Examiner with respect to specific matters designated by the Deputy Executive Director for Management Services. (b)(1) In the event of a recommendation by the Hearing Examiner that an individual's access authorization and/or employment clearance be denied or revoked, the Deputy Executive Director for Management Services shall immediately notify the individual in writing of the Hearing Examiner's findings with respect to each allegation contained in the notification letter, and that the individual has a right to request a review of his or her case by the NRC Personnel Security Review Panel and of the right to submit a brief in support of his or her contentions. The request for a review must be submitted to the Deputy Executive Director for Management Services within five days after the receipt of the notice. The brief will be forwarded to the Deputy Executive Director for Management Services, for transmission to the NRC Personnel Security Review Panel not later than 10 days after receipt of the notice. (2) In the event the individual fails to request a review by the NRC Personnel Security Review Panel of an adverse recommendation within the prescribed time, the Deputy Executive Director for Management Services may at his or her discretion request a review of the record of the case by the NRC Personnel Security Review Panel. The request will set forth those matters at issue in the hearing on which the Deputy Executive Director for Management Services desires a review by the NRC Personnel Security Review Panel. (c) Where the Hearing Examiner has made a recommendation favorable to the individual, the Deputy Executive Director for Management Services may at his or her discretion request a review of the record of the case by the NRC Personnel Security Review Panel. If this request is made, the Deputy Executive Director for Management Services shall immediately cause the individual to be notified of that fact and of those matters at issue in the hearing on which the Deputy Executive Director for Management Services desires a review by the NRC Personnel Security Review Panel. The Deputy Executive Director for Management Services will further inform the individual that within 10 days of receipt of this notice, the individual may submit a brief concerning those matters at issue for the consideration of the NRC Personnel Security Review Panel. The brief must be forwarded to the Deputy Executive Director for Management Services for transmission to the NRC Personnel Security Review Panel. (d) In the event of a request for a review pursuant to paragraphs (b) and (c) of this section, the Hearing Counsel may file a brief within 10 days of being notified by the Deputy Executive Director for Management Services that a review has been requested. The brief will be forwarded to the Deputy Executive Director for Management Services for transmission to the NRC Personnel Security Review Panel. (e) The Hearing Counsel may also request a review of the case by the NRC Personnel Security Review Panel. The request for review, which will set forth those matters at issue in the hearing on which the Hearing Counsel desires a review, will be submitted to the Deputy Director Executive for Management Services within five days after receipt of the Hearing Examiner's findings and recommendation. Within 10 days of the request for review, the Hearing Counsel may file a brief which will be forwarded to the Deputy Executive Director for Management Services for transmission to the NRC Personnel Security Review Panel. A copy of the request for review, and a copy of any brief filed, will be immediately sent to the individual. If the Hearing Counsel's request is for a review of a recommendation favorable to the individual, the individual may, within 10 days of receipt of a copy of the request for review, submit a brief concerning those matters at issue for consideration of the NRC Personnel Security Review Panel. The brief will be forwarded to the Deputy Executive Director for Management Services for transmission to the NRC Personnel Security Review Panel and Hearing Counsel. A copy of the brief will be made a part of the applicant's personnel security file. (f) The time limits imposed by this section for requesting reviews and the filing of briefs may be extended by the Deputy Executive Director for Management Services for good cause shown. (g) In the event a request is made for a review of the record by the NRC Personnel Security Review Panel, the Deputy Executive Director for Management Services shall send the record, with all findings and recommendations and any briefs filed by the individual and the Hearing Counsel, to the NRC Personnel Security Review Panel. If neither the individual, the Deputy Executive Director for Management Services, nor the Hearing Counsel requests a review, the final determination will be made by the Deputy Executive Director for Management Services on the basis of the record with all findings and recommendations. 17. Section 10.32 is revised to read as follows: §10.32--Recommendation of the NRC Personnel Security Review Panel. (a) The Deputy Executive Director for Management Services shall designate an NRC Personnel Security Review Panel to conduct a review of the record of the case. The NRC Personnel Security Review Panel shall be comprised of three members, two of whom shall be selected from outside the security field. To qualify as an NRC Personnel Security Review Panel member, the person designated shall have an NRC "Q" access authorization and may be an employee of the NRC, its contractors, agents, or licensees. However, no employee or consultant of the NRC shall serve as an NRC Personnel Security Review Panel member reviewing the case of an employee (including a consultant) or applicant for employment with the NRC; nor shall any employee or consultant of an NRC contractor, agent or licensee serve as an NRC Personnel Security Review Panel member reviewing the case of an employee (including a consultant) or an applicant for employment of that contractor, agent, or licensee. No NRC Personnel Security Review Panel member shall be selected who has knowledge of the case or of any information relevant to the disposition of it, or who for any reason would be unable to issue a fair and unbiased recommendation. (b) The NRC Personnel Security Review Panel shall consider the matter under review based upon the record supplemented by any brief submitted by the individual or the Hearing Counsel. The NRC Personnel Security Review Panel may request additional briefs as the Panel deems appropriate. When the NRC Personnel Security Review Panel determines that additional evidence or further proceedings are necessary, the record may be returned to the Deputy Executive Director for Management Services with a recommendation that the case be returned to the Director, Office of Administration, for appropriate action, which may include returning the case to the Hearing Examiner and reconvening the hearing to obtain additional testimony. When additional testimony is taken by the Hearing Examiner, a written transcript of the testimony will be made a part of the record and will be taken by a person possessing an appropriate NRC access authorization and/or employment clearance and, except for portions containing Restricted Data or National Security Information, or other lawfully withholdable information, a copy of the transcript will be furnished the individual without cost. (c) In conducting the review, the NRC Personnel Security Review Panel shall make its findings and recommendations as to the eligibility or continued eligibility of an individual for an access authorization and/or an employment clearance on the record supplemented by additional testimony or briefs, as has been previously determined by the NRC Personnel Security Review Panel as appropriate. (d) The NRC Personnel Security Review Panel shall not consider the possible impact of the loss of the individual's services upon the NRC program. (e) If, after considering all the factors in light of the criteria set forth in this part, the NRC Personnel Security Review Panel is of the opinion that granting or continuing an access authorization and/or an employment clearance to the individual will not endanger the common defense and security and will be clearly consistent with the national interest, the NRC Personnel Security Review Panel shall make a favorable recommendation; otherwise, the NRC Personnel Security Review Panel shall make an adverse recommendation. The NRC Personnel Security Review Panel shall prepare a report of its findings and recommendations and submit the report in writing to the Deputy Executive Director for Management Services, who shall furnish a copy to the individual. The findings and recommendations must be fully supported by stated reasons. 18. Section 10.33 is revised to read as follows: §10.33--Action by the Deputy Executive Director for Management Services. (a) The Deputy Executive Director for Management Services, on the basis of the record accompanied by all findings and recommendations, shall make a final determination whether access authorization and/or employment clearance shall be granted, denied, or revoked, except when the provisions of §10.28 (i), (j), or (l) have been used and the Deputy Executive Director for Management Services determination is adverse, the Commission shall make the final agency determination. (b) In making the determination as to whether an access authorization and/or an employment clearance shall be granted, denied, or revoked, the Deputy Executive Director for Management Services or the Commission shall give due recognition to the favorable as well as the unfavorable information concerning the individual and shall take into account the value of the individual's services to the NRC's program and the consequences of denying or revoking access authorization and/or employment clearance. (c) In the event of an adverse determination, the Deputy Executive Director for Management Services shall promptly notify the individual through the Director, Office of Administration, of his or her decision that an access authorization and/or an employment clearance is being denied or revoked and of his or her findings with respect to each allegation contained in the notification letter for transmittal to the individual. (d) In the event of a favorable determination, the Deputy Executive Director for Management Services shall promptly notify the individual through the Director, Office of Administration. 19. In §10.34, paragraph (a) is revised to read as follows: §10.34--Action by the Commission. (a) Whenever, under the provisions of §10.28(i), (j), or (l) an individual has not been afforded an opportunity to confront and cross-examine witnesses who have furnished information adverse to the individual and an adverse recommendation has been made by the Deputy Executive Director for Management Services, the Commission shall review the record and determine whether an access authorization and/or an employment clearance should be granted, denied, or revoked, based upon the record. * * * * * 20. Section 10.35 is revised to read as follows: §10.35--Reconsideration of cases. (a) Where, pursuant to the procedures set forth in §§10.20 through 10.34, the Deputy Executive Director for Management Services or the Commission has made a determination granting an access authorization and/or an employment clearance to an individual, the individual's eligibility for an access authorization and/or an employment clearance will be reconsidered only when subsequent to the time of that determination, new derogatory information has been received or the scope or sensitivity of the Restricted Data or National Security Information to which the individual has or will have access has significantly increased. All new derogatory information, whether resulting from the NRC's reinvestigation program or other sources, will be evaluated relative to an individual's continued eligibility in accordance with the procedures of this part. (b) Where, pursuant to these procedures, the Commission or Deputy Executive Director for Management Services has made a determination denying or revoking an access authorization and/or an employment clearance to an individual, the individual's eligibility for an access authorization and/or an employment clearance may be reconsidered when there is a bona fide offer of employment and/or a bona fide need for access to Restricted Data or National Security Information and either material and relevant new evidence is presented, which the individual and his or her representatives are without fault in failing to present before, or there is convincing evidence of reformation or rehabilitation. Requests for reconsideration must be submitted in writing to the Deputy Executive Director for Management Services through the Director, Office of Administration. Requests must be accompanied by an affidavit setting forth in detail the information referred to above. The Deputy Executive Director for Management Services shall cause the individual to be notified as to whether his or her eligibility for an access authorization and/or an employment clearance will be reconsidered and if so, the method by which a reconsideration will be accomplished. (c) Where an access authorization and/or an employment clearance has been granted to an individual by the Director, Division of Facilities and Security, without recourse to the procedures set forth in §§10.20 through 10.34, the individual's eligibility for an access authorization and/or an employment clearance will be reconsidered only in a case where, subsequent to the granting of the access authorization and/or employment clearance, new derogatory information has been received or the scope or sensitivity of the Restricted Data or National Security Information to which the individual has or will have access has significantly increased. All new derogatory information, whether resulting from the NRC's reinvestigation program or other sources, will be evaluated relative to an individual's continued eligibility in accordance with the procedures of this part. PART 11--CRITERIA AND PROCEDURES FOR DETERMINING ELIGIBILITY FOR ACCESS TO OR CONTROL OVER SPECIAL NUCLEAR MATERIAL21. The authority citation for part 11 continues to read as follows: Authority: Sec. 161, 68 Stat. 948, as amended (42 U.S.C. 2201); sec. 201, 88 Stat. 1242, as amended (42 U.S.C. 5841). Section 11.15(e) also issued under sec. 501, 85 Stat. 290 (31 U.S.C. 483a). 22. Section 11.3(a) is revised to read as follows: §11.3--Scope. (a) The requirements, criteria, and procedures of this part apply to the establishment of and eligibility for special nuclear material access authorization for employees, contractors, consultants of, and applicants for employment with licensees or contractors of the Nuclear Regulatory Commission. This employment, contract, service, or consultation may involve any duties or assignments within the criteria of §11.11 or §11.13 requiring access to, or control over, formula quantities of special nuclear material (as defined in part 73 of this chapter). * * * * * 23. In §11.7 the paragraph designations are removed, the definitions are rearranged in alphabetical order, and the definitions of NRC-"U" special nuclear material access authorization and NRC-"R" special nuclear material access authorization are revised to read as follows: §11.7--Definitions. * * * * * NRC-"U" special nuclear material access authorization means an administrative determination based upon a single scope background investigation, normally conducted by the Office of Personnel Management, that an individual in the course of employment is eligible to work at a job falling within the criterion of 11.11(a)(1) or 11.13. NRC-"R" special nuclear material access authorization means an administrative determination based upon a national agency check with law and credit investigation that an individual in the course of employment is eligible to work at a job falling within the criterion of §11.11(a)(2). * * * * * 24. Section 11.15 is revised to read as follows: §11.15--Application for special nuclear material access authorization. (a)(1) Application for special nuclear material access authorization, renewal, or change in level must be filed by the licensee on behalf of the applicant with the Director, Division of Facilities and Security, U.S. Nuclear Regulatory Commission, Washington, DC 20555. Applications for affected individuals employed on October 28, 1985, shall be submitted within 60 days of notification of Commission approval of the amended security plan. (2) Licensees who wish to secure NRC-U or NRC-R special nuclear material access authorizations for individuals in possession of an active NRC Q or L access authorization or other security clearance granted by another Federal agency based on an equivalent investigation shall submit a "Security Acknowledgment" (NRC Form 176) and a "Request for Access Authorization" (NRC Form 237). NRC will process these requests by verifying the data on an NRC-cleared individual, or by contacting the Federal agency that granted the clearance, requesting certification of the security clearance, and determining the investigative basis and level of the clearance. Licensees may directly request the Federal agency that administered the security clearance, if other than NRC, to certify to the NRC that it has on file an active security clearance for an individual and to specify the investigative basis and level of the clearance. (b) Applications for special nuclear material access authorization for individuals, other than those qualifying under the provisions of §11.15(a)(2), must be made on forms supplied by the Commission, including: (1) Questionnaire for National Security Positions (SF-86, Parts 1 and 2); (2) Two completed standard fingerprint cards (FD-258); (3) Security Acknowledgment (NRC Form 176); (4) Other related forms where specified in accompanying instruction (NRC-254); and (5) A statement by the employer, prospective employer, or contractor identifying the job to be assigned to or assumed by the individual and the level of authorization needed, justified by appropriate reference to the licensee's security plan. (c)(1) Except as provided in paragraph (c)(2) of this section, NRC-U special nuclear material access authorizations must be renewed every five years from the date of issuance. Except as provided in paragraph (c)(3) of this section, NRC-R special nuclear material access authorizations must be renewed every ten years from the date of issuance. An application for renewal must be submitted at least 120 days before the expiration of the five-year period for NRC-U and ten-year period for NRC-R, respectively, and must include: (i) A statement by the licensee that at the time of application for renewal the individual's assigned or assumed job requires an NRC-U or an NRC-R special nuclear material access authorization, justified by appropriate reference to the licensee's security plan; (ii) The Questionnaire for National Security Positions (SF-86, Parts 1 and 2); (iii) Two completed standard fingerprint cards (FD-258); and (iv) Other related forms specified in accompanying NRC instructions (NRC Form 254). (2) An exception to the time for submission of NRC-U special nuclear material access authorization renewal applications and the paperwork required is provided for individuals who have a current and active DOE-Q access authorization and are subject to DOE Reinvestigation Program requirements. For these individuals, the submission to DOE of the SF-86 pursuant to DOE Reinvestigation Program requirements (generally every five years) will satisfy the NRC renewal submission and paperwork requirements even if less than five years has passed since the date of issuance or renewal of the NRC-U access authorization. Any NRC-U special nuclear material access authorization renewed in response to provisions of this paragraph will not be due for renewal until the date set by DOE for the next reinvestigation of the individual pursuant to DOE's Reinvestigation Program. (3) An exception to the time for submission of NRC-R special nuclear material access authorization renewal applications and the paperwork required is provided for individuals who have a current and active DOE-L or DOE-Q access authorization and are subject to DOE Reinvestigation Program requirements. For these individuals, the submission to DOE of the SF-86 pursuant to DOE Reinvestigation Program requirements will satisfy the NRC renewal submission and paperwork requirements even if less than ten years have passed since the date of issuance or renewal of the NRC-R access authorization. Any NRC-R special nuclear material access authorization renewed pursuant to this paragraph will not be due for renewal until the date set by DOE for the next reinvestigation of the individual pursuant to DOE's Reinvestigation Program. (4) Notwithstanding the provisions of paragraph (c)(2) of this section, the period of time for the initial and each subsequent NRC-U renewal application to NRC may not exceed seven years. (5) Notwithstanding the provisions of paragraph (c)(3) of this section, the period of time for the initial and each subsequent NRC-R renewal application to NRC may not exceed twelve years. Any individual who is subject to the DOE Reinvestigation Program requirements but, for administrative or other reasons, does not submit reinvestigation forms to DOE within seven years of the previous submission, for a NRC-U renewal or twelve years of the previous submission for a NRC-R renewal, shall submit a renewal application to NRC using the forms prescribed in paragraph (c)(1) of this section before the expiration of the seven year period for NRC-U or twelve year period for NRC-R renewal. (d) If at any time, due to new assignment or assumption of duties, a change in a special nuclear material access authorization level from NRC "R" to "U" is required, the individual shall apply for a change of level of special nuclear material access authorization. The application must include a description of the new duties to be assigned or assumed, justified by appropriate reference to the licensee's security plan. (e)(1) Each application for a special nuclear material access authorization, renewal, or change in level must be accompanied by the licensee's remittance, payable to the U.S. Nuclear Regulatory Commission, according to the following schedule:
1 If the NRC determines, based on its review of available data, that a National Agency Check with law and credit investigation is necessary, a fee of $130 will be assessed prior to the conduct of the investigation; however, if a single scope investigation is deemed necessary by the NRC, based on its review of available data, a fee of $2,856 will be assessed prior to the conduct of the investigation. 2 If the NRC determines, based on its review of available data, that a single scope investigation is necessary, a fee of $2,856 will be assessed prior to the conduct of the investigation. (2) Material access authorization fees will be published each time the Office of Personnel Management notifies NRC of a change in the background investigation rate it charges NRC for conducting the investigation. Any changed access authorization fees will be applicable to each access authorization request received upon or after the date of publication. Applications from individuals having current Federal access authorizations may be processed expeditiously at no cost because the Commission may accept the certification of access authorizations and investigative data from other Federal government agencies that grant personnel access authorizations. (f)(1) Any Federal employee, employee of a contractor of a Federal agency, licensee, or other person visiting an affected facility for the purpose of conducting official business, who possesses an active NRC or DOE-Q access authorization or an equivalent Federal security clearance granted by another Federal agency ("Top Secret") based on a comparable single scope background investigation may be permitted, in accordance with §11.11, the same level of unescorted access that an NRC-U special nuclear material access authorization would afford. (2) Any Federal employee, employee of a contractor of a Federal agency, licensee, or other person visiting an affected facility for the purpose of conducting official business, who possesses an active NRC or DOE-L access authorization or an equivalent security clearance granted by another Federal agency ("Secret") based on a comparable or greater background investigation consisting of a national agency check with law and credit may be permitted, in accordance with §11.11, the same level of unescorted access that an NRC-R special nuclear material access authorization would afford. An NRC or DOE-L access authorization or an equivalent security clearance ("Secret"), based on a background investigation or national agency check with credit granted or being processed by another Federal agency before January 1, 1998, is acceptable to meet this requirement. 25. Section 11.16 is revised to read as follows: §11.16--Cancellation of request for special nuclear material access authorization. When a request for an individual's access authorization is withdrawn or canceled, the licensee shall notify the Chief, Personnel Security Branch, NRC Division of Facilities and Security immediately, by telephone, so that the investigation may be discontinued. The caller shall provide the full name and date of birth of the individual, the date of request, and the type of access authorization originally requested ("U" or "R"). The licensee shall promptly submit written confirmation of the telephone notification to the Personnel Security Branch, NRC Division of Facilities and Security. A portion of the fee for the "U" special nuclear material access authorization may be refunded depending upon the status of the single scope investigation at the time of withdrawal or cancellation. 26. In §11.21, paragraphs (c) and (d) are revised to read as follows: §11.21--Application of the criteria. * * * * * (c) When the reports of an investigation of an individual contain information reasonably falling within one or more of the classes of derogatory information listed in §10.11, it creates a question as to the individual's eligibility for special nuclear material access authorization. In these cases, the application of the criteria must be made in light of and with specific regard to whether the existence of the information supports a reasonable belief that the granting of a special nuclear material access authorization would be inimical to the common defense and security. The Director, Division of Facilities and Security, may authorize the granting of a special nuclear material access authorization on the basis of the information in the case or may authorize the conduct of an interview with the individual and, on the basis of the interview and other investigation as the Director deems appropriate, may authorize the granting of a special nuclear material access authorization. Otherwise, a question concerning the eligibility of an individual for a special nuclear material access authorization must be resolved in accordance with the procedures set forth in §§10.20 through 10.38 of this chapter. (d) In resolving a question concerning the eligibility or continued eligibility of an individual for a special nuclear material access authorization by action of the Hearing Examiner or a Personnel Security Review Panel,3 the following principle shall be applied by the Examiner and the Personnel Security Review Panel: Where there are sufficient grounds to establish a reasonable belief as to the truth of the information regarded as substantially derogatory and when the existence of this information supports a reasonable belief that granting access would be inimical to the common defense and security, this will be the basis for a recommendation for denying or revoking special nuclear material access authorization if not satisfactorily rebutted by the individual or shown to be mitigated by circumstance. 3 The functions of the Hearing Examiner and the Personnel Security Review Panel are described in part 10 of this chapter. PART 25--ACCESS AUTHORIZATION FOR LICENSEE PERSONNEL27. The authority citation for Part 25 continues to read as follows: Authority: Secs. 145, 161, 68 Stat. 942, 948, as amended (42 U.S.C. 2165, 2201); sec. 201, 88 Stat. 1242, as amended (42 U.S.C. 5841); E.O. 10865, as amended, 3 CFR 1959-1963 Comp., p. 398 (50 U.S.C. 401, note); E.O. 12829, 3 CFR, 1993 Comp. p. 570; E.O. 12958, 3 CFR, 1995 Comp., p .333; E.O. 12968, 3 CFR, 1995 Comp., p .396. Appendix A also issued under 96 Stat. 1051 (31 U.S.C. 9701). 28. In §25.5 the definitions of"L" access authorization, National Security Information, and "Q" access authorization are revised to read as follows: §25.5--Definitions. * * * * * "L" access authorization means an access authorization granted by the Commission that is normally based on a national agency check with a law and credit investigation (NACLC) or an access national agency check and inquiries investigation (ANACI) conducted by the Office of Personnel Management. * * * * * National Security Information means information that has been determined pursuant to Executive Order 12958 or any predecessor order to require protection against unauthorized disclosure and that is so designated. * * * * * "Q" access authorization means an access authorization granted by the Commission normally based on a single scope background investigation conducted by the Office of Personnel Management, the Federal Bureau of Investigation, or other U.S. Government agency which conducts personnel security investigations. * * * * * 29. Section 25.9 is revised to read as follows: §25.9--Communications. Except where otherwise specified, all communications and reports concerning the regulations in this part should be addressed to the Director, Division of Facilities and Security, U.S. Nuclear Regulatory Commission, Washington, DC 20555. 30. Section 25.11 is revised to read as follows: §25.11--Specific exemptions. The NRC may, upon application by any interested person or upon its own initiative, grant exemptions from the requirements of the regulations of this part, that are-- (a) Authorized by law, will not present an undue risk to the public health and safety, and are consistent with the common defense and security; or (b) Coincidental with one or more of the following: (1) An application of the regulation in the particular circumstances conflicts with other NRC rules or requirements; (2) An application of the regulation in the particular circumstances would not serve the underlying purpose of the rule or is not necessary to achieve the underlying purpose of the rule; (3) When compliance would result in undue hardship or other costs that significantly exceed those contemplated when the regulation was adopted, or that significantly exceed those incurred by others similarly situated; (4) When the exemption would result in benefit to the common defense and security that compensates for any decrease in the security that may result from the grant of the exemption; (5) When the exemption would provide only temporary relief from the applicable regulation and the licensee or applicant has made good faith efforts to comply with the regulation; (6) When there is any other material circumstance present that was not considered when the regulation was adopted that would be in the public interest to grant an exemption. If this condition is relied on exclusively for satisfying paragraph (b) of this section, the exemption may not be granted until the Executive Director for Operations has consulted with the Commission. 31. Section 25.19 is revised to read as follows: §25.19--Processing applications. Each application for an access authorization or access authorization renewal must be submitted to the CSA. If the NRC is the CSA, the application and its accompanying fee must be submitted to the NRC Division of Facilities and Security. If necessary, the NRC Division of Facilities and Security may obtain approval from the appropriate Commission office exercising licensing or regulatory authority before processing the access authorization or access authorization renewal request. If the applicant is disapproved for processing, the NRC Division of Facilities and Security shall notify the submitter in writing and return the original application (security packet) and its accompanying fee. 32. In §25.21, paragraph (c) is revised to read as follows: §25.21--Determination of initial and continued eligibility for access authorization. * * * * * (c)(1) Except as provided in paragraph (c)(2) of this section, an NRC "Q" access authorization must be renewed every five years from the date of issuance. Except as provided in paragraph (c)(2) of this section, an NRC "L" access authorization must be renewed every ten years from the date of issuance. An application for renewal must be submitted at least 120 days before the expiration of the five-year period for a "Q" access authorization and the ten-year period for an "L" access authorization, and must include: (i) A statement by the licensee or other person that the individual continues to require access to classified National Security Information or Restricted Data; and (ii) A personnel security packet as described in §25.17(d). (2) Renewal applications and the required paperwork are not required for individuals who have a current and active access authorization from another Federal agency and who are subject to a reinvestigation program by that agency that is determined by the NRC to meet the NRC's requirements. (The DOE Reinvestigation Program has been determined to meet the NRC's requirements.) For these individuals, the submission of the SF-86 by the licensee or other person to the other Government agency pursuant to their reinvestigation requirements will satisfy the NRC's renewal submission and paperwork requirements, even if less than five years have passed since the date of issuance or renewal of the NRC "Q" access authorization, or if less than 10 years have passed since the date of issuance or renewal of the NRC "L" access authorization. Any NRC access authorization continued in response to the provisions of this paragraph will, thereafter, not be due for renewal until the date set by the other Government agency for the next reinvestigation of the individual pursuant to the other agency's reinvestigation program. However, the period of time for the initial and each subsequent NRC "Q" renewal application to the NRC may not exceed seven years or, in the case of an NRC "L" renewal application, twelve years. Any individual who is subject to the reinvestigation program requirements of another Federal agency but, for administrative or other reasons, does not submit reinvestigation forms to that agency within seven years for a "Q" renewal or twelve years for an "L" renewal of the previous submission, shall submit a renewal application to the NRC using the forms prescribed in §25.17(d) before the expiration of the seven-year period for a "Q" renewal or twelve-year period for an "L" renewal. (3) If the NRC is not the CSA, reinvestigation program procedures and requirements will be set by the CSA. 33. In §25.23, paragraph (a) is revised to read as follows: §25.23--Notification of grant of access authorization. * * * * * (a) In those cases when the determination was made as a result of a Personnel Security Hearing or by a Personnel Security Review Panel ; or * * * * * 34. Section 25.25 is revised to read as follows: §25.25--Cancellation of requests for access authorization. When a request for an individual's access authorization or renewal of an access authorization is withdrawn or canceled, the requestor shall notify the CSA immediately by telephone so that the single scope background investigation, national agency check with law and credit investigation, or other personnel security action may be discontinued. The requestor shall identify the full name and date of birth of the individual, the date of request, and the type of access authorization or access authorization renewal requested. The requestor shall confirm each telephone notification promptly in writing. 35. In §25.27, paragraph (b) is revised to read as follows: §25.27--Reopening of cases in which requests for access authorizations are canceled. * * * * * (b) Additionally, if 90 days or more have elapsed since the date of the last Questionnaire for National Security Positions (SF-86), or CSA equivalent, the individual must complete a personnel security packet (see §25.17(d)). The CSA, based on investigative or other needs, may require a complete personnel security packet in other cases as well. A fee, equal to the amount paid for an initial request, will be charged only if a new or updating investigation by the NRC is required. 36. In §25.31, paragraphs (a), (b), and (c) are revised to read as follows: §25.31--Extensions and transfers of access authorizations. (a) The NRC Division of Facilities and Security may, on request, extend the authorization of an individual who possesses an access authorization in connection with a particular employer or activity to permit access to classified information in connection with an assignment with another employer or activity. (b) The NRC Division of Facilities and Security may, on request, transfer an access authorization when an individual's access authorization under one employer or activity is terminated, simultaneously with the individual being granted an access authorization for another employer or activity. (c) Requests for an extension or transfer of an access authorization must state the full name of the person, date of birth, and level of access authorization. The Director, Division of Facilities and Security, may require a new personnel security packet (see §25.17(c)) to be completed by the applicant. A fee, equal to the amount paid for an initial request, will be charged only if a new or updating investigation by the NRC is required. * * * * * 37. In §25.33, paragraphs (a) and (b) are revised to read as follows: §25.33--Termination of access authorizations. (a) Access authorizations will be terminated when: (1) An access authorization is no longer required; (2) An individual is separated from the employment or the activity for which he or she obtained an access authorization for a period of 90 days or more; or (3) An individual, pursuant to 10 CFR part 10 or other CSA-approved adjudicatory standards, is no longer eligible for an access authorization. (b) A representative of the licensee or other organization that employs the individual whose access authorization will be terminated shall immediately notify the CSA when the circumstances noted in paragraph (a)(1) or (a)(2) of this section exist; inform the individual that his or her access authorization is being terminated, and the reason; and that he or she will be considered for reinstatement of an access authorization if he or she resumes work requiring the authorization. * * * * * 38. In §25.35, paragraph (b) is revised to read as follows: §25.35--Classified visits. * * * * * (b) Representatives of the Federal Government, when acting in their official capacities as inspectors, investigators, or auditors, may visit a licensee, certificate holder, or other facility without furnishing advanced notification, provided these representatives present appropriate Government credentials upon arrival. Normally, however, Federal representatives will provide advance notification in the form of an NRC Form 277, "Request for Visit or Access Approval," with the "need-to-know" certified by the appropriate NRC office exercising licensing or regulatory authority and verification of an NRC access authorization by the Division of Facilities and Security. * * * * * 39. In §25.37, paragraph (b) is revised to read as follows: §25.37--Violations. * * * * * (b) National Security Information is protected under the requirements and sanctions of Executive Order 12958. 40. Appendix A to Part 25 is revised to read as follows:
1 If the NRC determines, based on its review of available data, that a single scope investigation is necessary, a fee of $2856 will be assessed before the conduct of the investigation. 2 Full fee will only be charged if an investigation is required. 41. The heading of Part 95 is revised to read as follows: PART 95--FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA42. The authority citation for part 95 continues to read as follows: Authority: Secs. 145, 161, 193, 68 Stat. 942, 948, as amended (42 U.S.C. 2165, 2201); sec. 201, 88 Stat. 1242, as amended (42 U.S.C. 5841); E.O. 10865, as amended, 3 CFR 1959-1963 Comp., p. 398 (50 U.S.C. 401, note); E.O. 12829, 3 CFR 1993 Comp., p. 570; E.O. 12958, as amended, 3 CFR 1995 Comp., p. 333; E.O. 12968, 3 CFR 1995 Comp., p. 391. 43. In §95.5 the definitions of NRC "L" access authorization, NRC "Q" access authorization, and Security container are revised to read as follows: §95.5--Definitions. * * * * * NRC "L" access authorization means an access authorization granted by the Commission normally based on a national agency check with law and credit investigation (NACLC) or an access national agency check and inquiries investigation (ANACI)) conducted by the Office of Personnel Management. NRC "Q" access authorization means an access authorization granted by the Commission normally based on a single scope background investigation conducted by the Office of Personnel Management, the Federal Bureau of Investigation, or other U.S. Government agency that conducts personnel security investigations. * * * * * Security container includes any of the following repositories: (1) A security filing cabinet--one that bears a Test Certification Label on the side of the locking drawer, inside wall adjacent to the locking drawer, or interior door plate, or is marked, "General Services Administration Approved Security Container" on the exterior of the top drawer or door. (2) A safe--burglar-resistive cabinet or chest which bears a label of the Underwriters' Laboratories, Inc. certifying the unit to be a TL-15, TL-30, or TRTL-30, and has a body fabricated of not less than 1 inch of steel and a door fabricated of not less than 1\1/2\ inches of steel exclusive of the combination lock and bolt work; or bears a Test Certification Label on the inside of the door, or is marked "General Services Administration Approved Security Container" and has a body of steel at least 1/2" thick, and a combination locked steel door at least 1" thick, exclusive of bolt work and locking devices; and an automatic unit locking mechanism. (3) A vault--a windowless enclosure constructed with walls, floor, roof, and door(s) that will delay penetration sufficient to enable the arrival of emergency response forces capable of preventing theft, diversion, damage, or compromise of classified information or matter, when delay time is assessed in conjunction with detection and communication subsystems of the physical protection system. (4) A vault-type room--a room that has a combination lock door and is protected by an intrusion alarm system that alarms upon the unauthorized penetration of a person anywhere into the room. (5) Other repositories that would provide comparable physical protection in the judgment of the Division of Facilities and Security. * * * * * 44. In §95.8, paragraph (b) is revised to read as follows: §95.8--Information collection requirements: OMB approval. * * * * * (b) The approved information collection requirements contained in this part appear in §§95.11, 95.15, 95.17, 95.18, 95.21, 95.25, 95.33, 95.34, 95.36, 95.37, 95.39, 95.41, 95.43, 95.45, 95.47, 95.53, and 95.57. 45. Section 95.9 is revised to read as follows: §95.9--Communications. Except where otherwise specified, all communications and reports concerning the regulations in this part should be addressed to the Director, Division of Facilities and Security, Nuclear Regulatory Commission, Washington, DC 20555. 46. Section 95.11 is revised to read as follows: §95.11--Specific exemptions. The NRC may, upon application by any interested person or upon its own initiative, grant exemptions from the requirements of the regulations of this part, that are-- (a) Authorized by law, will not present an undue risk to the public health and safety, and are consistent with the common defense and security; or (b) Coincidental with one or more of the following: (1) An application of the regulation in the particular circumstances conflicts with other rules or requirements of the NRC; (2) An application of the regulation in the particular circumstances would not serve the underlying purpose of the rule or is not necessary to achieve the underlying purpose of the rule; (3) When compliance would result in undue hardship or other costs that are significantly in excess of those contemplated when the regulation was adopted, or that are significantly in excess of those incurred by others similarly situated; (4) When the exemption would result in benefit to the common defense and security that compensates for any decrease in security that may result from the grant of the exemption; (5) When the exemption would provide only temporary relief from the applicable regulation and the licensee or applicant has made good faith efforts to comply with the regulation; (6) When there is any other material circumstance not considered when the regulation was adopted for which it would be in the public interest to grant an exemption. If such a condition is relied on exclusively for satisfying paragraph (b) of this section, the exemption may not be granted until the Executive Director for Operations has consulted with the Commission. 47. In §95.15, paragraph (a) is revised to read as follows: §95.15--Approval for processing licensees and others for facility clearance. (a) A licensee, certificate holder, or other person who has a need to use, process, store, reproduce, transmit, transport, or handle NRC classified information at any location in connection with Commission-related activities shall promptly request an NRC facility clearance. This specifically includes situations where a licensee, certificate holder, or other person needs a contractor or consultant to have access to NRC classified information. Also included are others who require access to classified information in connection with NRC regulated activities but do not require use, storage, or possession of classified information outside of NRC facilities. However, it is not necessary for a licensee, certificate holder, or other person to request an NRC facility clearance for access to another agency's classified information at that agency's facilities or to store that agency's classified information at their facility, provided no NRC classified information is involved and they meet the security requirements of the other agency. If NRC classified information is involved, the requirements of §95.17 apply. * * * * * 48. In §95.17, the introductory text of paragraph (a) and paragraph (a)(1) are revised to read as follows: §95.17--Processing facility clearance. (a) Following the receipt of an acceptable request for facility clearance, the NRC will either accept an existing facility clearance granted by a current CSA and authorize possession of license or certificate related classified information, or process the facility for a facility clearance. Processing will include-- (1) A determination based on review and approval of a Standard Practice Procedures Plan that granting of the Facility Clearance would not be inconsistent with the national interest, including a finding that the facility is not under foreign ownership, control, or influence to such a degree that a determination could not be made. An NRC finding of foreign ownership, control, or influence is based on factors concerning the foreign intelligence threat, risk of unauthorized technology transfer, type and sensitivity of the information that requires protection, the extent of foreign influence, record of compliance with pertinent laws, and the nature of international security and information exchange agreements. The licensee, certificate holder, or other person must advise the NRC within 30 days of any significant events or changes that may affect its status concerning foreign ownership, control, or influence (e.g., changes in ownership; changes that affect the company's answers to original FOCI questions; indebtedness; and changes in the required form that identifies owners, officers, directors, and executive personnel). * * * * * 49. Section 95.19 is revised to read as follows: §95.19--Changes to security practices and procedures. (a) Except as specified in paragraph (b) of this section, each licensee, certificate holder, or other person shall obtain prior CSA approval for any proposed change to the name, location, security procedures and controls, or floor plan of the approved facility. A written description of the proposed change must be furnished to the CSA with copies to the Director, Division of Facilities and Security, Office of Administration, NRC, Washington, DC 20555-0001 (if NRC is not the CSA), and the NRC Regional Administrator of the cognizant Regional Office listed in appendix A of part 73 of this chapter. These substantive changes to the Standard Practice Procedures Plan that affect the security of the facility must be submitted to the NRC Division of Facilities and Security, or CSA, at least 30 days prior to the change so that they may be evaluated. The CSA shall promptly respond in writing to all such proposals. Some examples of substantive changes requiring prior CSA approval include-- (1) A change in the approved facility's classified mail address; or (2) A temporary or permanent change in the location of the approved facility (e.g., moving or relocating NRC's classified interest from one room or building to another). Approved changes will be reflected in a revised Standard Practice Procedures Plan submission within 30 days of approval. Page changes rather than a complete rewrite of the plan may be submitted. (b) A licensee or other person may effect a minor, non-substantive change to an approved Standard Practice Procedures Plan for the safeguarding of classified information without receiving prior CSA approval. These minor changes that do not affect the security of the facility may be submitted to the addressees noted in paragraph (a) of this section within 30 days of the change. Page changes rather than a complete rewrite of the plan may be submitted. Some examples of minor, non-substantive changes to the Standard Practice Procedures Plan include-- (1) The designation/appointment of a new facility security officer; or (2) A revision to a protective personnel patrol routine, provided the new routine continues to meet the minimum requirements of this part. (c) A licensee, certificate holder, or other person must update its NRC facility clearance every five years either by submitting a complete Standard Practice Procedures Plan or a certification that the existing plan is fully current to the Division of Facilities and Security. 50. Section 95.20 is revised to read as follows: §95.20--Grant, denial or termination of facility clearance. The Division of Facilities and Security shall provide notification in writing (or orally with written confirmation) to the licensee or other organization of the Commission's grant, acceptance of another agency's facility clearance, denial, or termination of facility clearance. This information must also be furnished to representatives of the NRC, NRC licensees, NRC certificate holders, NRC contractors, or other Federal agencies having a need to transmit classified information to the licensee or other person. 51. Section 95.21 is revised to read as follows: §95.21--Withdrawal of requests for facility security clearance. When a request for facility clearance is to be withdrawn or canceled, the requester shall notify the NRC Division of Facilities and Security in the most expeditious manner so that processing for this approval may be terminated. The notification must identify the full name of the individual requesting discontinuance, his or her position with the facility, and the full identification of the facility. The requestor shall confirm the telephone notification promptly in writing. 52. In §95.25, the heading, the introductory text of paragraph (a), paragraphs (a)(2), (b), (c)(2), (f), (g), (h), (i), (j)(1), (j)(6), and (j)(7) are revised to read as follows: §95.25--Protection of National Security Information and Restricted Data in storage. (a) Secret matter, while unattended or not in actual use, must be stored in-- * * * * * (2) Any steel file cabinet that has four sides and a top and bottom (all permanently attached by welding, rivets, or peened bolts so the contents cannot be removed without leaving visible evidence of entry) and is secured by a rigid metal lock bar and an approved key operated or combination padlock. The keepers of the rigid metal lock bar must be secured to the cabinet by welding, rivets, or bolts, so they cannot be removed and replaced without leaving evidence of the entry. The drawers of the container must be held securely so their contents cannot be removed without forcing open the drawer. This type of cabinet will be accorded supplemental protection during non-working hours. (b) Confidential matter while unattended or not in use must be stored in the same manner as SECRET matter except that no supplemental protection is required. (c) * * * (2) Combinations must be changed by a person authorized access to the contents of the container, by the Facility Security Officer, or his or her designee. * * * * * (f) Combinations will be changed only by persons authorized access to Secret or Confidential National Security Information and/or Restricted Data depending upon the matter authorized to be stored in the security container. (g) Posted information. Containers may not bear external markings indicating the level of classified matter authorized for storage. A record of the names of persons having knowledge of the combination must be posted inside the container. (h) End of day security checks. (1) Facilities that store classified matter shall establish a system of security checks at the close of each working day to ensure that all classified matter and security repositories have been appropriately secured. (2) Facilities operating with multiple work shifts shall perform the security checks at the end of the last working shift in which classified matter had been removed from storage for use. The checks are not required during continuous 24-hour operations. (i) Unattended security container found opened. If an unattended security container housing classified matter is found unlocked, the custodian or an alternate must be notified immediately. Also, the container must be secured by protective personnel. An effort must be made to determine if the contents were compromised not later than the next day. (j) * * * (1) A key and lock custodian shall be appointed to ensure proper custody and handling of keys and locks used for protection of classified matter; * * * * * (6) Keys and spare locks must be protected equivalent to the level of classified matter involved; (7) Locks must be changed or rotated at least every 12 months, and must be replaced after loss or compromise of their operable keys; and * * * * * 53. Section 95.27 is revised to read as follows: §95.27--Protection while in use. While in use, classified matter must be under the direct control of an authorized individual to preclude physical, audio, and visual access by persons who do not have the prescribed access authorization or other written CSA disclosure authorization (see §95.36 for additional information concerning disclosure authorizations). 54. In §95.29, paragraphs (a), (c)(2), and (c)(4) are revised to read as follows: §95.29--Establishment of restricted or closed areas. (a) If, because of its nature, sensitivity or importance, classified matter cannot otherwise be effectively controlled in accordance with the provisions of §§95.25 and 95.27, a Restricted or Closed area must be established to protect this matter. * * * * * (c) * * * (2) Access must be limited to authorized persons who have an appropriate security clearance and a need-to-know for the classified matter within the area. Persons without the appropriate level of clearance and/or need-to-know must be escorted at all times by an authorized person where inadvertent or unauthorized exposure to classified information cannot otherwise be effectively prevented. * * * * * (4) Open shelf or bin storage of classified matter in Closed Areas requires CSA approval. Only areas protected by an approved intrusion detection system will qualify for approval. 55. In §95.33, paragraph (f) is revised to read as follows: §95.33--Security education. * * * * * (f) Refresher Briefings. The licensee or other facility shall conduct refresher briefings for all cleared employees every 3 years. As a minimum, the refresher briefing must reinforce the information provided during the initial briefing and inform employees of appropriate changes in security regulations. This requirement may be satisfied by use of audio/video materials and/or by issuing written materials. * * * * * 56. A new §95.34 is added to read as follows: §95.34--Control of visitors. (a) Uncleared visitors. Licensees, certificate holders, or others subject to this part shall take measures to preclude access to classified information by uncleared visitors. (b) Foreign visitors. Licensees, certificate holders, or others subject to this part shall take measures as may be necessary to preclude access to classified information by foreign visitors. The licensee, certificate holder, or others shall retain records of visits for 5 years beyond the date of the visit. 57. In §95.36, paragraphs (a), (c), and (d) are revised to read as follows: §95.36--Access by representatives of the International Atomic Energy Agency or by participants in other international agreements. (a) Based upon written disclosure authorization from the NRC Division of Facilities and Security that an individual is an authorized representative of the International Atomic Energy Agency (IAEA) or other international organization and that the individual is authorized to make visits or inspections in accordance with an established agreement with the United States Government, a licensee, certificate holder, or other person subject to this part shall permit the individual (upon presentation of the credentials specified in §75.7 of this chapter and any other credentials identified in the disclosure authorization) to have access to matter classified as National Security Information that is relevant to the conduct of a visit or inspection. A disclosure authorization under this section does not authorize a licensee, certificate holder, or other person subject to this part to provide access to Restricted Data. * * * * * (c) In accordance with the specific disclosure authorization provided by the Division of Facilities and Security, licensees or other persons subject to this part are authorized to release (i.e., transfer possession of) copies of documents that contain classified National Security Information directly to IAEA inspectors and other representatives officially designated to request and receive classified National Security Information documents. These documents must be marked specifically for release to IAEA or other international organizations in accordance with instructions contained in the NRC's disclosure authorization letter. Licensees and other persons subject to this part may also forward these documents through the NRC to the international organization's headquarters in accordance with the NRC disclosure authorization. Licensees and other persons may not reproduce documents containing classified National Security Information except as provided in §95.43. (d) Records regarding these visits and inspections must be maintained for 5 years beyond the date of the visit or inspection. These records must specifically identify each document released to an authorized representative and indicate the date of the release. These records must also identify (in such detail as the Division of Facilities and Security, by letter, may require) the categories of documents that the authorized representative has had access and the date of this access. A licensee or other person subject to this part shall also retain Division of Facilities and Security disclosure authorizations for 5 years beyond the date of any visit or inspection when access to classified information was permitted. * * * * * 58. In §95.37, paragraph (c)(1)(iv) is removed and paragraphs (c)(1)(i) and (h)(2) are revised to read as follows: §95.37--Classification and preparation of documents. * * * * * (c) * * * (1) * * * (i) Derivative classifications of classified National Security Information must contain the identity of the source document or the classification guide, including the agency and office of origin, on the "Derived From" line and its classification date. If more than one source is cited, the "Derived From" line should indicate "Multiple Sources." The derivative classifier shall maintain the identification of each source with the file or record copy of the derivatively classified document. * * * * * (h) * * * (2) In the event of a question regarding classification review, the holder of the information or the authorized classifier shall consult the NRC Division of Facilities and Security, Information Security Branch, for assistance. * * * * * 59. In §95.39, paragraphs (b)(3) and (c)(2) are revised to read as follows: §95.39--External transmission of classified matter. * * * * * (b) * * * (3) The outer envelope or wrapper must contain the addressee's classified mailing address. The outer envelope or wrapper may not contain any classification, additional marking or other notation that indicate that the enclosed document contains classified information. The Classified Mailing Address shall be uniquely designated for the receipt of classified information. The classified shipping address for the receipt of material (e.g., equipment) should be different from the classified mailing address for the receipt of classified documents. * * * * * (c) * * * (2) Confidential matter may be transported by one of the methods set forth in paragraph (c)(1) of this section, by U.S. express or certified mail. Express or certified mail may be used in transmission of Confidential documents to Puerto Rico or any United States territory or possession. * * * * * 60. In §95.45, paragraph (a) is revised to read as follows: §95.45--Changes in classification. (a) Documents containing classified National Security Information must be downgraded or declassified as authorized by the NRC classification guides or as determined by the NRC. Requests for downgrading or declassifying any NRC classified information should be forwarded to the NRC Division of Facilities and Security, Office of Administration, Washington, DC 20555-0001. Requests for downgrading or declassifying of Restricted Data will be forwarded to the NRC Division of Facilities and Security for coordination with the Department of Energy. * * * * * 61. Section 95.47 is revised to read as follows: §95.47--Destruction of matter containing classified information. Documents containing classified information may be destroyed by burning, pulping, or another method that ensures complete destruction of the information that they contain. The method of destruction must preclude recognition or reconstruction of the classified information. Any doubts on methods should be referred to the CSA. 62. Section 95.53 is revised to read as follows: §95.53--Termination of facility clearance. (a) If the need to use, process, store, reproduce, transmit, transport, or handle classified matter no longer exists, the facility clearance will be terminated. The facility may deliver all documents and matter containing classified information to the Commission, or to a person authorized to receive them, or must destroy all classified documents and matter. In either case, the facility shall submit a certification of nonpossession of classified information to the NRC Division of Facilities and Security within 30 days of the termination of the facility clearance. (b) In any instance where a facility clearance has been terminated based on a determination of the CSA that further possession of classified matter by the facility would not be in the interest of the national security, the facility shall, upon notice from the CSA, dispose of classified documents in a manner specified by the CSA. 63. Section 95.57 is revised to read as follows: §95.57--Reports. Each licensee or other person having a facility clearance shall report to the CSA and the Regional Administrator of the appropriate NRC Regional Office listed in 10 CFR part 73, appendix A: (a) Any alleged or suspected violation of the Atomic Energy Act, Espionage Act, or other Federal statutes related to classified information (e.g., deliberate disclosure of classified information to persons not authorized to receive it, theft of classified information). Incidents such as this must be reported within 1 hour of the event followed by written confirmation within 30 days of the incident; and (b) Any infractions, losses, compromises, or possible compromise of classified information or classified documents not falling within paragraph (a) of this section. Incidents such as these must be entered into a written log. A copy of the log must be provided to the NRC on a monthly basis. Details of security infractions including corrective action taken must be available to the CSA upon request. (c) In addition, NRC requires records for all classification actions (documents classified, declassified, or downgraded) to be submitted to the NRC Division of Facilities and Security. These may be submitted either on an "as completed" basis or monthly. The information may be submitted either electronically by an on-line system (NRC prefers the use of a dial-in automated system connected to the Division of Facilities and Security) or by paper copy using NRC Form 790. Dated at Rockville, MD, this 22nd day of March, 1999. For the Nuclear Regulatory Commission. William D. Travers, [FR Doc. 99-7842 Filed 3-31-99; 8:45 am] | ||||||||||||||||||||||||||||||||||||||||||||
