NRC Cyber Security

 NRC Cyber Security.pdf

On May 15, 2018 (83 FR 22413) the U.S. Nuclear Regulatory Commission (NRC) discontinued the rulemaking activity that would have developed cyber security requirements for byproduct materials licensees possessing risk-significant quantities of radioactive materials.  The purpose of this action is to inform members of the public of the discontinuation of the rulemaking activity and to provide a brief discussion of the NRC's decision.  The rulemaking activity will no longer be reported in the NRC's portion of the Unified Agenda of Regulatory and Deregulatory Actions (the Unified Agenda).  As of May 15, 2018, the rulemaking activity discussed in this document is discontinued.   However, the NRC staff determined that it would be prudent to issue an Information Notice (IN) to communicate effective practices for cyber security to byproduct materials licensees possessing risk-significant quantities of radioactive material.  The IN will provide licensees with a better understanding of contemporary cyber security issues and strategies to protect digital assets (e.g., computers, digital alarm systems), including those used to facilitate compliance with physical security requirements, such as those in 10 CFR part 37.  The IN, which will reference existing cyber security guidance developed by the NRC's Office of Nuclear Reactor Regulation and other Federal agencies, will be issued later in 2018.