[Federal Register Volume 78, Number 152 (Wednesday, August 7, 2013)]
[Rules and Regulations]
[Pages 48037-48042]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-18947]


=======================================================================
-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION

10 CFR Part 95

[NRC-2011-0268]
RIN 3150-AJ07


Facility Security Clearance and Safeguarding of National Security 
Information and Restricted Data

AGENCY: Nuclear Regulatory Commission.

ACTION: Direct final rule.

-----------------------------------------------------------------------

SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is updating its 
regulations to standardize the frequency of required security education 
training for employees of NRC licensees possessing security clearances 
so that such training will be conducted annually consistent with the 
objectives of Executive Order 13526, Classified National Security 
Information. The rule allows licensees flexibility in determining the 
means and methods for providing this training. This action establishes 
uniformity in the frequency of licensee security education and training 
programs and enhances the protection of classified information.

DATES: This rule is effective October 21, 2013 unless significant 
adverse comments are received by September 6, 2013.

ADDRESSES: Please refer to Docket ID NRC-2011-0268 when contacting the 
NRC about the availability of information for this direct final rule. 
You may access information and comment submittals related to this 
direct final rule, which the NRC possesses and is publicly available, 
by any of the following methods:
     Federal Rulemaking Web site: Go to http://www.regulations.gov and search for Docket ID NRC-2011-0268. Address 
questions about NRC dockets to Carol Gallagher; telephone: 301-287-
3422; email: Carol.Gallagher@nrc.gov. For technical questions, please 
contact the individual listed in the FOR FURTHER INFORMATION CONTACT 
section of this proposed rule.
     NRC's Agencywide Documents Access and Management System 
(ADAMS): You may access publicly available documents online in the NRC 
Library at http://www.nrc.gov/reading-rm/adams.html. To begin the 
search, select ``ADAMS Public Documents'' and then select ``Begin Web-
based ADAMS Search.'' For problems with ADAMS, please contact the NRC's 
Public Document Room (PDR) reference staff at 1-800-397-4209, 301-415-
4737, or by email to pdr.resource@nrc.gov. The ADAMS accession number 
for each document referenced in this document (if that document is 
available in ADAMS) is provided the first time that a document is 
referenced.
     NRC's PDR: You may examine and purchase copies of public 
documents at the NRC's PDR, Room O1-F21, One White Flint North, 11555 
Rockville Pike, Rockville, Maryland 20852.

FOR FURTHER INFORMATION CONTACT: Daniel W. Lenehan, Office of the 
General Counsel, U.S. Nuclear Regulatory Commission, Washington, DC 
20555-0001; telephone: 301-415-3501, email: Daniel.Lenehan@nrc.gov.

SUPPLEMENTARY INFORMATION: 

I. Background
II. Discussion
III. Section-by-Section Analysis
IV. Procedural Background
V. Compatibility of Agreement State Regulations
VI. Plain Writing
VII. Voluntary Consensus Standards
VIII. Environmental Impact: Categorical Exclusion
IX. Paperwork Reduction Act Statement
X. Regulatory Analysis
XI. Regulatory Flexibility Act Certification
XII. Backfitting
XIII. Congressional Review Act

I. Background

    On December 29, 2009, the President signed Executive Order 13526, 
Classified National Security Information, which was published in the 
Federal Register on January 5, 2010 (75 FR 707). The Executive Order 
prescribes training requirements applicable to the NRC for the proper 
safeguarding of national security information and requires the NRC to 
ensure that classified information disseminated outside the executive 
branch is protected ``in a manner equivalent to that provided within 
the executive branch.'' The Information Security Oversight Office 
(ISOO) within the National Archives and Records Administration, which 
is responsible for issuing guidance to Federal agencies on the 
implementation of the Executive Order, issued a final rule (75 FR 
37254; June 28, 2010) amending 32 CFR parts 2001 and 2003 (ISOO 
Regulations). The final rule requires executive branch agencies to 
conduct classified information security refresher briefings for all 
cleared employees at least annually, and to provide derivative 
classification training for employees authorized to apply derivative 
classifications prior to exercising such authority and at least once 
every 2 years thereafter. This rulemaking will establish standard 
training requirements for NRC licensee security education and

[[Page 48038]]

training programs in a manner equivalent to that provided within the 
executive branch.

II. Discussion

    The NRC is issuing this direct final rule to update part 95 of 
Title 10 of the Code of Federal Regulations (10 CFR), Facility Security 
Clearance and Safeguarding of National Security Information and 
Restricted Data, Sec.  95.33, Security Education. These updates require 
NRC licensees (or their designees) to conduct classified information 
security refresher briefings for all cleared employees at least 
annually, and to provide derivative classification training for 
employees authorized to apply derivative classifications before 
exercising this authority and then at least once every 2 years 
thereafter. This rule also gives licensees flexibility in determining 
the means and methods for providing this training. The NRC regulations 
at 10 CFR 95.33 currently require NRC licensees, or their designees, to 
conduct classified information security refresher briefings for all 
cleared employees every 3 years. These regulations do not mandate a 
uniform training frequency for derivative classifiers.
    The NRC has determined that requiring cleared licensee employees to 
undergo classified information security refresher briefings at least 
annually and standardizing the derivative classification training for 
licensee employees enhances the protection of classified information by 
ensuring that cleared individuals are properly aware of their 
responsibilities to protect classified information and conform NRC 
regulations with executive branch policies.
    Section 4.1(e) of Executive Order 13526, Classified National 
Security Information (75 FR 707; January 5, 2010) (the Executive Order) 
requires the NRC to ensure that classified information disseminated 
outside the executive branch is protected ``in a manner equivalent to 
that provided within the executive branch.'' The Information Security 
Oversight Office (ISOO) within the National Archives and Records 
Administration is responsible for issuing guidance to Federal agencies 
on the implementation of the Executive Order. On June 28, 2010, ISOO 
issued a final rule (75 FR 37254; June 28, 2010; amending 32 CFR parts 
2001 and 2003 (ISOO Regulations)). The ISOO Regulations require 
executive branch agencies to conduct classified information security 
refresher briefings for all cleared employees at least annually, and to 
provide derivative classification training for employees authorized to 
apply derivative classifications prior to exercising such authority and 
at least once every 2 years thereafter. This rulemaking will 
standardize the frequency of required security education training for 
NRC licensee employees possessing security clearances in a manner 
equivalent to that provided within the executive branch.
    This direct final rule will establish standard training 
requirements for NRC licensee security education and training programs. 
Implementation of this rule will enhance the protection of classified 
information, and ensure the protection of classified information in a 
manner equivalent to that provided within the executive branch. Current 
NRC regulations only require refresher security education and training 
once every 3 years for all NRC licensee personnel who handle or 
generate classified information. Updating 10 CFR 95.33 to require 
annual training will enhance the protection of classified information 
by ensuring that all NRC licensee employees who create, process, or 
handle classified information have a satisfactory knowledge and 
understanding of classification, safeguarding, and declassification 
policies and procedures.
    Additionally, the current text of 10 CFR 95.33 does not provide for 
education and training of NRC licensee personnel authorized to apply 
derivative classification markings. This rulemaking enhances the 
protection of classified information through uniform training 
requirements for derivative classifiers. The uniform standard will have 
the beneficial effect of reducing instances of over-classification or 
improper classification, improper safeguarding, and inappropriate or 
inadequate declassification practices.
    Finally, these updated requirements are equivalent to requirements 
applicable to the Commission itself via the Executive Order and the 
ISOO Regulations. The NRC has determined that the updated requirements 
in this final rule are consistent with the NRC obligation, stated in 
Section 4.1(e) of the Executive Order, to ensure that the protection of 
classified information by NRC licensees is performed in a manner 
equivalent to that required within the executive branch.

III. Section-by-Section Analysis

    The initial paragraph of 10 CFR 95.33, Security education, is 
amended to state that program officials are responsible for determining 
the methods for providing security education and training. This 
requirement is equivalent to requirements applicable to the Commission 
pursuant to 32 CFR 2001.70(c).
    A new paragraph (e) has been added to specify that access by 
licensees' employees to classified information is subject to a 
favorable eligibility determination, signing an approved non-disclosure 
agreement and the employee's need-to-know. This requirement is 
equivalent to requirements applicable to the Commission pursuant to 
Section 4.1(a) of the Executive Order.
    Current paragraph (e) is redesignated as paragraph (f) and revised 
to specify that initial security training will be provided to every 
person who has met the criteria set forth in new paragraph (e) before 
being granted access to classified information. This requirement is 
equivalent to requirements applicable to the Commission pursuant to 32 
CFR 2001.70(d)(1).
    Current paragraph (f) is redesignated as paragraph (g) and revised 
to specify that the requirement for conducting refresher briefings for 
all of a licensee's cleared employees is changed from every 3 years to 
at least annually. This requirement is equivalent to requirements 
applicable to the Commission pursuant to 32 CFR 2001.70(d)(4).
    Current paragraph (g) is redesignated as paragraph (i) and former 
paragraph (h) is redesignated as paragraph (j).
    New paragraph (h) specifies that derivative classifiers are to 
receive training prior to derivatively classifying information and at 
least once every 2 years. This requirement is equivalent to 
requirements applicable to the Commission pursuant to 32 CFR 
2001.70(d)(3).
    Minor editorial changes were also made to Sec.  95.33.

IV. Procedural Background

    Because the NRC considers this action to be non-controversial, the 
NRC is using the direct final rule process for this rule. The 
amendments in this rule will become effective on October 21, 2013. 
However, if the NRC receives significant adverse comments on this 
direct final rule by September 6, 2013, then the NRC will publish a 
document that withdraws this action and will subsequently address the 
comments received in a final rule as a response to the companion 
proposed rule published elsewhere in this issue of the Federal 
Register. Absent significant modifications to the proposed revisions 
requiring republication, the NRC will not initiate a second comment 
period on this action.
    A significant adverse comment is a comment where the commenter

[[Page 48039]]

explains why the rule would be inappropriate, including challenges to 
the rule's underlying premise or approach, or would be ineffective or 
unacceptable without a change. A comment is adverse and significant if:
    (1) The comment opposes the rule and provides a reason sufficient 
to require a substantive response in a notice-and-comment process. For 
example, a substantive response is required when:
    (A) The comment causes the NRC to reevaluate (or reconsider) its 
position or conduct additional analysis;
    (B) The comment raises an issue serious enough to warrant a 
substantive response to clarify or complete the record; or
    (C) The comment raises a relevant issue that was not previously 
addressed or considered by the NRC.
    (2) The comment proposes a change or an addition to the rule and it 
is apparent that the rule would be ineffective or unacceptable without 
incorporation of the change or addition.
    (3) The comment causes the NRC to make a change (other than 
editorial) to the rule.
    For detailed instruction on submitting a comment, please see the 
companion proposed rule published elsewhere in this issue of the 
Federal Register.

V. Compatibility of Agreement State Regulations

    Under the ``Policy Statement on Adequacy and Compatibility of 
Agreement State Programs,'' approved by the Commission on June 30, 
1997, and published in the Federal Register on September 3, 1997 (62 FR 
46517), this rule is classified as Compatibility Category ``NRC.'' 
Compatibility is not required for Category ``NRC'' regulations. The NRC 
program elements in this category are those that relate directly to 
areas of regulation reserved to the NRC by the Atomic Energy Act of 
1954, as amended, or the provisions of 10 CFR. Although an Agreement 
State may not adopt program elements reserved to the NRC, it may wish 
to inform its licensees of certain requirements via a mechanism that is 
consistent with the particular State's administrative procedure laws 
but does not confer regulatory authority on the State.

VI. Plain Writing

    The Plain Writing Act of 2010 (Pub. L. 111-274) requires Federal 
agencies to write documents in a clear, concise, and well-organized 
manner. The NRC has written this document to be consistent with the 
Plain Writing Act as well as the Presidential Memorandum, ``Plain 
Language in Government Writing,'' published June 10, 1998 (63 FR 
31883).

VII. Voluntary Consensus Standards

    The National Technology Transfer and Advancement Act of 1995, 
Public Law 104-113, requires Federal agencies to use technical 
standards developed or adopted by voluntary consensus standards bodies 
unless the use of such a standard is inconsistent with applicable law 
or is otherwise impractical. This direct final rule amends the 
frequency of the training required for employees of NRC licensees 
handling classified information. This action is administrative in 
nature and does not involve the establishment or application of a 
technical standard containing generally applicable requirements.

VIII. Environmental Impact: Categorical Exclusion

    The NRC has determined that this direct final rule is the type of 
action described in categorical exclusions 10 CFR 51.22(c)(1), (2), and 
(3)(iv). Therefore, neither an environmental impact statement nor an 
environmental assessment has been prepared for this direct final rule.

IX. Paperwork Reduction Act Statement

    This direct final rule does not contain new or amended information 
collection requirements subject to the Paperwork Reduction Act of 1995 
(44 U.S.C. 3501 et seq.). Existing requirements were approved by the 
Office of Management and Budget (OMB), approval number 3150-0047.

Public Protection Notification

    The NRC may neither conduct nor sponsor, and a person is not 
required to respond to, an information collection request or 
requirement unless the requesting document displays a currently valid 
OMB control number.

X. Regulatory Analysis

    The NRC has prepared a regulatory analysis on this regulation. The 
analysis examines the costs and benefits of the alternatives considered 
by the NRC.

Statement of the Problem and Reasons for the Rulemaking

    The NRC regulations in 10 CFR part 95 establish procedures for 
safeguarding Secret and Confidential National Security Information and 
Restricted Data received or developed in conjunction with activities 
licensed, certified, or regulated by the Commission. The requirements 
set forth in 10 CFR 95.33 currently require security refresher training 
for all cleared employees every 3 years. However, they do not address 
initial or refresher training for persons who apply derivative 
classification markings.
    The NRC has determined that requiring cleared employees of NRC 
licensees to undergo classified information security refresher 
briefings at least annually and standardizing the derivative 
classification training for cleared employees of NRC licensees will 
enhance the protection of classified information. Annual classified 
information security refresher briefings will help ensure that cleared 
employees of NRC licensees have adequate knowledge and understanding of 
proper classification policies and procedures and thereby help reduce 
instances of improper processing, handling, storage, and 
declassification of classified information. Standardized derivative 
classification training will help ensure that cleared employees of NRC 
licensees will have a proper understanding of derivative classification 
policies and procedures and thereby help reduce instances of improper 
classification of derivative documents containing classified 
information.
    Furthermore, this rulemaking will bring the requirements for 
licensee protection of classified information into alignment with two 
new requirements imposed on the Commission for the protection of 
classified information by Executive Order 13526 and the ISOO 
Regulations implementing the requirements of the Executive Order set 
forth at 32 CFR part 2001.
    The Executive Order and the ISOO Regulations at 32 CFR 
2001.70(d)(3) specify that Federal government employees who ``apply 
derivative classification markings shall receive training in the proper 
application of the derivative classification principles of the 
Executive Order prior to derivatively classifying information and at 
least once every 2 years.'' Additionally, 32 CFR 2001.70(d)(4) directs 
each U.S. Government agency to ``provide some form of refresher 
security education and training at least annually for all its personnel 
who handle or generate classified information.''
    The purpose of this rulemaking is twofold. First, this rulemaking 
ensures that classified information possessed or accessed by employees 
of NRC licensees is effectively safeguarded. The NRC has determined 
that successful safeguarding of classified information requires 
effective security education and training programs. The NRC has further 
determined that updating its 10 CFR part 95 security education and 
training programs to achieve parity with the

[[Page 48040]]

Executive Order and the ISOO Regulations is necessary to ensure these 
programs are effective. Second, this rulemaking ``ensure[s] the 
protection of [classified] information in a manner equivalent to that 
provided within the executive branch,'' as required by Section 4.1(e) 
of the Executive Order by updating training requirements applicable to 
licensees to be equivalent to training requirements applicable to the 
Commission itself.

Background

Regulatory Objective
    The NRC objective for this final rule is to require that all 
cleared employees of NRC licensees receive security refresher training 
on an annual basis. In addition, all licensee employees who apply 
derivative classification markings shall receive training in their 
derivative classification duties prior to derivatively classifying 
information and at least once every 2 years thereafter.

Identification and Preliminary Analysis of Alternative Approaches

    No-Action Alternative: Under this option, the NRC would not amend 
the current regulations under 10 CFR part 95 to require security 
refresher training every year rather than every 3 years. The NRC would 
also not amend the current regulations under 10 CFR part 95 to require 
training for derivative classifiers prior to derivatively classifying 
information and at least once every 2 years. This option would avoid 
certain costs that the rule will impose. However, taking no action 
would mean that licensees who handle and store classified information 
are not protecting that information in accordance with the requirements 
the NRC considers necessary to be consistent with the objectives of 
Executive Order 13526 to enhance the adequate protection of classified 
information consistent with the goal of protecting national security. 
This no-action alternative is the baseline for this regulatory 
analysis.

Estimate and Evaluation of Values and Impacts

    Overview: This final rule revises the governing regulations under 
10 CFR part 95 to require licensees to handle classified information in 
the same manner as is required of employees of Federal agencies by the 
Executive Order. This rulemaking adds value because it ensures those 
licensees who are handling and derivatively marking classified 
information are appropriately trained in the protection of classified 
information in accordance with current federal standards and 
requirements.
    Impacts on Licensees: Impacts upon licensees from this final rule 
will be minimal. Only the three 10 CFR part 70 licensees and one Part 
76 Certificate holder, for which the NRC is the Cognizant Security 
Agency (CSA), would be affected by the rule. A fourth 10 CFR part 70 
licensee will be affected later this year when it becomes a possessor 
of classified matter. Of those three, two already commit in their 
internal procedures to annual security education briefings of all their 
employees and are conducting initial and refresher training of their 
employees who apply derivative classification markings more frequently 
than every 2 years. The other licensee is conducting annual refresher 
training and training its derivative classifiers at least every 2 years 
but does not commit to those requirements in its security program. It 
is estimated that there will be no one-time cost associated with 
amending their licenses through security plan changes since the only 
change is from three years to annually. Two of the three licensees have 
contractors who possess classified information and therefore, have 
their own independent security plans. It is estimated that there will 
also be no one-time cost associated with amending their licenses 
through security plan changes since the only change is from three years 
to annually. Since the majority of the training is administered 
electronically, there is little to no cost of preparing and 
administering the training sessions. Those 10 CFR part 50 licensees who 
only access classified information but do not possess it will be 
impacted minimally from the increase in frequency of security education 
briefings, since those licensees only have three to five employees who 
are cleared to access classified information. The associated security 
plan change would merely update the frequency of refresher training 
from 3 years to annually. In addition, none of their employees are 
derivative classifiers.
    Impacts on the NRC: The primary impact on the NRC will be the 
resources expended in conducting this rulemaking and reviewing the 
amended security plans and programs. The staff time to review revisions 
to security plans and programs to ensure commitment to the new 
requirements is minimal. It is estimated that this will require no more 
than 20 hours and will be accomplished by existing staff as part of 
their normal workload.
    Impacts on Other Stakeholders: The NRC staff has identified one 
impact to other stakeholders. Those contractors that support licensees 
who handle classified information but are not cleared for storage will 
have to amend their security plans to change the frequency of refresher 
training from 3 years to annually. These contractors are not required 
to have derivative classifiers.

XI. Regulatory Flexibility Act Certification

    Under the Regulatory Flexibility Act, 5 U.S.C 605(b), the 
Commission certifies that this direct final rule amending 10 CFR part 
95 does not have a significant economic impact on a substantial number 
of small entities. This direct final rule applies to those licensees 
who generate, receive, safeguard, and store National Security 
Information or Restricted Data (as defined in 10 CFR part 95). The 
requirements in this direct final rule apply to licensees who operate 
power reactors as well as licensees operating fuel cycle facilities. 
None of these licensees are ``small entities'' as defined in the 
Regulatory Flexibility Act or the size standards established by the NRC 
(10 CFR 2.810). This direct final rule also applies to contractors of 
those licensees required to comply with this direct final rule who 
generate, receive, safeguard, and store National Security Information 
or Restricted Data (as defined in 10 CFR part 95), received or 
developed in conjunction with activities licensed, certified, or 
regulated by the Commission. Some of these contractors may be ``small 
entities'' as defined in the Regulatory Flexibility Act or the NRC's 
size standards. However, the impact on these contractors is not 
significant because it is the licensees, not the contractors, who are 
required to offer the training and absorb its costs.

XII. Backfitting

    This direct final rule will apply to all NRC licensees who receive 
or possess Classified National Security Information. The NRC has 
determined that the modifications constitute backfitting as defined in 
10 CFR 50.109 for power reactors, 10 CFR 76.76 for gaseous diffusion 
plants, 10 CFR 72.62 for independent spent fuel storage installations 
or monitored retrievable storage installations, and 10 CFR 70.76 for 
special nuclear material licensees. Consequently, the NRC has prepared 
the following backfit analysis. The Commission has determined that 
there will be a substantial increase in the overall common defense and 
security derived from the backfit, and that the direct and indirect 
costs that will result from the implementation of the backfit are 
justified.

[[Page 48041]]

A Statement of the Specific Objectives That the Backfit is Designed to 
Achieve.

    The Commission is amending its regulations at 10 CFR 95.33 to 
update the frequency of training requirements applicable to licensees 
in order to enhance the protection of classified information, and to 
ensure that there is no discrepancy in the level of protection afforded 
such information regardless of whether it is in the possession of the 
NRC or of its licensees. The objective of the backfit is to ensure that 
protection of Secret and Confidential National Security Information and 
Restricted Data received or developed in conjunction with activities 
licensed, certified, or regulated by the Commission, in the possession 
of Commission licensees is enhanced and is as well protected as such 
information would be if it was in the hands of the Commission itself.

A General Description of the Activity That Would Be Required of the 
Licensee or the Applicant To Complete the Backfit.

    Licensee personnel who apply derivative classification markings 
will receive training in the proper application of the derivative 
classification principles, with an emphasis on avoiding over-
classification, at least once every 2 years. In addition, licensees 
will be required to provide some form of refresher security education 
and training at least annually for all of its personnel who handle or 
generate classified information.

The Potential Change in the Risk to the Public From the Accidental 
Offsite Release of Radioactive Material.

    None.

The Potential Impact on the Radiological Exposure of Facility 
Employees.

    None.

The Installation and Continuing Costs Associated With the Backfit, 
Including the Cost of Facility Downtime or the Cost of Construction 
Delay.

    Impacts upon licensees from this direct final rule will be minimal. 
There are only three 10 CFR part 70 licensees and one Part 76 
Certificate holder who possess classified information. A fourth 10 CFR 
part 70 licensee will be affected later this year when it becomes a 
possessor of classified matter. Of those three, two already commit in 
their internal procedures to annual security education briefings of all 
their employees and are conducting initial and refresher training of 
their employees who apply derivative classification markings more 
frequently than every 2 years. The other licensee is conducting annual 
refresher training and training its derivative classifiers at least 
every 2 years but does not commit to those requirements in its security 
program. It is estimated that there will be no one-time cost associated 
with amending licenses through security plan changes since the only 
change is from three years to annually. Two of the three licensees have 
contractors who possess classified information and therefore, have 
their own independent security plans. It is estimated that there will 
also be no one-time cost associated with amending licenses through 
security plan changes ranges since the only change is from three years 
to annually. Since the majority of the training is administered 
electronically, there is little to no cost of preparing and 
administering the training sessions. Those 10 CFR part 50 licensees who 
only access classified information but do not posses it will be 
impacted minimally from the increase in frequency of security education 
briefings since those licensees only have three to five employees who 
are cleared for access to classified information. The associated 
security plan change would merely update the frequency of refresher 
training from 3 years to annually. In addition, none of their employees 
are derivative classifiers.
    The NRC staff has identified one impact to other stakeholders. 
Those contractors that support licensees who handle classified 
information but are not cleared for storage will have to amend their 
security plans to change the frequency of refresher training from 3 
years to annually. These contractors are not required to have 
derivative classifiers.

The Potential Safety Impact of Changes in Plant or Operational 
Complexity, Including the Relationship to Proposed and Existing 
Regulatory Requirements.

    None.

The Estimated Resource Burden on the NRC Associated With the Backfit 
and the Availability of NRC Resources.

    The primary impact on the NRC will be the resources expended in 
conducting this rulemaking and reviewing the amended security plans and 
programs. The staff time to review revisions to security plans to 
ensure commitment to the new requirements is minimal.

The Potential Impact of Differences in Facility Type, Design, or Age on 
the Relevance and Practicality of the Backfit.

    None.

Whether the Backfit is Interim or Final and, if Interim, the 
Justification for Imposing the Backfit on an Interim Basis.

    The backfit is final.

XIII. Congressional Review Act

    Under the Congressional Review Act of 1996, the NRC has determined 
that this action is not a major rule and has verified this 
determination with the Office of Information and Regulatory Affairs of 
OMB.

List of Subjects in 10 CFR Part 95

    Classified information, Criminal penalties, Reporting and 
recordkeeping requirements, Security measures.
    For the reasons set forth in the preamble and under the authority 
of the Atomic Energy Act of 1954, as amended; the Energy Reorganization 
Act of 1974, as amended; and 5 U.S.C. 552 and 553; the NRC is adopting 
the following amendments to 10 CFR part 95.

PART 95--FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL 
SECURITY INFORMATION AND RESTRICTED DATA

0
1. The authority citation for part 95 continues to read as follows:

    Authority: Atomic Energy Act Secs. 145, 161, 223, 234 (42 U.S.C. 
2165, 2201, 2273, 2282); Energy Reorganization Act sec. 201 (42 
U.S.C.5841); Government Paperwork Elimination Act sec. 1704 (44 
U.S.C. 3504 note); E.O. 10865, as amended, 3 CFR 1959-1963 Comp., p. 
398 (50 U.S.C. 401, note); E.O. 12829, 3 CFR, 1993 Comp., p. 570; EO 
13526, 3 CFR 2010 Comp., pp. 298-327; E.O. 12968, 3 CFR, 1995 Comp., 
p. 391; E.O. 13526, 3 CFR, 2010 Comp., p. 298.

0
2. Revise Sec.  95.33 to read as follows:


Sec.  95.33  Security education.

    All cleared employees must be provided with security training and 
briefings commensurate with their involvement with classified 
information. The facility official(s) responsible for the program shall 
determine the means and methods for providing security education and 
training. A licensee or other entity subject to part 95 may obtain 
defensive security, threat awareness, and other education and training 
information and material from their Cognizant Security Agency (CSA) or 
other appropriate sources.

[[Page 48042]]

    (a) Facility Security Officer Training. Licensees or other entities 
subject to part 95 are responsible for ensuring that the Facility 
Security Officer, and other personnel performing security duties, 
complete security training deemed appropriate by the CSA. Training 
requirements must be based on the facility's involvement with 
classified information and may include a Facility Security Officer 
Orientation Course and, for Facility Security Officers at facilities 
with safeguarding capability, a Facility Security Officer Program 
Management Course. Training, if required, should be completed within 1 
year of appointment to the position of Facility Security Officer.
    (b) Government-Provided Briefings. The CSA is responsible for 
providing initial security briefings to the Facility Security Officer, 
and for ensuring that other briefings required for special categories 
of information are provided.
    (c) Temporary Help Suppliers. A temporary help supplier, or other 
contractor who employs cleared individuals solely for dispatch 
elsewhere, is responsible for ensuring that required briefings are 
provided to their cleared personnel. The temporary help supplier or the 
using licensee's, certificate holder's, or other person's facility may 
conduct these briefings.
    (d) Classified Information Nondisclosure Agreement (SF-312). The 
SF-312 is an agreement between the United States and an individual who 
is cleared for access to classified information. An employee issued an 
initial access authorization must, in accordance with the requirements 
of Sec.  25.23 of this chapter, execute an SF-312 before being granted 
access to classified information. The Facility Security Officer shall 
forward the executed SF-312 to the CSA for retention. If the employee 
refuses to execute the SF-312, the licensee or other facility shall 
deny the employee access to classified information and submit a report 
to the CSA. The SF-312 must be signed and dated by the employee and 
witnessed. The employee's and witness' signatures must bear the same 
date.
    (e) Access to Classified Information. Employees may have access to 
classified information only if:
    (1) A favorable determination of eligibility for access has been 
made with respect to such employee by the CSA;
    (2) The employee has signed an approved non-disclosure agreement; 
and
    (3) The employee has a need-to-know the information.
    (f) Initial Security Briefings. Initial training shall be provided 
to every employee who has met the standards for access to classified 
information in accordance with paragraph (e) of this section before the 
employee is granted access to classified information. The initial 
training shall include the following topics:
    (1) A Threat Awareness Briefing;
    (2) A Defensive Security Briefing;
    (3) An overview of the security classification system;
    (4) Employee reporting obligations and requirements; and
    (5) Security procedures and duties applicable to the employee's 
job.
    (g) Refresher Briefings. The licensee or other entities subject to 
part 95 shall conduct refresher briefings for all cleared employees at 
least annually. As a minimum, the refresher briefing must reinforce the 
information provided during the initial briefing and inform employees 
of appropriate changes in security regulations. This requirement may be 
satisfied by use of audio/video materials and/or by issuing written 
materials to cleared employees.
    (h) Persons who apply derivative classification markings shall 
receive training specific to the proper application of the derivative 
classification principles of Executive Order 13526, Classified National 
Security Information (75 FR 707; January 5, 2010), before derivatively 
classifying information and at least once every 2 years thereafter.
    (i) Debriefings. Licensee and other facilities shall debrief 
cleared employees at the time of termination of employment (discharge, 
resignation, or retirement); when an employee's access authorization is 
terminated, suspended, or revoked; and upon termination of the Facility 
Clearance.
    (j) Records reflecting an individual's initial and refresher 
security orientations and security termination must be maintained for 3 
years after termination of the individual's access authorization.

    Dated at Rockville, Maryland, this 23rd day of July, 2013.
    For the Nuclear Regulatory Commission.
R. William Borchardt,
Executive Director for Operations.
[FR Doc. 2013-18947 Filed 8-6-13; 8:45 am]
BILLING CODE 7590-01-P