The U.S. Nuclear Regulatory Commission (NRC) issued a new Regulatory Issue Summary (RIS 2015-03) to inform licensees of the requirements regarding identifying and reporting security incidents, including suspicious activity, involving Category 1 or Category 2 quantities of radioactive material under 10 CFR Part 37; when and how to report those matters; and to make recipients aware of the Protected Web Server (PWS) database used to track reports of suspicious activity. The reporting of suspicious activities is an important component of evaluating the threat against licensed facilities and material. The NRC reviews individual notifications of suspicious activities to evaluate whether potential preoperational activities (i.e., multiple events at a single site or multiple events at multiple sites) may be part of a larger plan, and integrates this information with other agencies in the homeland security and intelligence communities. This has the potential to prevent or stop malicious activity at licensee facilities. No specific action or written response is required by licensees. NRC is providing this RIS to the Agreement States for their information and for distribution to their licensees, as appropriate.