81 FR 9519 - Nuclear Regulatory Commission Insider Threat Program Policy Statement
NUCLEAR REGULATORY COMMISSION Federal Register Volume 81, Issue 37 (February 25, 2016)
Federal Register Volume 81, Issue 37 (February 25, 2016)
| Page Range | 9519-9520 | |
| FR Document | 2016-04026 |
[Federal Register Volume 81, Number 37 (Thursday, February 25, 2016)] [Notices] [Pages 9519-9520] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2016-04026] ----------------------------------------------------------------------- NUCLEAR REGULATORY COMMISSION [NRC-2016-0033] Nuclear Regulatory Commission Insider Threat Program Policy Statement AGENCY: Nuclear Regulatory Commission. ACTION: Policy statement; issuance. ----------------------------------------------------------------------- SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is issuing its Insider Threat Program Policy Statement that establishes the NRC Insider Threat Program in accordance with Executive Order (E.O.) 13587, ``Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information.'' The purpose of the policy statement is to ensure the responsible sharing and safeguards of classified information, including restricted data and safeguards information, by deterring employees, contractors, and detailees holding national security clearances from becoming insider threats, detecting insiders who pose a risk to protected information, and mitigating risks. DATES: The NRC's Insider Threat Program Policy Statement is effective February 25, 2016. ADDRESSES: Please refer to Docket ID NRC-2016-0033 when contacting the NRC about the availability of information for this policy statement. You may access publicly-available information related to this policy statement by any of the following methods:Federal Rulemaking Web Site: Go to http://www.regulations.gov and search for Docket ID NRC-2016-0033. Address questions about NRC dockets to Carol Gallagher; telephone: 301-287- 3422; email: [email protected]. For technical questions, contact the individual listed in the FOR FURTHER INFORMATION CONTACT section of this document. NRC's Agencywide Documents Access and Management System (ADAMS): You may obtain publicly-available documents online in the ADAMS Public Documents collection at http://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``ADAMS Public Documents'' and then select ``Begin Web-based ADAMS Search.'' For problems with ADAMS, please contact the NRC's Public Document Room (PDR) reference staff at 1-800-397-4209, 301-415-4737, or by email to [email protected]. The ADAMS accession number for each document referenced in this document (if that document is available in ADAMS) is provided the first time that a document is referenced. NRC's PDR: You may examine and purchase copies of public documents at the NRC's PDR, Room O1-F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland 20852. FOR FURTHER INFORMATION CONTACT: Denis Brady, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; telephone: 301-415-5768; email: [email protected]. SUPPLEMENTARY INFORMATION: I. Background Executive Order 13587, ``Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information,'' directs all executive branch departments and agencies that have access to classified information to implement reforms to ensure responsible sharing and safeguarding of classified information on computer networks, consistent with appropriate protections for privacy and civil liberties (76 FR 63811; October 13, 2011). The E.O. also established the National Insider Threat Task Force, which issued the ``National Insider Threat Policy'' and the ``Minimum Standards for Executive Branch Insider Threat Programs'' on November 21, 2012 (see https://www.whitehouse.gov/the-press-office/2012/11/21/presidential-memorandum-national-insider-threat-policy-and-minimum-stand, last visited February 8, 2016). In order to execute its primary mission essential functions, the NRC has access to and possesses classified information, including classified information on computer networks, which it protects through appropriate security procedures. This policy statement establishes the NRC's Insider Threat Program in accordance with E.O. 13587. II. Discussion The purpose of this policy statement is to ensure the responsible sharing and safeguards of classified information, including restricted data and safeguards information, by deterring employees, contractors, and detailees holding national security clearances from becoming insider threats, detecting insiders who pose a risk to protected information, and mitigating risks. The policy statement addresses the background, purpose, applicability, policy components, and references. This policy statement is not applicable to members of the public. The NRC's Insider Threat Program Policy Statement is published in its entirety in the attachment to this document, and is also available in ADAMS under Accession No. ML16039A282. III. Procedural Requirements Paperwork Reduction Act Statement This policy statement does not contain information collection requirements and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Congressional Review Act This policy statement is not a rule as defined in the Congressional Review Act (5 U.S.C. 801-808). Dated at Rockville, Maryland, this 18th day of February, 2016. For the Nuclear Regulatory Commission. Annette L. Vietti-Cook, Secretary of the Commission. Attachment--Nuclear Regulatory Commission Insider Threat Program Policy Statement 1. Background. Executive Order (E.O.) 13587, ``Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information,'' directs all executive branch departments and agencies that have access to classified information to implement reforms to ensure responsible sharing and safeguarding of classified information on computer networks that are consistent with appropriate protections for privacy and civil liberties (October 7, 2011). The Executive Order also established the National Insider Threat Task Force, which issued the ``National Insider Threat Policy'' and the ``Minimum Standards for Executive Branch Insider Threat Programs'' on November 21, 2012. In order to execute its primary mission essential functions, the Nuclear Regulatory Commission (NRC) has access to and possesses classified information, including classified information on computer networks, which it protects through appropriate security procedures. 2. Purpose. This document establishes the NRC Insider Threat Program (ITP) Policy in accordance with E.O. 13587 and the Atomic Energy Act of 1954, as amended (AEA). The primary purpose of the ITP is to protect information classified under E.O. 13526 or section 142 of the AEA (restricted data), or that is safeguards information under section 147 of the AEA, as well as any such information on classified networks, by [[Page 9520]] deterring employees holding national security clearances from becoming insider threats, detecting insiders who pose a risk to the protected information, and mitigating risks. The establishment of an NRC ITP is intended to achieve these goals with respect to all NRC employees, contractors, and detailees with national security clearances and access to information classified under E.O. 13526 or section 142 of the AEA or that is safeguards information under section 147 of the AEA. 3. Applicability. This policy is applicable to all NRC employees, contractors, and detailees to the NRC from other government agencies who have national security clearances and access to information classified under E.O. 13526 or section 142 of the AEA or that is safeguards information under section 147 of the AEA. 4. Policy. It is NRC policy that: (a) All NRC employees, contractors, and detailees must comply with the requirements of all current and applicable Federal laws, regulations, and policies concerning the responsible sharing and safeguarding of classified information. This includes reporting insider threat information related to potential espionage, violent acts against the Government or the Nation, and unauthorized access to or disclosure of information classified under E.O. 13526 or section 142 of the AEA or that is safeguards information under section 147 of the AEA, and any such information that is available on interconnected U.S. Government computer networks and systems. (b) Consistent with established law and policy, including the Privacy Act, the ITP uses information made available to it to identify, analyze, and respond to potential insider threats at the NRC. The ITP itself does not maintain or store any personal information. The information is maintained by the program office in which the information resides. (c) All NRC employees, contractors, and detailees involved in any ITP actions (including, but not limited to, gathering information or conducting inquiries) do so in accordance with all applicable Federal laws, regulations, and policies, including those pertaining to whistleblower protections, civil liberties, civil rights, criminal rights, personnel records, medical records, and privacy rights. The ITP consults with and obtains the concurrence of the NRC's Office of the General Counsel (OGC) on questions concerning these legal protections in insider threat activities, inquiries, assistance in investigations by law enforcement authorities, and other matters. (d) The ITP refers to the U.S. Federal Bureau of Investigation (FBI) information indicating that classified information is being, or may have been, disclosed in an unauthorized manner to a foreign power or an agent of a foreign power, in accordance with 50 U.S.C. 3381(e). Subject to an appropriate inquiry by the ITP, other information indicating unauthorized access to or misuse of classified information, classified networks, or safeguards information is referred to the NRC's Office of Inspector General (OIG). OGC will provide ongoing legal advice to the ITP as appropriate. 5. References. A. The Atomic Energy Act of 1954, as amended; 42 U.S.C. 2011 et. seq. B. 50 U.S.C. 3381(e). C. Inspector General Act of 1978, as amended; 5 U.S.C. Appx Sec. 1 et seq. D. Executive Order 10450, ``Security Requirements for Government Employment,'' April 27, 1953 (18 FR 2489; April 29, 1953). E. Executive Order 12333, ``United States Intelligence Activities,'' dated December 4, 1981 (as amended by Executive Orders 13284 (2003), 13355 (2004), and 13470 (2008) (46 FR 59941; December 8, 1981). F. Executive Order 12829, ``National Industrial Security Program,'' dated January 6, 1993 (58 FR 3479; January 8, 1993). G. Executive Order 12968, ``Access to Classified Information,'' dated August 4, 1995 (60 FR 40245; August 7, 1995). H. Executive Order 13526, ``Classified National Security Information,'' dated December 29, 2009 (75 FR 707; January 5, 2010). I. Executive Order 13587, ``Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information,'' dated October 7, 2011 (76 FR 63811; October 13, 2011). J. NRC Management Directive 7.4, ``Reporting Suspected Wrongdoing and Processing of OIG Referrals.'' K. NRC Management Directive, Volume 12, ``Security.'' [FR Doc. 2016-04026 Filed 2-24-16; 8:45 am] BILLING CODE 7590-01-P
![Federal Register / Vol. 81, No. 37 / Thursday, February 25, 2016 / Notices 9519
For the Nuclear Regulatory Commission. ‘‘ADAMS Public Documents’’ and then becoming insider threats, detecting
Alex Garmoe, select ‘‘Begin Web-based ADAMS insiders who pose a risk to protected
Acting Chief, Generic Communications Search.’’ For problems with ADAMS, information, and mitigating risks. The
Branch, Division of Policy and Rulemaking, please contact the NRC’s Public policy statement addresses the
Office of Nuclear Reactor Regulation. Document Room (PDR) reference staff at background, purpose, applicability,
[FR Doc. 2016–04023 Filed 2–24–16; 8:45 am] 1–800–397–4209, 301–415–4737, or by policy components, and references. This
BILLING CODE 7590–01–P email to pdr.resource@nrc.gov. The policy statement is not applicable to
ADAMS accession number for each members of the public.
document referenced in this document The NRC’s Insider Threat Program
NUCLEAR REGULATORY (if that document is available in Policy Statement is published in its
COMMISSION ADAMS) is provided the first time that entirety in the attachment to this
a document is referenced. document, and is also available in
[NRC–2016–0033] • NRC’s PDR: You may examine and ADAMS under Accession No.
purchase copies of public documents at ML16039A282.
Nuclear Regulatory Commission the NRC’s PDR, Room O1–F21, One
Insider Threat Program Policy III. Procedural Requirements
White Flint North, 11555 Rockville
Statement Pike, Rockville, Maryland 20852. Paperwork Reduction Act Statement
AGENCY: Nuclear Regulatory FOR FURTHER INFORMATION CONTACT: This policy statement does not
Commission. Denis Brady, Office of Administration, contain information collection
ACTION: Policy statement; issuance. U.S. Nuclear Regulatory Commission, requirements and, therefore, is not
Washington, DC 20555–0001; telephone: subject to the requirements of the
SUMMARY: The U.S. Nuclear Regulatory 301–415–5768; email: Denis.Brady@ Paperwork Reduction Act of 1995 (44
Commission (NRC) is issuing its Insider nrc.gov. U.S.C. 3501 et seq.).
Threat Program Policy Statement that
SUPPLEMENTARY INFORMATION: Congressional Review Act
establishes the NRC Insider Threat
Program in accordance with Executive I. Background This policy statement is not a rule as
Order (E.O.) 13587, ‘‘Structural Reforms Executive Order 13587, ‘‘Structural defined in the Congressional Review
to Improve the Security of Classified Reforms to Improve the Security of Act (5 U.S.C. 801–808).
Networks and the Responsible Sharing Classified Networks and the Dated at Rockville, Maryland, this 18th day
and Safeguarding of Classified Responsible Sharing and Safeguarding of February, 2016.
Information.’’ The purpose of the policy of Classified Information,’’ directs all For the Nuclear Regulatory Commission.
statement is to ensure the responsible executive branch departments and Annette L. Vietti-Cook,
sharing and safeguards of classified agencies that have access to classified
information, including restricted data Secretary of the Commission.
information to implement reforms to
and safeguards information, by deterring ensure responsible sharing and Attachment—Nuclear Regulatory
employees, contractors, and detailees safeguarding of classified information Commission Insider Threat Program
holding national security clearances on computer networks, consistent with Policy Statement
from becoming insider threats, detecting appropriate protections for privacy and 1. Background. Executive Order (E.O.)
insiders who pose a risk to protected civil liberties (76 FR 63811; October 13, 13587, ‘‘Structural Reforms to Improve the
information, and mitigating risks. 2011). The E.O. also established the Security of Classified Networks and the
DATES: The NRC’s Insider Threat National Insider Threat Task Force, Responsible Sharing and Safeguarding of
Program Policy Statement is effective which issued the ‘‘National Insider Classified Information,’’ directs all executive
February 25, 2016. Threat Policy’’ and the ‘‘Minimum branch departments and agencies that have
ADDRESSES: Please refer to Docket ID access to classified information to implement
Standards for Executive Branch Insider
reforms to ensure responsible sharing and
NRC–2016–0033 when contacting the Threat Programs’’ on November 21, safeguarding of classified information on
NRC about the availability of 2012 (see https://www.whitehouse.gov/ computer networks that are consistent with
information for this policy statement. the-press-office/2012/11/21/ appropriate protections for privacy and civil
You may access publicly-available presidential-memorandum-national- liberties (October 7, 2011). The Executive
information related to this policy insider-threat-policy-and-minimum- Order also established the National Insider
statement by any of the following stand, last visited February 8, 2016). In Threat Task Force, which issued the
methods: order to execute its primary mission ‘‘National Insider Threat Policy’’ and the
• Federal Rulemaking Web Site: Go to essential functions, the NRC has access ‘‘Minimum Standards for Executive Branch
http://www.regulations.gov and search Insider Threat Programs’’ on November 21,
to and possesses classified information,
2012. In order to execute its primary mission
for Docket ID NRC–2016–0033. Address including classified information on essential functions, the Nuclear Regulatory
questions about NRC dockets to Carol computer networks, which it protects Commission (NRC) has access to and
Gallagher; telephone: 301–287–3422; through appropriate security possesses classified information, including
email: Carol.Gallagher@nrc.gov. For procedures. This policy statement classified information on computer networks,
technical questions, contact the establishes the NRC’s Insider Threat which it protects through appropriate
individual listed in the FOR FURTHER Program in accordance with E.O. 13587. security procedures.
INFORMATION CONTACT section of this 2. Purpose. This document establishes the
II. Discussion NRC Insider Threat Program (ITP) Policy in
mstockstill on DSK4VPTVN1PROD with NOTICES
document.
• NRC’s Agencywide Documents The purpose of this policy statement accordance with E.O. 13587 and the Atomic
is to ensure the responsible sharing and Energy Act of 1954, as amended (AEA). The
Access and Management System
primary purpose of the ITP is to protect
(ADAMS): You may obtain publicly- safeguards of classified information, information classified under E.O. 13526 or
available documents online in the including restricted data and safeguards section 142 of the AEA (restricted data), or
ADAMS Public Documents collection at information, by deterring employees, that is safeguards information under section
http://www.nrc.gov/reading-rm/ contractors, and detailees holding 147 of the AEA, as well as any such
adams.html. To begin the search, select national security clearances from information on classified networks, by
VerDate Sep<11>2014 18:07 Feb 24, 2016 Jkt 238001 PO 00000 Frm 00101 Fmt 4703 Sfmt 4703 E:\FR\FM\25FEN1.SGM 25FEN1](https://thefederalregister.org/doc/81_FR_9556/page/1.svg)
![9520 Federal Register / Vol. 81, No. 37 / Thursday, February 25, 2016 / Notices
deterring employees holding national 5. References. POSTAL SERVICE
security clearances from becoming insider A. The Atomic Energy Act of 1954, as
threats, detecting insiders who pose a risk to amended; 42 U.S.C. 2011 et. seq. Product Change—First-Class Package
the protected information, and mitigating B. 50 U.S.C. 3381(e). Service Negotiated Service Agreement
risks. The establishment of an NRC ITP is C. Inspector General Act of 1978, as
intended to achieve these goals with respect amended; 5 U.S.C. Appx § 1 et seq. AGENCY: Postal ServiceTM.
to all NRC employees, contractors, and D. Executive Order 10450, ‘‘Security ACTION: Notice.
detailees with national security clearances Requirements for Government Employment,’’
and access to information classified under April 27, 1953 (18 FR 2489; April 29, 1953). SUMMARY: The Postal Service gives
E.O. 13526 or section 142 of the AEA or that E. Executive Order 12333, ‘‘United States notice of filing a request with the Postal
is safeguards information under section 147 Intelligence Activities,’’ dated December 4,
of the AEA. 1981 (as amended by Executive Orders 13284
Regulatory Commission to add a
3. Applicability. This policy is applicable (2003), 13355 (2004), and 13470 (2008) (46 domestic shipping services contract to
to all NRC employees, contractors, and FR 59941; December 8, 1981). the list of Negotiated Service
detailees to the NRC from other government F. Executive Order 12829, ‘‘National Agreements in the Mail Classification
agencies who have national security Industrial Security Program,’’ dated January Schedule’s Competitive Products List.
clearances and access to information 6, 1993 (58 FR 3479; January 8, 1993). DATES: Effective date: February 25, 2016.
classified under E.O. 13526 or section 142 of G. Executive Order 12968, ‘‘Access to
the AEA or that is safeguards information Classified Information,’’ dated August 4, FOR FURTHER INFORMATION CONTACT:
under section 147 of the AEA. 1995 (60 FR 40245; August 7, 1995). Elizabeth A. Reed, 202–268–3179.
4. Policy. It is NRC policy that: H. Executive Order 13526, ‘‘Classified SUPPLEMENTARY INFORMATION: The
(a) All NRC employees, contractors, and National Security Information,’’ dated United States Postal Service® hereby
detailees must comply with the requirements December 29, 2009 (75 FR 707; January 5, gives notice that, pursuant to 39 U.S.C.
of all current and applicable Federal laws, 2010). 3642 and 3632(b)(3), on February 18,
regulations, and policies concerning the I. Executive Order 13587, ‘‘Structural
responsible sharing and safeguarding of Reforms to Improve the Security of Classified 2016, it filed with the Postal Regulatory
classified information. This includes Networks and the Responsible Sharing and Commission a Request of the United
reporting insider threat information related to Safeguarding of Classified Information,’’ States Postal Service to Add First-Class
potential espionage, violent acts against the dated October 7, 2011 (76 FR 63811; October Package Service Contract 44 to
Government or the Nation, and unauthorized 13, 2011). Competitive Product List. Documents
access to or disclosure of information J. NRC Management Directive 7.4, are available at www.prc.gov, Docket
classified under E.O. 13526 or section 142 of ‘‘Reporting Suspected Wrongdoing and Nos. MC2016–82, CP2016–107.
the AEA or that is safeguards information Processing of OIG Referrals.’’
under section 147 of the AEA, and any such K. NRC Management Directive, Volume 12, Stanley F. Mires,
information that is available on ‘‘Security.’’ Attorney, Federal Compliance.
interconnected U.S. Government computer [FR Doc. 2016–04026 Filed 2–24–16; 8:45 am] [FR Doc. 2016–03976 Filed 2–24–16; 8:45 am]
networks and systems.
BILLING CODE 7590–01–P BILLING CODE 7710–12–P
(b) Consistent with established law and
policy, including the Privacy Act, the ITP
uses information made available to it to
identify, analyze, and respond to potential POSTAL SERVICE POSTAL SERVICE
insider threats at the NRC. The ITP itself does
not maintain or store any personal Product Change—Priority Mail Product Change—Priority Mail
information. The information is maintained Negotiated Service Agreement Negotiated Service Agreement
by the program office in which the
information resides. AGENCY: Postal ServiceTM. AGENCY: Postal ServiceTM.
(c) All NRC employees, contractors, and ACTION: Notice. ACTION: Notice.
detailees involved in any ITP actions
(including, but not limited to, gathering SUMMARY: The Postal Service gives SUMMARY: The Postal Service gives
information or conducting inquiries) do so in notice of filing a request with the Postal notice of filing a request with the Postal
accordance with all applicable Federal laws, Regulatory Commission to add a Regulatory Commission to add a
regulations, and policies, including those domestic shipping services contract to domestic shipping services contract to
pertaining to whistleblower protections, civil the list of Negotiated Service the list of Negotiated Service
liberties, civil rights, criminal rights, Agreements in the Mail Classification
Agreements in the Mail Classification
personnel records, medical records, and
privacy rights. The ITP consults with and Schedule’s Competitive Products List. Schedule’s Competitive Products List.
obtains the concurrence of the NRC’s Office DATES: Effective date: February 25, 2016. DATES: Effective date: February 25, 2016.
of the General Counsel (OGC) on questions FOR FURTHER INFORMATION CONTACT: FOR FURTHER INFORMATION CONTACT:
concerning these legal protections in insider Elizabeth A. Reed, 202–268–3179. Elizabeth A. Reed, 202–268–3179.
threat activities, inquiries, assistance in SUPPLEMENTARY INFORMATION: The
SUPPLEMENTARY INFORMATION: The
investigations by law enforcement
authorities, and other matters. United States Postal Service® hereby United States Postal Service® hereby
(d) The ITP refers to the U.S. Federal gives notice that, pursuant to 39 U.S.C. gives notice that, pursuant to 39 U.S.C.
Bureau of Investigation (FBI) information 3642 and 3632(b)(3), on February 18, 3642 and 3632(b)(3), on February 18,
indicating that classified information is 2016, it filed with the Postal Regulatory 2016, it filed with the Postal Regulatory
being, or may have been, disclosed in an Commission a Request of the United Commission a Request of the United
unauthorized manner to a foreign power or States Postal Service to Add Priority States Postal Service to Add Priority
an agent of a foreign power, in accordance Mail Contract 187 to Competitive Mail Contract 188 to Competitive
with 50 U.S.C. 3381(e). Subject to an
mstockstill on DSK4VPTVN1PROD with NOTICES
Product List. Documents are available at Product List. Documents are available at
appropriate inquiry by the ITP, other
information indicating unauthorized access www.prc.gov, Docket Nos. MC2016–79, www.prc.gov, Docket Nos. MC2016–80,
to or misuse of classified information, CP2016–104. CP2016–105.
classified networks, or safeguards Stanley F. Mires, Stanley F. Mires,
information is referred to the NRC’s Office of
Inspector General (OIG). OGC will provide Attorney, Federal Compliance. Attorney, Federal Compliance.
ongoing legal advice to the ITP as [FR Doc. 2016–03970 Filed 2–24–16; 8:45 am] [FR Doc. 2016–03967 Filed 2–24–16; 8:45 am]
appropriate. BILLING CODE 7710–12–P BILLING CODE 7710–12–P
VerDate Sep<11>2014 18:07 Feb 24, 2016 Jkt 238001 PO 00000 Frm 00102 Fmt 4703 Sfmt 9990 E:\FR\FM\25FEN1.SGM 25FEN1](https://thefederalregister.org/doc/81_FR_9556/page/2.svg)
Document Created: 2018-02-02 14:35:32
Document Modified: 2018-02-02 14:35:32
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Policy statement; issuance. | |
| Dates | The NRC's Insider Threat Program Policy Statement is effective February 25, 2016. | |
| Contact | Denis Brady, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; telephone: 301-415-5768; email: [email protected] | |
| FR Citation | 81 FR 9519 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR