Licensees are required to report certain medical events that meet the criteria defined in 10 CFR § 35.3045, Report and Notification of a Medical Event. Such reports allow the NRC to identify the causes of the events so as to prevent their recurrence and to notify other licensees so they can take action to prevent such events at their facilities. The NRC Staff and the Advisory Committee on the Medical Uses of Isotopes (ACMUI) perform annual reviews of medical event reports to identify trends, patterns, generic issues, and generic concerns, and to recognize any shortcomings related to specific equipment or procedures.

NRC Staff has made publicly available copies of Draft Regulatory Guide 1341, Standard Format and Content for Applications to Renew Nuclear Power Plant Operating Licenses, and a supporting Regulatory Analysis. Draft Regulatory Guide 1341 is intended to revise Regulatory Guide 1.188 (as Revision 2 thereto) to update references to other NRC license renewal guidance documents, and to expressly extend the guidance to applications for subsequent license renewal (SLR), i.e., the renewal of a reactor operating license for a second 20-year period, from 60 years to 80 years. The revised guidance document would provide applicants with a method to demonstrate compliance with the 10 CFR Part 54 requirements for both initial license renewal and SLR applications. Three SLR applications currently are under review by the NRC Staff, and others are expected to be submitted in the future.

The NRC will soon issue in the Federal Register a proposed rulemaking to amend the drug testing requirements of the Fitness for Duty (FFD) Program in 10 CFR Part 26. The proposed rule seeks to align the NRC’s drug testing requirements in Part 26 with the US Department of Health and Human Services’ (HHS’s) 2008 Mandatory Guidelines for Federal Workplace Drug Testing Programs (the 2008 Guidelines). The NRC is expected to publish the proposed rule in the coming weeks, but the draft rule with comments from the Commission is available, as well as the NRC Staff’s Draft Regulatory Analysis and Backfitting and Issue Finality.

The NRC last updated its drug testing requirements in March 2008, but HHS did not issue the 2008 Guidelines until November 2008. The NRC Staff decided to forgo another round of rulemaking to align Part 26 with the 2008 Guidelines in such close succession. Instead, the NRC Staff worked with the industry to institute a voluntary reporting system for FFD testing violations. The NRC Staff also began evaluating the effectiveness of the drug testing program changes implemented under the 2008 Guidelines. In February 2017, the NRC Staff sought Commission approval to publish a proposed rule to align the NRC’s FFD drug testing program with the 2008 Guidelines. The Commission approved this request in May 2019, subject to certain changes to the draft rule.

The Nuclear Regulatory Commission’s (NRC’s) Assistant Inspector General for Audits issued a memorandum on August 20 on the status of recommendations based on the Office of Inspector General’s (OIG’s) Audit of NRC’s Cyber Security Inspections at Nuclear Power Plants (OIG-19-A-13). As previously reported on Up & Atom, OIG recommended that the NRC work to close the critical skill gap for future cybersecurity inspection staffing, and develop and implement cybersecurity performance measures for licensees to use to demonstrate sustained program effectiveness. Based on the NRC’s July 3, 2019, response, OIG has issued this status of recommendations.

Following the July 12, 2019, release of “Power Reactor Cyber Security Program Assessment,” the Nuclear Regulatory Commission’s (NRC’s) Director of Physical and Cyber Security Policy in the Office of Nuclear Security and Incident Response issued a memorandum to NRC Staff on August 6, 2019.

The memorandum provides guidance to Staff on next steps, but also cautions that when initiating changes to the Cyber Security Program they keep several points in mind. Specifically, the Director asks Staff to ensure that changes do not adversely impact other areas of the program; that guidance revisions are consistent and incorporated throughout all documents; that, where necessary, a backfit analysis is performed; and that no changes constitute an unreasonable risk to public health and safety.

The memorandum reminds Staff that their next step, per the assessment, is to present a draft action plan by September 20, 2019. The action plan should identify enhancements to the Cyber Security Program that promote regulatory efficiency and effectiveness, while continuing to provide for reasonable assurance of public health and safety and promote common defense and security. The memorandum also praises NRC Staff for its efforts in conducting the assessment.

We will continue to monitor developments for cybersecurity at the NRC.

In a June 25, 2019, letter to the Chairman of the US Nuclear Regulatory Commission (NRC), Senators John Barrasso and Mike Braun requested that the agency develop a Generic Environmental Impact Statement (GEIS) for the construction and operation of advanced reactors. The letter asserts that a GEIS “will be a critical step to facilitate the deployment of new nuclear technologies” and “will focus NRC’s licensing efforts on the most important safety issues, reduce NRC staff resources dedicated to environmental permitting, and align with Congressional and Executive Branch efforts to conduct environmental permitting reviews more efficiently.”

The Nuclear Regulatory Commission (NRC) held a public meeting on August 8 to provide information and receive comments on the regulatory basis supporting the NRC’s rulemaking on physical security requirements for advanced reactors. The public meeting was the latest step in the NRC’s rulemaking process, which began on August 1, 2018, with the NRC Staff’s report to the Commission evaluating options for revising physical security regulations for advanced reactors. The Commission approved the NRC Staff’s proposed rulemaking plan on November 19, 2018. We previously reported on the NRC Staff’s report, the Commission’s Approval, and the publication of the regulatory basis for comment.

During the public meeting, NRC Staff summarized the regulatory basis and their recommendation for a limited-scope rulemaking. NRC Staff explained that the purpose of the rulemaking is to provide requirements and guidance for advanced reactor physical security and reduce the need for physical security exemptions—specifically from regulations requiring each site to have at least 10 armed responders for emergency security response (10 CFR § 73.55(k)(5)(ii)), and an on-site secondary alarm station to monitor potential issues (10 CFR § 73.55(i)(4)(iii)).

The Nuclear Regulatory Commission, by a 3-1 vote on August 7, agreed with the NRC Staff’s recommendation to discontinue a rulemaking on third-party arbitration of access authorization and fitness-for-duty determinations. The decision leaves admitted ambiguity, including a potential enforcement risk in the event that a licensee reinstates an individual’s revoked access authorization or a fitness-for-duty determination.

As we last reported on April 24, the NRC Staff recommended in SECY-19-0033 to withdraw a rulemaking begun in 2015 to revise the NRC’s regulations regarding whether a third-party arbitrator could review a licensee’s access authorization or fitness-for-duty decisions. In SRM-SECY-19-0033, the Commission agreed with that recommendation.

Please be aware that it appears the NRC has taken an unusual step of requesting public comment on SECY 2019-67, which is focused on proposed enhancements to the Regulatory Oversight Program (ROP). Comments are due by October 7, 2019. Please see 84FR38675. We previously reported on this SECY, which was provided by NRC Staff to the Commission, notwithstanding no requirement to do so for several of the proposed revisions. This action may have been prompted by a July 15 letter to NRC Chairman Kristine Svinicki jointly signed by the Chairman of the Committee on Energy and Commerce; Chairman of the Committee on Energy and Commerce subcommittee on Energy; Chairwoman, Committee on Appropriations; and the Chairwoman of the Committee on Appropriations Subcommittee on Energy and Water Development, and Related Agencies. We will continue to monitor developments regarding ROP modification initiatives.

On July 25, 2019, the United States Government Accountability Office (GAO) released GAO-19-384, a report to congressional requesters analyzing the cybersecurity risk management of 23 civilian agencies—including the Nuclear Regulatory Commission (NRC). Using key elements such as risk tolerance and risk mitigation strategies, GAO examined the extent to which all agencies established a cybersecurity risk management program; what challenges, if any, agencies identified in developing and implementing such programs; and what steps the Office of Management and Budget (OMB) and the US Department of Homeland Security (DHS) have taken to meet their risk management responsibilities to address any challenges agencies face in this area. In its analysis, GAO compared policies and procedures from the 23 civilian agencies to key federal cybersecurity risk management practices, attained the agencies’ own views on challenges they faced, identified and analyzed actions taken by the OMB and DHS to determine whether such actions address agency challenges, and interviewed responsible agency officials.