NUCLEAR REGULATORY COMMISSION [NRC ] Nuclear Regulatory Commission Insider Threat Program Policy Statement

Similar documents
Preparation of Environmental Reports for Nuclear Power Stations

NUCLEAR REGULATORY COMMISSION. [Docket Nos ; NRC ] Northern States Power Company - Minnesota; Prairie Island Nuclear Generating Plant

NUCLEAR REGULATORY COMMISSION [NRC ] Preparation of Environmental Reports for Nuclear Power Stations

NUCLEAR REGULATORY COMMISSION [NRC ] Dry Storage and Transportation of High Burnup Spent Nuclear Fuel

For Immediate Release October 7, 2011 EXECUTIVE ORDER

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, DC

SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is discontinuing a rulemaking

Department of Defense DIRECTIVE

DEPARTMENT OF THE NAVY INSIDER THREAT PROGRAM. (1) References (2) DON Insider Threat Program Senior Executive Board (DON ITP SEB) (3) Responsibilities

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE

DRAFT REGULATORY GUIDE

EXECUTIVE ORDER

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

EXECUTIVE ORDER 12333: UNITED STATES INTELLIGENCE ACTIVITIES

Defense Federal Acquisition Regulation Supplement: Micro- AGENCY: Defense Acquisition Regulations System, Department of

SUMMARY: The Department of Homeland Security (DHS) is revising its procedures

existing system of records, EDHA 24, entitled Defense and Veterans Eye Injury and Vision Registry (DVEIVR) in its

DRAFT REGULATORY GUIDE

[Docket ID BSEE ; 189E1700D2 ET1SF0000.PSB000 EEEE500000; Agency Information Collection Activities; Operations in the Outer Continental

GAO INDUSTRIAL SECURITY. DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

Department of Defense INSTRUCTION

SECRETARY OF THE ARMY WASHINGTON

(Billing Code ) Defense Federal Acquisition Regulation Supplement: Defense. Contractors Performing Private Security Functions (DFARS Case

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE. SUBJECT: Unauthorized Disclosure of Classified Information to the Public

Department of Defense DIRECTIVE

(Billing Code ) Defense Federal Acquisition Regulation Supplement: Defense. Contractors Performing Private Security Functions (DFARS Case

Department of Defense INSTRUCTION

OFFICE OF THE DIRECTOR OF NATION At INTELLIGENCE WASHINGTON, DC 20511

Department of Defense INSTRUCTION

AGENCY: Office of Postsecondary Education, Department of. ACTION: Announcement of applicable dates; request for

Preserving Investigative and Operational Viability in Insider Threat

Intelligence Community Whistleblower Protection

NRC REGULATORY ISSUE SUMMARY REQUIREMENTS FOR EXEMPT DISTRIBUTION LICENSEE ANNUAL TRANSFER REPORTS

PRIVACY IMPACT ASSESSMENT (PIA) For the

il~l IL 20 I I11 AD-A February 20, DIRECTIVE Department of Defense

Protection of Classified National Intelligence, Including Sensitive Compartmented Information

NISPOM Update & Security Basics

(Billing Code ) Defense Federal Acquisition Regulation Supplement: Costs. Related to Counterfeit Electronic Parts (DFARS Case 2016-D010)

Department of Defense DIRECTIVE

DOD DIRECTIVE INTELLIGENCE OVERSIGHT

(Billing Code ) Payment in Local Currency (Afghanistan) (DFARS Case 2013-D029) Regulation Supplement (DFARS) to incorporate into the DFARS

Department of Defense DIRECTIVE

DODEA ADMINISTRATIVE INSTRUCTION , VOLUME 1 DODEA PERSONNEL SECURITY AND SUITABILITY PROGRAM

DISA INSTRUCTION March 2006 Last Certified: 11 April 2008 ORGANIZATION. Inspector General of the Defense Information Systems Agency

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release January 17, January 17, 2014

PERSONNEL SECURITY CLEARANCES

BERKELEY POLICE DEPARTMENT. ISSUE DATE: September 18, 2012 GENERAL ORDER N-17

DEPUTY INSPECTOR GENERAL FOR INTELLIGENCE AND SPECIAL PROGRAM ASSESSMETS

Agency Information Collection Activities; Proposed Collection; Comment Request; Food

I. Preamble: II. Parties:

Defense Security Service Intelligence Oversight Awareness Training Course Transcript for CI

Agency Information Collection Activities: Proposed Collection; Comment Request; AGENCY: Federal Emergency Management Agency, DHS.

INTELLIGENCE COMMUNITY DIRECTIVE NUMBER 501

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

BERKELEY POLICE DEPARTMENT. ISSUE DATE: November 9, 2016 GENERAL ORDER N-17

DoD Update Insider Threat and the NISP

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

DOD Insider Threat Management and Analysis Center COUNTERINTELLIGENCE AWARENESS WEBINAR SERIES

CONFERENCE MATERIAL DAY ONE 19TH ANNUAL REVIEW OF THE FIELD OF NATIONAL SECURITY LAW

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, D.C

Defense Federal Acquisition Regulation Supplement: Amendments. Related to Sources of Electronic Parts (DFARS Case 2016-D013)

Department of Defense

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, DC

DEPARTMENT OF THE NAVY COUNTERINTELLIGENCE

DEPARTMENT OF THE NAVY OFFICE OF THE SECRETARY 1000 NAVY PENTAGON WASHINGTON, DC

Department of Defense INSTRUCTION

August Initial Security Briefing Job Aid

Department of Defense DIRECTIVE. Inspector General of the Department of Defense (IG DoD)

9/2/2015. The National Security Exemption. Exemption 1. Exemption 1

SUMMARY: The Gulf Coast Ecosystem Restoration Council (Council) is issuing a final

ORA Closeout Process for NIH Awards

SUBJECT: Directive-Type Memorandum (DTM) Law Enforcement Reporting of Suspicious Activity

Automated Driving Systems: Voluntary Safety Self-Assessments; Public Workshop

Department of Defense INSTRUCTION

United States District Court

February 11, 2015 Incorporating Change 4, August 23, 2018

DIRECTIVE TRANSMITTAL

Department of Defense INSTRUCTION

OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE WASHINGTON I DC

Recommendations Table

(Revised January 15, 2009) DISCLOSURE OF INFORMATION (DEC 1991)

Department of Defense DIRECTIVE

Department of Defense INSTRUCTION. Office of the Inspector General of the Department of Defense Access to Records and Information

NRC REGULATORY ISSUE SUMMARY TRANSPORTATION OF RADIOACTIVE MATERIAL QUANTITIES OF CONCERN NRC THREAT ADVISORY AND PROTECTIVE MEASURES SYSTEM

PRIVACY IMPACT ASSESSMENT (PIA) For the

SECURITY OF CLASSIFIED MATERIALS B STUDENT HANDOUT

United States Department of Justice Executive Office for United States Trustees. Report to Congress:

Billing Code DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT. 24 CFR Parts 3280, 3282, and [Docket No. FR-6075-N-01]

DEPARTMENT OF HOMELAND SECURITY REORGANIZATION PLAN November 25, 2002

system of records in its inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended.

Department of Defense DIRECTIVE. SUBJECT: Department of Defense Unclassified Controlled Nuclear Information (DoD UCNI)

INSPECTOR GENERAL DEPARTMENT OF DEFENSE 4800 MARK CENTER DRIVE ALEXANDRIA, VIRGINIA

Department of Defense DIRECTIVE

NOTICE OF PRIVACY PRACTICES

Agency Information Collection Activities: Notice of Intent to Renew Collection. SUMMARY: The Commodity Futures Trading Commission ( CFTC or

Collection of Information under Review by Office of Management and Budget; OMB

Transcription:

This document is scheduled to be published in the Federal Register on 02/25/2016 and available online at http://federalregister.gov/a/2016-04026, and on FDsys.gov [7590-01-P] NUCLEAR REGULATORY COMMISSION [NRC-2016-0033] Nuclear Regulatory Commission Insider Threat Program Policy Statement AGENCY: Nuclear Regulatory Commission. ACTION: Policy statement; issuance. SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is issuing its Insider Threat Program Policy Statement that establishes the NRC Insider Threat Program in accordance with Executive Order (E.O.) 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information. The purpose of the policy statement is to ensure the responsible sharing and safeguards of classified information, including restricted data and safeguards information, by deterring employees, contractors, and detailees holding national security clearances from becoming insider threats, detecting insiders who pose a risk to protected information, and mitigating risks. DATES: The NRC s Insider Threat Program Policy Statement is effective [INSERT DATE OF PUBLICATION IN THE FEDERAL REGISTER].

ADDRESSES: Please refer to Docket ID NRC-2016-0033 when contacting the NRC about the availability of information for this policy statement. You may access publicly-available information related to this policy statement by any of the following methods: Federal Rulemaking Web Site: Go to http://www.regulations.gov and search for Docket ID NRC-2016-0033. Address questions about NRC dockets to Carol Gallagher; telephone: 301-287-3422; e-mail: Carol.Gallagher@nrc.gov. For technical questions, contact the individual listed in the FOR FURTHER INFORMATION CONTACT section of this document. NRC s Agencywide Documents Access and Management System (ADAMS): You may obtain publicly-available documents online in the ADAMS Public Documents collection at http://www.nrc.gov/reading-rm/adams.html. To begin the search, select ADAMS Public Documents and then select Begin Web-based ADAMS Search. For problems with ADAMS, please contact the NRC s Public Document Room (PDR) reference staff at 1-800-397-4209, 301-415-4737, or by e-mail to pdr.resource@nrc.gov. The ADAMS accession number for each document referenced in this document (if that document is available in ADAMS) is provided the first time that a document is referenced. NRC s PDR: You may examine and purchase copies of public documents at the NRC s PDR, Room O1-F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland 20852. FOR FURTHER INFORMATION CONTACT: Denis Brady, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; telephone: 301-415-5768; e-mail: Denis.Brady@nrc.gov. - 2 -

SUPPLEMENTARY INFORMATION: I. Background Executive Order 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, directs all executive branch departments and agencies that have access to classified information to implement reforms to ensure responsible sharing and safeguarding of classified information on computer networks, consistent with appropriate protections for privacy and civil liberties (76 FR 63811; October 13, 2011). The E.O. also established the National Insider Threat Task Force, which issued the National Insider Threat Policy and the Minimum Standards for Executive Branch Insider Threat Programs on November 21, 2012 (see https://www.whitehouse.gov/thepress-office/2012/11/21/presidential-memorandum-national-insider-threat-policy-and-minimumstand, last visited February 8, 2016). In order to execute its primary mission essential functions, the NRC has access to and possesses classified information, including classified information on computer networks, which it protects through appropriate security procedures. This policy statement establishes the NRC s Insider Threat Program in accordance with E.O. 13587. II. Discussion The purpose of this policy statement is to ensure the responsible sharing and safeguards of classified information, including restricted data and safeguards information, by deterring employees, contractors, and detailees holding national security clearances from becoming insider threats, detecting insiders who pose a risk to protected information, and - 3 -

mitigating risks. The policy statement addresses the background, purpose, applicability, policy components, and references. This policy statement is not applicable to members of the public. The NRC s Insider Threat Program Policy Statement is published in its entirety in the attachment to this document, and is also available in ADAMS under Accession No. ML16039A282. III. Procedural Requirements Paperwork Reduction Act Statement This policy statement does not contain information collection requirements and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Congressional Review Act 801-808). This policy statement is not a rule as defined in the Congressional Review Act (5 U.S.C. Dated at Rockville, Maryland, this 18th day of February, 2016. For the Nuclear Regulatory Commission. Annette L. Vietti-Cook, Secretary of the Commission. - 4 -

ATTACHMENT NUCLEAR REGULATORY COMMISSION INSIDER THREAT PROGRAM POLICY STATEMENT 1. Background. Executive Order (E.O.) 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, directs all executive branch departments and agencies that have access to classified information to implement reforms to ensure responsible sharing and safeguarding of classified information on computer networks that are consistent with appropriate protections for privacy and civil liberties (October 7, 2011). The Executive Order also established the National Insider Threat Task Force, which issued the National Insider Threat Policy and the Minimum Standards for Executive Branch Insider Threat Programs on November 21, 2012. In order to execute its primary mission essential functions, the Nuclear Regulatory Commission (NRC) has access to and possesses classified information, including classified information on computer networks, which it protects through appropriate security procedures. 2. Purpose. This document establishes the NRC Insider Threat Program (ITP) Policy in accordance with E.O. 13587 and the Atomic Energy Act of 1954, as amended (AEA). The primary purpose of the ITP is to protect information classified under E.O. 13526 or section 142 of the AEA (restricted data), or that is safeguards information under section 147 of the AEA, as well as any such information on classified networks, by deterring employees holding national security clearances from becoming insider threats, detecting insiders who pose a risk to the protected information, and mitigating risks. The establishment of an NRC ITP is intended to achieve these goals with respect to all NRC employees, contractors, and detailees with national security clearances and access to information classified under E.O. 13526 or section 142 of the AEA or that is safeguards information under section 147 of the AEA. 3. Applicability. This policy is applicable to all NRC employees, contractors, and detailees to the NRC from other government agencies who have national security clearances and access to information classified under E.O. 13526 or section 142 of the AEA or that is safeguards information under section 147 of the AEA. 4. Policy. It is NRC policy that: (a) All NRC employees, contractors, and detailees must comply with the requirements of all current and applicable Federal laws, regulations, and policies concerning the responsible sharing and safeguarding of classified information. This includes reporting insider threat information related to potential espionage, violent acts against the Government or the Nation, and unauthorized access to or disclosure of information classified under E.O. 13526 or section 142 of the AEA or that is safeguards information under section 147 of the AEA, and any such information that is available on interconnected U.S. Government computer networks and systems. (b) Consistent with established law and policy, including the Privacy Act, the ITP uses information made available to it to identify, analyze, and respond to potential insider threats at the NRC. The ITP itself does not maintain or store any personal information. The information is maintained by the program office in which the information resides. - 5 -

(c) All NRC employees, contractors, and detailees involved in any ITP actions (including, but not limited to, gathering information or conducting inquiries) do so in accordance with all applicable Federal laws, regulations, and policies, including those pertaining to whistleblower protections, civil liberties, civil rights, criminal rights, personnel records, medical records, and privacy rights. The ITP consults with and obtains the concurrence of the NRC s Office of the General Counsel (OGC) on questions concerning these legal protections in insider threat activities, inquiries, assistance in investigations by law enforcement authorities, and other matters. (d) The ITP refers to the U.S. Federal Bureau of Investigation (FBI) information indicating that classified information is being, or may have been, disclosed in an unauthorized manner to a foreign power or an agent of a foreign power, in accordance with 50 U.S.C. 3381(e). Subject to an appropriate inquiry by the ITP, other information indicating unauthorized access to or misuse of classified information, classified networks, or safeguards information is referred to the NRC s Office of Inspector General (OIG). OGC will provide ongoing legal advice to the ITP as appropriate. 5. References. A. The Atomic Energy Act of 1954, as amended; 42 U.S.C. 2011 et. seq. B. 50 U.S.C. 3381(e). C. Inspector General Act of 1978, as amended; 5 U.S.C. Appx 1 et seq. D. Executive Order 10450, Security Requirements for Government Employment, April 27, 1953 (18 FR 2489; April 29, 1953). E. Executive Order 12333, United States Intelligence Activities, dated December 4, 1981 (as amended by Executive Orders 13284 (2003), 13355 (2004), and 13470 (2008) (46 FR 59941; December 8, 1981). F. Executive Order 12829, National Industrial Security Program, dated January 6, 1993 (58 FR 3479; January 8, 1993). G. Executive Order 12968, Access to Classified Information, dated August 4, 1995 (60 FR 40245; August 7, 1995). H. Executive Order 13526, Classified National Security Information, dated December 29, 2009 (75 FR 707; January 5, 2010). I. Executive Order 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, dated October 7, 2011 (76 FR 63811; October 13, 2011). J. NRC Management Directive 7.4, Reporting Suspected Wrongdoing and Processing of OIG Referrals. K. NRC Management Directive, Volume 12, Security. [FR Doc. 2016-04026 Filed: 2/24/2016 8:45 am; Publication Date: 2/25/2016] - 6 -

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback