THE NRC IS NOT READY TO ENDORSE CYBERSECURITY GUIDANCE submitted by the Nuclear Energy Institute in February for agency review (NN, Apr. 2017, p. 22). In a July 21 letter to NEI, the Nuclear Regulatory Commission listed three issues with NEI 13-10, Cyber Security Control Assessments, Revision 5, that need to be addressed before agency staff can endorse the document, including NEI's proposed replacement of the term "safety" (used in Revision 4) with "safety-related." According to the letter, "By changing the term 'safety functions'... [to] the term 'safety-related,' non-safety-related systems and equipment that are relied upon to remain functional during and following accident or transient events that are not analyzed in Chapter 15 of the final safety analysis report will not be identified as direct CDAs [critical digital assets]. These CDAs, if compromised, could pose significant impact to safety-related or important-to-safety functions." The letter can be accessed from the NRC's ADAMS document retrieval system at , with a search for accession number MLI7I79A266.
展开▼
