Secs. 145, 161, 68 Stat. 942, 948, as amended (42 U.S.C. 2165, 2201); sec. 201, 88 Stat. 1242, as amended (42 U.S.C. 5841); E.O. 10865, as amended, 3 CFR 1959—1963 Comp., p. 398 (50 U.S.C. 401, note); E.O. 12829, 3 CFR, 1993 Comp., p. 570; E.O. 12958, 3 CFR, 1995 Comp., p. 333; E.O. 12968, 3 CFR, 1995 Comp., p. 396.
Appendix A also issued under 96 Stat. 1051 (31 U.S.C. 9701).
The regulations in this part establish procedures for granting, reinstating, extending, transferring, and terminating access authorizations of licensee personnel, licensee contractors or agents, and other persons (e.g., individuals involved in adjudicatory procedures as set forth in 10 CFR part 2, subpart I) who may require access to classified information.
The regulations in this part apply to licensees and others who may require access to classified information related to a license or an application for a license.
Except as specifically authorized by the Commission in writing, no interpretation of the meaning of the regulations in this part by any officer or employee of the Commission other than a written interpretation by the General Counsel will be recognized to be binding upon the Commission.
(a) The Nuclear Regulatory Commission has submitted the information collection requirements contained in this part to the Office of Management and Budget (OMB) for approval as required by the Paperwork Reduction Act (44 U.S.C. 3501 et seq.). The NRC may not conduct or sponsor and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. OMB has approved the information collection requirements contained in this part under control number 3150-0046.
(b) The approved information collection requirements contained in this part appear in §§ 25.11, 25.17, 25.21, 25.23, 25.25, 25.27, 25.29, 25.31, 25.33, and 25.35.
(c) This part contains information collection requirements in addition to those approved under the control number specified in paragraph (a) of this section. These information collection requirements and the control numbers under which they are approved are as follows:
(1) In §§ 25.17(b), 25.21(c), 25.27(a), 25.29, and 25.31, NRC Form 237 is approved under control number 3150-0050.
(2) In §§ 25.17(c), 25.21(c), 25.27(b), 25.29, and 25.31, SF-86 is approved under control number 3206-0007.
(3) In § 25.21(b), NRC Form 354 is approved under control number 3150-0026.
(4) In § 25.33, NRC Form 136 is approved under control number 3150-0049.
(5) In § 25.35, NRC Form 277 is approved under control number 3150-0051.
Except where otherwise specified, all communications and reports concerning the regulations in this part should be addressed to the Director, Division of Security, U.S. Nuclear Regulatory Commission, Washington, DC 20555.
The Commission may, upon application of any interested party, grant an exemption from the requirements of this part 25. Exemptions will be granted only if they are authorized by law and will not constitute an undue risk to the common defense and security. Documentation related to the request, notification and processing of an exemption shall be maintained for three years beyond the period covered by the exemption.
(a) Each licensee or organization employing individuals approved for personnel security access authorization under this part, shall maintain records as prescribed within the part. These records are subject to review and inspection by CSA representatives during security reviews.
(b) Each record required by this part must be legible throughout the retention period specified by each Commission regulation. The record may be the original or a reproduced copy or a microform provided that the copy or microform is authenticated by authorized personnel and that the microform is capable of producing a clear copy throughout the required retention period. The record may also be stored in electronic media with the capability for producing legible, accurate, and complete records during the required retention period. Records such as letters, drawings, specifications, must include all pertinent information such as stamps, initials, and signatures. The licensee shall maintain adequate safeguards against tampering with and loss of records.
(a) A “Q” access authorization permits an individual access on a need-to-know basis to (1) Secret and Confidential Restricted Data and (2) Secret and Confidential National Security Information including intelligence information, CRYPTO (i.e., cryptographic information) or other classified communications security (COMSEC) information.
(b) An “L” access authorization permits an individual access on a need-to-know basis to Confidential Restricted Data and Secret and Confidential National Security Information other than the categories specifically included in paragraph (a) of this section. In addition, access to certain Confidential COMSEC information is permitted as authorized by a National Communications Security Committee waiver dated February 14, 1985.
(c) Each employee of the Commission is processed for one of the two levels of access authorization. Licensees and other persons will furnish National Security Information and/or Restricted Data to a Commission employee on official business when the employee has the appropriate level of NRC access authorization and need-to-know. Some individuals are permitted to begin NRC employment without an access authorization. However, no NRC employee shall be permitted access to any classified information until the appropriate level of access authorization has been granted to that employee by NRC.
(a) Access authorizations must be requested for licensee employees or other
(b) The request must be submitted to the facility CSA. If the NRC is the CSA, the procedures in § 25.17 (c) and (d) will be followed. If the NRC is not the CSA, the request will be submitted to the CSA in accordance with procedures established by the CSA. The NRC will be notified of the request by a letter that includes the name, Social Security number and level of access authorization.
(c) The request must include a completed personnel security packet (see § 25.17(d)) and request form (NRC Form 237) signed by a licensee, licensee contractor official, or other authorized person.
(d)(1) Each personnel security packet submitted must include the following completed forms:
(i) Questionnaire for National Security Positions (SF-86, Parts 1 and 2) (Part 2 is to be completed by the applicant and placed in a sealed envelope which is to be forwarded to NRC unopened. No licensee, licensee contractor official, or other person at a facility is permitted to review Part 2 information);
(ii) Two standard fingerprint cards (FD-258);
(iii) Security Acknowledgment (NRC Form 176); and
(iv) Other related forms where specified in accompanying instructions (NRC Form 254).
(2) Only a Security Acknowledgment (NRC Form 176) need be completed by any person possessing an active access authorization, or who is being processed for an access authorization, by another Federal agency. The active or pending access authorization must be at an equivalent level to that required by the NRC and be based on an adequate investigation of not more than five years old.
(e) To avoid delays in processing requests for access authorizations, each security packet should be reviewed for completeness and correctness (including legibility of response on the forms) before submittal.
(f) Applications for access authorization or access authorization renewal processing that are submitted to the NRC for processing must be accompanied by a check or money order, payable to the United States Nuclear Regulatory Commission, representing the current cost for the processing of each “Q” and “L” access authorization, or renewal request. Access authorization and access authorization renewal fees will be published each time the Office of Personnel Management notifies the NRC of a change in the rates it charges the NRC for the conduct of investigations. Any changed access authorization or access authorization renewal fees will be applicable to each access authorization or access authorization renewal request received upon or after the date of publication. Applications from individuals having current Federal access authorizations may be processed more expeditiously and at less cost, since the Commission may accept the certification of access authorization and investigative data from other Federal Government agencies that grant personnel access authorizations.
Each application for access authorization or access authorization renewal must be submitted to the CSA. If the NRC is the CSA, the application and its accompanying fee must be submitted to the NRC Division of Security. If necessary, the NRC Division of Security may obtain approval from the appropriate Commission office exercising licensing or regulatory authority before processing the access authorization or access authorization renewal request. If the applicant is disapproved for processing, the NRC Division of Security shall notify the submitter in writing and return the original application (security packet) and its accompanying fee.
(a) Following receipt by the CSA of the reports of the personnel security
(b) The CSA must be promptly notified of developments that bear on continued eligibility for access authorization throughout the period for which the authorization is active (e.g., persons who marry subsequent to the completion of a personnel security packet must report this change by submitting a completed NRC Form 354, “Data Report on Spouse” or equivalent CSA form).
(c)(1) Except as provided in paragraph (c)(2) of this section, NRC “Q” and “L” access authorizations must be renewed every five years from the date of issuance. An application for renewal must be submitted at least 120 days before the expiration of the five year period, and must include:
(i) A statement by the licensee or other person that the individual continues to require access to classified National Security Information or Restricted Data; and
(ii) A personnel security packet as described in § 25.17(d).
(2) Renewal applications and the required paperwork are not required for individuals who have a current and active access authorization from another Federal agency and who are subject to a reinvestigation program by that agency that is determined by the NRC to meet the NRC's requirements. (The DOE Reinvestigation Program has been determined to meet the NRC's requirements). For these individuals, the submission of the SF-86 by the licensee or other person to the other government agency pursuant to their reinvestigation requirements will satisfy the NRC renewal submission and paperwork requirements, even if less than five years has passed since the date of issuance or renewal of the NRC “Q” or “L” access authorization. Any NRC access authorization continued in response to the provisions of this paragraph will, thereafter, not be due for renewal until the date set by the other government agency for the next investigation of the individual pursuant to the other agency's reinvestigation program. However, the period of time for the initial and each subsequent NRC “Q” or NRC “L” renewal application to the NRC may not exceed seven years. Any individual who is subject to the reinvestigation program requirements of another Federal agency but, for administrative or other reasons, does not submit reinvestigation forms to that agency within seven years of the previous submission, shall submit a renewal application to the NRC using the forms prescribed in § 25.17(d) before the expiration of the seven-year period.
(3) If the NRC is not the CSA, reinvestigation program procedures will be set by the CSA.
The determination to grant or renew access authorization will be furnished in writing to the licensee or organization that initiated the request. Upon receipt of the notification of original grant of access authorization, the licensee or organization shall obtain, as a condition for grant of access authorization and access to classified information, an executed “Classified Information Nondisclosure Agreement” (SF-312) from the affected individual. The SF-312 is an agreement between the United States and an individual who is cleared for access to classified information. An employee issued an initial access authorization shall execute a SF-312 before being granted access to classified information. The licensee or other organization shall forward the executed SF-312 to the CSA for retention. If the employee refuses to execute the SF-312, the licensee or
(a) In those cases in which the determination was made as a result of a Personnel Security Hearing or by Personnel Security Review Examiners; or
(b) When the individual also is the official designated by the licensee or other organization to whom written NRC notifications are forwarded.
When a request for an individual's access authorization or renewal of access authorization is withdrawn or canceled, the requestor shall notify the CSA immediately by telephone so that the full field investigation, National Agency Check with Credit Investigation, or other personnel security action may be discontinued. The requestor shall identify the full name and date of birth of the individual, the date of request, and the type of access authorization or access authorization renewal requested. The requestor shall confirm each telephone notification promptly in writing.
(a) In conjunction with a new request for access authorization (NRC Form 237 or CSA equivalent) for individuals whose cases were previously canceled, new fingerprint cards (FD-257) in duplicate and a new Security Acknowledgment (NRC Form 176), or CSA equivalent, must be furnished to the CSA along with the request.
(b) Additionally, if 90 days or more have elapsed since the date of the last Questionnaire for Sensitive Positions (SF-86), or CSA equivalent, the individual must complete a personnel security packet (see § 25.17(d)). The CSA, based on investigative or other needs, may require a complete personnel security packet in other cases as well. A fee, equal to the amount paid for an initial request, will be charged only if a new or updating investigation by the NRC is required.
(a) An access authorization can be reinstated provided that:
(1) No more than 24 months has lapsed since the date of termination of the clearance;
(2) There has been no break in employment with the employer since the date of termination of the clearance;
(3) There is no known adverse information;
(4) The most recent investigation must not exceed 5 years (Top Secret, Q) or 10 years (Secret, L); and
(5) The most recent investigation must meet or exceed the scope of the investigation required for the level of access authorization that is to be reinstated or granted.
(b) An access authorization can be reinstated at the same, or lower, level by submission of a CSA-designated form to the CSA. The employee may not have access to classified information until receipt of written confirmation of reinstatement and an up-to-date personnel security packet will be furnished with the request for reinstatement of an access authorization. A new Security Acknowledgement will be obtained in all cases. Where personnel security packets are not required, a request for reinstatement must state the level of access authorization to be reinstated and the full name and date of birth of the individual to establish positive identification. A fee, equal to the amount paid for an initial request,
(a) The NRC Division of Security may, on request, extend the authorization of an individual who possesses an access authorization in connection with a particular employer or activity, to permit access to classified information in connection with an assignment with another employer or activity.
(b) The NRC Division of Security may, on request, transfer an access authorization when an individual's access authorization under one employer or activity is terminated, simultaneously with the individual being granted access authorization for another employer or activity.
(c) Requests for extension or transfer of access authorization must state the full name of the person, his date of birth and level of access authorization. The Director, Division of Security, may require a new personnel security packet (see § 25.17(c)) to be completed by the applicant. A fee, equal to the amount paid for an initial request, will be charged only if a new or updating investigation by the NRC is required.
(d) The date of an extension or transfer of access authorization may not be used to determine when a request for renewal of access authorization is required. Access authorization renewal requests must be timely submitted, in accordance with § 25.21(c).
(a) Access authorizations will be terminated when:
(1) Access authorization is no longer required;
(2) An individual is separated from employment or the activity for which he obtained an access authorization for a period of 90 days or more; or
(3) An individual, pursuant to 10 CFR part 10 or other CSA approved adjudicatory standards, is no longer eligible for access authorization.
(b) A representative of the licensee or other organization that employs theindividual whose access authorization will be terminated shall immediately notify the CSA when the circumstances noted in paragraphs (a)(1) or (a)(2) of this section exist; inform the individual that his access authorization is being terminated, and the reason; and that he will be considered for reinstatement of access authorization if he resumes work requiring it.
(c) When an access authorization is to be terminated, a representative of the licensee or other organization shall conduct a security termination briefing of the individual involved, explain the Security Termination Statement (NRC Form 136 or CSA approved form) and have the individual complete the form. The representative shall promptly forward the original copy of the completed Security Termination Statement to CSA.
(a) The number of classified visits must be held to a minimum. The licensee, certificate holder, or other facility shall determine that the visit is necessary and that the purpose of the visit cannot be achieved without access to, or disclosure of, classified information. All classified visits require advanced notification to, and approval of, the organization to be visited. In urgent cases, visit information may be furnished by telephone and confirmed in writing.
(b) Representatives of the Federal Government, when acting in their official capacities as inspectors, investigators, or auditors, may visit a licensee, certificate holder or other's facility without furnishing advanced notification, provided these representatives present appropriate government credentials upon arrival. Normally, however, Federal representatives will provide advanced notification in the form of an NRC Form 277, “Request for Visit or Access Approval,” with the “need-to-know” certified by the appropriate NRC office exercising licensing or regulatory authority and verification of
(c) The licensee, certificate holder, or others shall include the following information on all Visit Authorization Letters (VAL) which they prepare.
(1) Visitor's name, address, and telephone number and certification of the level of the facility security clearance;
(2) Name, date and place of birth, and citizenship of the individual intending to visit;
(3) Certification of the proposed visitor's personnel clearance and any special access authorizations required for the visit;
(4) Name of person(s) to be visited;
(5) Purpose and sufficient justification for the visit to allow for a determination of the necessity of the visit; and
(6) Date or period during which the VAL is to be valid.
(d) Classified visits may be arranged for a 12 month period. The requesting facility shall notify all places honoring these visit arrangements of any change in the individual's status that will cause the visit request to be canceled before its normal termination date.
(e) The responsibility for determining need-to-know in connection with a classified visit rests with the individual who will disclose classified information during the visit. The licensee, certificate holder or other facility shall establish procedures to ensure positive identification of visitors before the disclosure of any classified information.
(a) An injunction or other court order may be obtained to prohibit a violation of any provision of:
(1) The Atomic Energy Act of 1954, as amended;
(2) Title II of the Energy Reorganization Act of 1974, as amended; or
(3) Any regulation or order issued under these Acts.
(b) National Security Information is protected under the requirements and sanctions of Executive Order 12356.
(a) Section 223 of the Atomic Energy Act of 1954, as amended, provides for criminal sanctions for willful violation of, attempted violation of, or conspiracy to violate, any regulation issued under sections 161b, 161i, or 161o of the Act. For purposes of section 223, all the regulations in part 25 are issued under one or more of sections 161b, 161i, or 161o, except for the sections listed in paragraph (b) of this section.
(b) The regulations in part 25 that are not issued under sections 161b, 161i, or 161o for the purposes of section 223 are as follows: §§ 25.1, 25.3, 25.5, 25.7, 25.8, 25.9, 25.11, 25.19, 25.25, 25.27, 25.29, 25.31, 25.37, and 25.39.