(a) Introduction. (1) By March 31, 2010, each nuclear power reactor licensee, licensed under 10 CFR part 50, shall implement the requirements of this section through revisions to its Commission-approved Physical Security Plan.

(2) The licensee shall establish, implement and maintain its access authorization program in accordance with the requirements of this section.

(3) Each applicant for an operating license under the provisions of part 50 of this chapter, and each holder of a combined license under the provisions of part 52 of this chapter, shall implement the requirements of this section before fuel is allowed on site (protected area).

(4) The licensee or applicant may accept, in part or whole, an access authorization program implemented by a contractor or vendor to satisfy appropriate elements of the licensee's access authorization program in accordance with the requirements of this section. Only a licensee shall grant an individual unescorted access. Licensees and applicants shall certify individuals' unescorted access authorization and are responsible to maintain, deny, terminate, or withdraw unescorted access authorization.

(b) Applicability. (1) The following individuals shall be subject to an access authorization program:

(i) Any individual to whom a licensee intends to grant unescorted access to nuclear power plant protected or vital areas or any individual for whom a licensee or an applicant intends to certify unescorted access authorization;

(ii) Any individual whose duties and responsibilities permit the individual to take actions by electronic means, either on site or remotely, that could adversely impact the licensee's or applicant's operational safety, security, or emergency preparedness;

(iii) Any individual who has responsibilities for implementing a licensee's or applicant's protective strategy, including, but not limited to, armed security force officers, alarm station operators, and tactical response team leaders; and

(iv) The licensee or applicant access authorization program reviewing official or contractor or vendor access authorization program reviewers.

(2) Other individuals, at the licensee's or applicant's discretion, including employees of a contractor or a vendor who are designated in access authorization program procedures, are subject to an access authorization program that meets the requirements of this section.

(c) General performance objective. The licensee's or applicant's access authorization program must provide high assurance that the individuals who are specified in paragraph (b)(1), and, if applicable, paragraph (b)(2) of this section are trustworthy and reliable, such that they do not constitute an unreasonable risk to public health and safety or the common defense and security, including the potential to commit radiological sabotage.

(d) Background investigation. In order to grant an individual unescorted access to the protected area or vital area of a nuclear power plant or certify an individual unescorted access authorization, licensees, applicants and contractors or vendors shall ensure that the individual has been subject to a background investigation. The background investigation must include, but is not limited to, the following elements:

(1) Informed consent. Licensees, applicants, and contractors or vendors shall not initiate any element of a background investigation without the informed and signed consent of the subject individual. This consent shall include authorization to share personal information with appropriate entities. The licensee or applicant to whom the individual is applying for unescorted access and unescorted access authorization, respectively, or the contractors or vendors supporting the licensee or applicant shall inform the individual of his or her right to review information collected to assure its accuracy, and provide the individual with an opportunity to correct any inaccurate or incomplete information that is developed by licensees, applicants, or contractors or vendors about the individual.

(i) The subject individual may withdraw his or her consent at any time. Licensees, applicants, and contractors or vendors shall inform the individual that:

(A) Withdrawal of his or her consent will remove the individual's application for access authorization under the licensee's or applicant's access authorization program or contractor or vendor access authorization program; and

(B) Other licensees and applicants shall have access to information documenting the withdrawal. Additionally, the contractors or vendors may have the same access to the information, if such information is necessary for assisting licensees or applicants complying with requirements set forth in this section.

(ii) If an individual withdraws his or her consent, licensees, applicants, and contractors or vendors may not initiate any elements of the background investigation that were not in progress at the time the individual withdrew his or her consent, but shall complete any background investigation elements that are in progress at the time consent is withdrawn. The licensee or applicant shall record the status of the individual's application for unescorted access or unescorted access authorization, respectively. Contractors or vendors may record the status of the individual's application for unescorted access or unescorted access authorization for licensees or applicants. Additionally, licensees, applicants, or contractors or vendors shall collect and maintain the individual's application for unescorted access or unescorted access authorization; his or her withdrawal of consent for the background investigation; the reason given by the individual for the withdrawal; and any pertinent information collected from the background investigation elements that were completed. This information must be shared with other licensees in accordance with paragraph (o)(6) of this section.

(iii) Licensees, applicants, and contractors or vendors shall inform, in writing, any individual who is applying for unescorted access or unescorted access authorization that the following actions are sufficient cause for denial or unfavorable termination of unescorted access or unescorted access authorization status:

(A) Refusal to provide a signed consent for the background investigation;

(B) Refusal to provide, or the falsification of, any personal history information required under this section, including the failure to report any previous denial or unfavorable termination of unescorted access or unescorted access authorization;

(C) Refusal to provide signed consent for the sharing of personal information with other licensees, applicants, or the contractor or vendors under paragraph (d)(4)(v) of this section; or

(D) Failure to report any arrests or legal actions specified in paragraph (g) of this section.

(2) Personal history disclosure. (i) Any individual who is applying for unescorted access or unescorted access authorization shall disclose the personal history information that is required by the licensee's or applicant's access authorization program, including any information that may be necessary for the reviewing official to make a determination of the individual's trustworthiness and reliability.

(ii) Licensees, applicants, and contractors or vendors shall not require an individual to disclose an administrative withdrawal of unescorted access or unescorted access authorization under the requirements of § 73.56(g), (h)(7), or (i)(1)(v) of this section. However, the individual must disclose this information if the individual's unescorted access or unescorted access authorization is administratively withdrawn at the time he or she is seeking unescorted access or unescorted access authorization, or the individual's unescorted access or unescorted access authorization was subsequently denied or terminated unfavorably by a licensee, applicant, or contractor or vendor.

(3) Verification of true identity. Licensees, applicants, and contractors or vendors shall verify the true identity of an individual who is applying for unescorted access or unescorted access authorization in order to ensure that the applicant is the person that he or she has claimed to be. At a minimum, licensees, applicants, and contractors or vendors shall validate that the social security number that the individual has provided is his or hers, and, in the case of foreign nationals, validate the claimed non-immigration status that the individual has provided is correct. In addition, licensees and applicants shall also determine whether the results of the fingerprinting required under § 73.57 confirm the individual's claimed identity, if such results are available.

(4) Employment history evaluation. Licensees, applicants, and contractors or vendors shall ensure that an employment history evaluation has been completed on a best effort basis, by questioning the individual's present and former employers, and by determining the activities of the individual while unemployed.

(i) For the claimed employment period, the individual must provide the reason for any termination, eligibility for rehire, and other information that could reflect on the individual's trustworthiness and reliability.

(ii) If the claimed employment was military service the individual shall provide a characterization of service, reason for separation, and any disciplinary actions that could affect a trustworthiness and reliability determination.

(iii) If education is claimed in lieu of employment, the individual shall provide any information related to the claimed education that could reflect on the individual's trustworthiness and reliability and, at a minimum, verify that the individual was registered for the classes and received grades that indicate that the individual participated in the educational process during the claimed period.

(iv) If a previous employer, educational institution, or any other entity with which the individual claims to have been engaged fails to provide information or indicates an inability or unwillingness to provide information within 3 business days of the request, the licensee, applicant, or contractor or vendor shall:

(A) Document this refusal or unwillingness in the licensee's, applicant's, or contractor's or vendor's record of the investigation; and

(B) Obtain a confirmation of employment, educational enrollment and attendance, or other form of engagement claimed by the individual from at least one alternate source that has not been previously used.

(v) When any licensee, applicant, contractor, or vendor is seeking the information required for an unescorted access or unescorted access authorization decision under this section and has obtained a signed release from the subject individual authorizing the disclosure of such information, other licensees, applicants, contractors and vendors shall make available the personal or access authorization information requested regarding the denial or unfavorable termination of unescorted access or unescorted access authorization.

(vi) In conducting an employment history evaluation, the licensee, applicant, contractor, or vendor may obtain information and documents by electronic means, including, but not limited to, telephone, facsimile, or e-mail. Licensees, applicants, contractors, or vendors shall make a record of the contents of the telephone call and shall retain that record, and any documents or electronic files obtained electronically, in accordance with paragraph (o) of this section.

(5) Credit history evaluation. Licensees, applicants, contractors and vendors shall ensure that the full credit history of any individual who is applying for unescorted access or unescorted access authorization is evaluated. A full credit history evaluation must include, but is not limited to, an inquiry to detect potential fraud or misuse of social security numbers or other financial identifiers, and a review and evaluation of all of the information that is provided by a national credit-reporting agency about the individual's credit history. For individuals including foreign nationals and United States citizens who have resided outside the United States and do not have established credit history that covers at least the most recent seven years in the United States, the licensee, applicant, contractor or vendor must document all attempts to obtain information regarding the individual's credit history and financial responsibility from some relevant entity located in that other country or countries.

(6) Character and reputation evaluation. Licensees, applicants, contractors, and vendors shall ascertain the character and reputation of an individual who has applied for unescorted access or unescorted access authorization by conducting reference checks. Reference checks may not be conducted with any person who is known to be a close member of the individual's family, including but not limited to, the individual's spouse, parents, siblings, or children, or any individual who resides in the individual's permanent household. The reference checks must focus on the individual's reputation for trustworthiness and reliability.

(7) Criminal history review. The licensee's or applicant's reviewing official shall evaluate the entire criminal history record of an individual who is applying for unescorted access or unescorted access authorization to determine whether the individual has a record of criminal activity that may adversely impact his or her trustworthiness and reliability. A criminal history record must be obtained in accordance with the requirements of § 73.57. For individuals who do not have or are not expected to have unescorted access, a criminal history record of the individual shall be obtained in accordance with the requirements set forth in paragraph (k)(1)(ii) of this section.

(e) Psychological assessment. In order to assist in determining an individual's trustworthiness and reliability, licensees, applicants, contractors or vendors shall ensure that a psychological assessment has been completed before the individual is granted unescorted access or certified unescorted access authorization. Individuals who are applying for initial unescorted access or unescorted access authorization, or who have not maintained unescorted access or unescorted access authorization for greater than 365 days, shall be subject to a psychological assessment. The psychological assessment must be designed to evaluate the possible adverse impact of any noted psychological characteristics on the individual's trustworthiness and reliability.

(1) A licensed psychologist or psychiatrist with the appropriate training and experience shall conduct the psychological assessment.

(2) The psychological assessment must be conducted in accordance with the applicable ethical principles for conducting such assessments established by the American Psychological Association or American Psychiatric Association.

(3) At a minimum, the psychological assessment must include the administration and interpretation of a standardized, objective, professionally-accepted psychological test that provides information to identify indications of disturbances in personality or psychopathology that may have adverse implications for an individual's trustworthiness and reliability. A psychiatrist or psychologist specified in paragraph (e) of this section shall establish the predetermined thresholds for each scale, in accordance with paragraph (e)(2) of this section, that must be applied in interpreting the results of the psychological test to determine whether an individual must be interviewed by a licensed psychiatrist or psychologist, under § 73.56(e)(4)(i) of this section.

(4) The psychological assessment must include a clinical interview:

(i) If an individual's scores on the psychological test in paragraph (e)(3) of this section identify indications of disturbances in personality or psychopathology that may have implications for an individual's trustworthiness and reliability; or

(ii) If the individual is a member of the population that performs one or more job functions that are critical to the safe and secure operation of the licensee's facility, as defined in paragraph (i)(1)(v)(B) of this section.

(5) In the course of conducting a psychological assessment for those individuals who are specified in paragraph (h) of this section for initial unescorted access or unescorted access authorization category, if the licensed psychologist or psychiatrist identifies or discovers any information, including a medical condition, that could adversely impact the individual's fitness for duty or trustworthiness and reliability, the licensee, applicant, or contractor or vendor shall ensure that the psychologist or psychiatrist contact appropriate medical personnel to obtain further information as need for a determination. The results of the evaluation and a recommendation shall be provided to the licensee's or applicant's reviewing official.

(6) During psychological reassessments, if the licensed psychologist or psychiatrist identifies or discovers any information, including a medical condition, that could adversely impact the fitness for duty or trustworthiness and reliability of those individuals who are currently granted unescorted access or certified unescorted access authorization status, he or she shall inform (1) the reviewing official of the discovery within 24 hours of the discovery and (2) the medical personnel designated in the site implementing procedures, who shall ensure that an appropriate evaluation of the possible medical condition is conducted under the requirements of part 26 of this chapter. The results of the evaluation and a recommendation shall be provided to the licensee's or applicant's reviewing official.

(f) Behavioral observation. (1) Licensee and applicant access authorization programs must include a behavioral observation program that is designed to detect behaviors or activities that may constitute an unreasonable risk to the health and safety of the public and common defense and security, including a potential threat to commit radiological sabotage. Licensees, applicants and contractors or vendors must ensure that the individuals specified in paragraph (b)(1) and, if applicable, (b)(2) of this section are subject to behavioral observation.

(2) Each person subject to the behavior observation program shall be responsible for communicating to the licensee or applicant observed behaviors of individuals subject to the requirements of this section. Such behaviors include any behavior of individuals that may adversely affect the safety or security of the licensee's facility or that may constitute an unreasonable risk to the public health and safety or the common defense and security, including a potential threat to commit radiological sabotage.

(i) Licensees, applicants, and contractors or vendors shall ensure that individuals who are subject to this section also successfully complete initial behavioral observation training and requalification behavior observation training as required in paragraphs (f)(2)(ii) and (iii) of this section.

(ii) Behavioral observation training must be:

(A) Completed before the licensee grants unescorted access or certifies unescorted access authorization or an applicant certifies unescorted access authorization, as defined in paragraph (h)(4)(ii) of this section,

(B) Current before the licensee grants unescorted access update or reinstatement or licensee or applicant certifies unescorted access authorization reinstatement as defined in paragraph (h)(4)(ii) of this section, and

(C) Maintained in a current status during any period of time an individual possesses unescorted access or unescorted access authorization in accordance with paragraph (f)(2)(iv) of this section.

(iii) For initial behavioral observation training, individuals shall demonstrate completion by passing a comprehensive examination that addresses the knowledge and abilities necessary to detect behavior or activities that have the potential to constitute an unreasonable risk to the health and safety of the public and common defense and security, including a potential threat to commit radiological sabotage. Remedial training and re-testing are required for individuals who fail to satisfactorily complete the examination.

(iv) Individuals shall complete refresher training on a nominal 12-month frequency, or more frequently where the need is indicated. Individuals may take and pass a comprehensive examination that meets the requirements of paragraph (f)(2)(iii) of this section in lieu of completing annual refresher training.

(v) Initial and refresher training may be delivered using a variety of media, including, but not limited to, classroom lectures, required reading, video, or computer-based training systems. The licensee, applicant, or contractor or vendor shall monitor the completion of training.

(3) Individuals who are subject to an access authorization program under this section shall at a minimum, report any concerns arising from behavioral observation, including, but not limited to, concerns related to any questionable behavior patterns or activities of others to the reviewing official, his or her supervisor, or other management personnel designated in their site procedures. The recipient of the report shall, if other than the reviewing official, promptly convey the report to the reviewing official, who shall reassess the reported individual's unescorted access or unescorted access authorization status. The reviewing official shall determine the elements of the reassessment based on the accumulated information of the individual. If the reviewing official has a reason to believe that the reported individual's trustworthiness or reliability is questionable, the reviewing official shall either administratively withdraw or terminate the individual's unescorted access or unescorted access authorization while completing the re-evaluation or investigation. If the reviewing official determines from the information provided that there is cause for additional action, the reviewing official may inform the supervisor of the reported individual.

(g) Self-reporting of legal actions. (1) Any individual who has applied for unescorted access or unescorted access authorization or is maintaining unescorted access or unescorted access authorization under this section shall promptly report to the reviewing official, his or her supervisor, or other management personnel designated in site procedures any legal action(s) taken by a law enforcement authority or court of law to which the individual has been subject that could result in incarceration or a court order or that requires a court appearance, including but not limited to an arrest, an indictment, the filing of charges, or a conviction, but excluding minor civil actions or misdemeanors such as parking violations or speeding tickets. The recipient of the report shall, if other than the reviewing official, promptly convey the report to the reviewing official. On the day that the report is received, the reviewing official shall evaluate the circumstances related to the reported legal action(s) and re-determine the reported individual's unescorted access or unescorted access authorization status.

(2) The licensee or applicant shall inform the individual of this obligation, in writing, prior to granting unescorted access or certifying unescorted access authorization.

(h) Granting unescorted access and certifying unescorted access authorization. Licensees and applicants shall implement the requirements of this paragraph for granting or certifying initial or reinstated unescorted access or unescorted access authorization. The investigatory information collected to satisfy the requirements of this section for individuals who are being considered for unescorted access or unescorted access authorization shall be valid for a trustworthiness and reliability determination by a licensee or applicant for 30 calendar days.

(1) Determination basis. (i) The licensee's or applicant's reviewing official shall determine whether to grant, certify, deny, unfavorably terminate, maintain, or administratively withdraw an individual's unescorted access or unescorted access authorization status, based on an evaluation of all of the information required by this section.

(ii) The licensee's or applicant's reviewing official may not grant unescorted access or certify unescorted access authorization status to an individual until all of the information required by this section has been evaluated by the reviewing official and the reviewing official has determined that the accumulated information supports a determination of the individual's trustworthiness and reliability. However, the reviewing official may deny or terminate unescorted access or unescorted access authorization of any individual based on disqualifying information even if not all the information required by this section has been collected or evaluated.

(2) Unescorted access for NRC-certified personnel. Licensees and applicants shall grant unescorted access to any individual who has been certified by the Nuclear Regulatory Commission as suitable for such access.

(3) Access denial. Licensees or applicants may not permit an individual, who is identified as having an access-denied status by another licensee subject to this section, or has an access authorization status other than favorably terminated, to enter any nuclear power plant protected area or vital area, under escort or otherwise, or take actions by electronic means that could adversely impact the licensee's or applicant's safety, security, or emergency response or their facilities, under supervision or otherwise, except upon completion of the initial unescorted access authorization process.

(4) Granting unescorted access and certifying unescorted access authorization—(i) Initial unescorted access or unescorted access authorization. In satisfying the requirements of paragraph (h)(1) of this section, for individuals who have never held unescorted access or unescorted access authorization status or whose unescorted access or unescorted access authorization status has been interrupted for a period of 3 years or more, the licensee, applicant, or contractor or vendor shall satisfy the requirements of paragraphs (d), (e), (f), and (g) of this section. In meeting requirements set forth in paragraph (d)(4) of this section, the licensee, applicant, or contractor or vendor shall evaluate the 3 years before the date on which the application for unescorted access was submitted, or since the individual's eighteenth birthday, whichever is shorter. For the 1-year period preceding the date upon which the individual applies for unescorted access or unescorted access authorization, the licensee, applicant or contractor or vendor shall ensure that the employment history evaluation is conducted with every employer, regardless of the length of employment. For the remaining 2-year period, the licensee, applicant, or contractor or vendor shall ensure that the employment history evaluation is conducted with the employer by whom the individual claims to have been employed the longest within each calendar month.

(ii) Interruption of unescorted access or unescorted access authorization. In satisfying the requirements of paragraph (h)(1) of this section, for individuals who have previously been granted unescorted access or unescorted access authorization, but whose access had been terminated under favorable conditions, licensees, applicants or contractors or vendors shall satisfy the requirements of paragraphs (d), (e), (f), and (g) of this section, with consideration of the specific requirements for periods of interruption described below in paragraphs (h)(4)(ii)(A) or (h)(4)(ii)(B) of this section, as applicable. However, for individuals whose unescorted access or unescorted access authorization was interrupted for less than or equal to 30 calendar days, licensees, applicants, or contractors or vendors must only satisfy the requirements set forth in paragraphs (d)(1), (d)(2), and (d)(3) of this section. The applicable periods of interruption are determined by the number of calendar days between the day after the individual's access was terminated and the day upon which the individual applies for unescorted access or unescorted access authorization.

(A) Update of unescorted access or unescorted access authorization. For individuals whose last unescorted access or unescorted access authorization status has been interrupted for more than 30 calendar days but less than or equal to 365 calendar days, the licensee, applicant or contractor or vendor shall complete the individual's employment history evaluation in accordance with the requirements of paragraph (d)(4) of this section, within 5 business days after reinstatement. The licensee, applicant, or contractor or vendor shall ensure that the employment history evaluation has been conducted with the employer by whom the individual claims to have been employed the longest within the calendar month. However, if the employment history evaluation is not completed within 5 business days of reinstatement due to circumstances that are outside of the licensee's, applicant's, or contractor's or vendor's control and the licensee or applicant, contractor or vendor is not aware of any potentially disqualifying information regarding the individual within the past 5 years, the licensee may extend the individual's unescorted access an additional 5 business days. If the employment history evaluation is not completed within this extended 5 business days, the licensee shall administratively withdraw unescorted access and complete the employment history evaluation in accordance with § 73.56(d)(4) of this section. For re-certification of unescorted access authorization, prior to re-certification of unescorted access authorization status of an individual, the licensee or applicant shall complete all the elements stated above including drug screening and employment evaluation.

(B) Reinstatement of unescorted access or unescorted access authorization. For individuals whose last unescorted access or unescorted access authorization status has been interrupted for greater than 365 calendar days but fewer than 3 years the licensee, applicant or contractor or vendor shall evaluate the period of time since the individual last held unescorted access or unescorted access authorization status, up to and including the day the individual applies for re-instated unescorted access authorization. For the 1-year period preceding the date upon which the individual applies for unescorted access authorization, the licensee, applicant, or contractor or vendor shall ensure that the employment history evaluation is conducted with every employer, regardless of the length of employment. For the remaining period, the licensee, applicant or contractor or vendor shall ensure that the employment history evaluation is conducted with the employer by whom the individual claims to have been employed the longest within each calendar month. In addition, the individual shall be subject to the psychological assessment required in § 73.56(e).

(5) Accepting unescorted access authorization from other access authorization programs. Licensees who are seeking to grant unescorted access or certify unescorted access authorization or applicants who are seeking to certify unescorted access authorization to an individual who is subject to another access authorization program or another access authorization program that complies with this section may rely on those access authorization programs or access authorization program elements to comply with the requirements of this section. However, the licensee who is seeking to grant unescorted access or the licensee or applicant who is seeking to certify unescorted access authorization shall ensure that the program elements to be accepted have been maintained consistent with the requirements of this section by the other access authorization program.

(6) Information sharing. To meet the requirements of this section, licensees, applicants, and contractors or vendors may rely upon the information that other licensees, applicants, and contractors or vendors who are also subject to this section, have gathered about individuals who have previously applied for unescorted access or unescorted access authorization, and developed about individuals during periods in which the individuals maintained unescorted access or unescorted access authorization status.

(i) Maintaining unescorted access or unescorted access authorization.

(1) Individuals may maintain unescorted access or unescorted access authorization status under the following conditions:

(i) The individual remains subject to a behavioral observation program that complies with the requirements of § 73.56(f) of this section.

(ii) The individual successfully completes behavioral observation refresher training or testing on the nominal 12-month frequency required in § 73.56(f)(2)(ii) of this section.

(iii) The individual complies with the licensee's or applicant's access authorization program policies and procedures to which he or she is subject, including the self-reporting of legal actions responsibility specified in paragraph (g) of this section.

(iv) The individual is subject to an annual (within 365 calendar days) supervisory review conducted in accordance with the requirements of the licensee's or applicant's behavioral observation program. The individual shall be subject to a supervisory interview in accordance with the requirements of the licensee's or applicant's behavioral observation program, if the supervisor does not have the frequent interaction with the individual throughout the review period needed to form an informed and reasonable opinion regarding the individual's behavior, trustworthiness, and reliability.

(v) The licensee's or applicant's reviewing official determines that the individual continues to be trustworthy and reliable. This determination must, at a minimum, be based on the following:

(A) A criminal history update and credit history re-evaluation for any individual with unescorted access. The criminal history update and credit history re-evaluation must be completed within 5 years of the date on which these elements were last completed.

(B) For individuals who perform one or more of the job functions described in this paragraph, the trustworthiness and reliability determination must be based on a criminal history update and credit history re-evaluation within three years of the date on which these elements were last completed, or more frequently, based on job assignment as determined by the licensee or applicant, and a psychological re-assessment within 5 years of the date on which this element was last completed:

(1) Individuals who have extensive knowledge of defensive strategies and design and/or implementation of the plant's defense strategies, including—

(i) Site security supervisors;

(ii) Site security managers;

(iii) Security training instructors; and

(iv) Corporate security managers;

(2) Individuals in a position to grant an applicant unescorted access or unescorted access authorization, including site access authorization managers;

(3) Individuals assigned a duty to search for contraband or other items that could be used to commit radiological sabotage (i.e., weapons, explosives, incendiary devices);

(4) Individuals who have access, extensive knowledge, or administrative control over plant digital computer and communication systems and networks as identified in § 73.54, including—

(i) Plant network systems administrators;

(ii) IT personnel who are responsible for securing plant networks; or

(5) Individuals qualified for and assigned duties as: armed security officers, armed responders, alarm station operators, response team leaders, and armorers as defined in the licensee's or applicant's Physical Security Plan; and reactor operators, senior reactor operators and non-licensed operators. Non-licensed operators include those individuals responsible for the operation of plant systems and components, as directed by a reactor operator or senior reactor operator. A non-licensed operator also includes individuals who monitor plant instrumentation and equipment and principally perform their duties outside of the control room.

(C) The criminal history update and the credit history re-evaluation shall be completed within 30 calendar days of each other.

(vi) If the criminal history update, credit history re-evaluation, psychological re-assessment, if required, and supervisory review and interview, if applicable, have not been completed and the information evaluated by the reviewing official within the time frame specified under paragraph (v) of this section, the licensee or applicant shall administratively withdraw the individual's unescorted access or unescorted access authorization until these requirements have been met.

(2) If an individual who has unescorted access or unescorted access authorization status is not subject to an access authorization program that meets the requirements of this part for more than 30 continuous days, then the licensee or applicant shall terminate the individual's unescorted access or unescorted access authorization status and the individual shall meet the requirements in this section, as applicable, to regain unescorted access or unescorted access authorization.

(j) Access to vital areas. Licensees or applicants shall establish, implement, and maintain a list of individuals who are authorized to have unescorted access to specific nuclear power plant vital areas during non-emergency conditions. The list must include only those individuals who have a continued need for access to those specific vital areas in order to perform their duties and responsibilities. The list must be approved by a cognizant licensee or applicant manager or supervisor who is responsible for directing the work activities of the individual who is granted unescorted access to each vital area, and updated and re-approved no less frequently than every 31 days.

(k) Trustworthiness and reliability of background screeners and access authorization program personnel. Licensees, applicants, and contractors or vendors shall ensure that any individual who collects, processes, or has access to personal information that is used to make unescorted access or unescorted access authorization determinations under this section has been determined to be trustworthy and reliable.

(1) Background screeners. Licensees, applicants, and contractors or vendors who rely on individuals who are not directly under their control to collect and process information that will be used by a reviewing official to make unescorted access or unescorted access authorization determinations shall ensure that a trustworthiness and reliability evaluation of such individuals has been completed to support a determination that such individuals are trustworthy and reliable. At a minimum, the following checks are required:

(i) Verify the individual's true identity as specified in paragraph (d)(3) of this section;

(ii) A local criminal history review and evaluation based on information obtained from an appropriate State or local court or agency in which the individual resided;

(iii) A credit history review and evaluation;

(iv) An employment history review and evaluation covering the past 3 years; and

(v) An evaluation of character and reputation.

(2) Access authorization program personnel. Licensees, applicants, and contractors or vendors shall ensure that any individual who evaluates personal information for the purpose of processing applications for unescorted access or unescorted access authorization, including but not limited to a psychologist or psychiatrist who conducts psychological assessments under § 73.56(e), has access to the files, records, and personal information associated with individuals who have applied for unescorted access or unescorted access authorization, or is responsible for managing any databases that contain such files, records, and personal information has been determined to be trustworthy and reliable, as follows:

(i) The individual is subject to an access authorization program that meets the requirements of this section; or

(ii) The licensee, applicant, and contractor or vendor determines that the individual is trustworthy and reliable based upon an evaluation that meets the requirements of § 73.56(d)(1) through (d)(6) and (e) and either a local criminal history review and evaluation as specified in § 73.56(k)(1)(ii) or a criminal history check that meets the requirements of § 73.56(d)(7).

(l) Review procedures. Each licensee and applicant shall include a procedure for the notification of individuals who are denied unescorted access, unescorted access authorization, or who are unfavorably terminated. Additionally, procedures must include provisions for the review, at the request of the affected individual, of a denial or unfavorable termination of unescorted access or unescorted access authorization that may adversely affect employment. The procedure must contain a provision to ensure the individual is informed of the grounds for the denial or unfavorable termination and allow the individual an opportunity to provide additional relevant information and an opportunity for an objective review of the information upon which the denial or unfavorable termination of unescorted access or unescorted access authorization was based. The procedure must provide for an impartial and independent internal management review. Licensees and applicants shall not grant unescorted access or certify unescorted access authorization, or permit the individual to maintain unescorted access or unescorted access authorization during the review process.

(m) Protection of information. Each licensee, applicant, contractor, or vendor shall establish and maintain a system of files and procedures to ensure personal information is not disclosed to unauthorized persons.

(1) Licensees, applicants and contractors or vendors shall obtain signed consent from the subject individual that authorizes the disclosure of any information collected and maintained under this section before disclosing the information, except for disclosures to the following individuals:

(i) The subject individual or his or her representative, when the individual has designated the representative in writing for specified unescorted access authorization matters;

(ii) NRC representatives;

(iii) Appropriate law enforcement officials under court order;

(iv) A licensee's, applicant's, or contractor's or vendor's representatives who have a need to have access to the information in performing assigned duties, including determinations of trustworthiness and reliability and audits of access authorization programs;

(v) The presiding officer in a judicial or administrative proceeding that is initiated by the subject individual;

(vi) Persons deciding matters under the review procedures in paragraph (k) of this section; or

(vii) Other persons pursuant to court order.

(2) All information pertaining to a denial or unfavorable termination of the individual's unescorted access or unescorted access authorization shall be promptly provided, upon receipt of a written request by the subject individual or his or her designated representative as designated in writing. The licensee or applicant may redact the information to be released to the extent that personal privacy information, including the name of the source of the information is withheld.

(3) A contract with any individual or organization who collects and maintains personal information that is relevant to an unescorted access or unescorted access authorization determination must require that such records be held in confidence, except as provided in paragraphs (m)(1) through (m)(2) of this section.

(4) Licensees, applicants, or contractors or vendors and any individual or organization who collects and maintains personal information on behalf of a licensee, applicant, or contractor or vendor, shall establish, implement, and maintain a system and procedures for the secure storage and handling of the information collected.

(n) Audits and corrective action. Each licensee and applicant shall be responsible for the continuing effectiveness of the access authorization program, including access authorization program elements that are provided by the contractors or vendors, and the access authorization programs of any of the contractors or vendors that are accepted by the licensee or applicant. Each licensee, applicant, and contractor or vendor shall ensure that access authorization programs and program elements are audited to confirm compliance with the requirements of this section and those comprehensive actions are taken to correct any non-conformance that is identified.

(1) Each licensee and applicant shall ensure that its entire access authorization program is audited nominally every 24 months. Licensees, applicants and contractors or vendors are responsible for determining the appropriate frequency, scope, and depth of additional auditing activities within the nominal 24-month period based on the review of program performance indicators, such as the frequency, nature, and severity of discovered problems, personnel or procedural changes, and previous audit findings.

(2) Access authorization program services that are provided to a licensee or applicant by contractor or vendor personnel who are off site or are not under the direct daily supervision or observation of the licensee's or applicant's personnel must be audited by the licensee or applicant on a nominal 12-month frequency. In addition, any access authorization program services that are provided to contractors or vendors by subcontractor personnel who are off site or are not under the direct daily supervision or observation of the contractor's or vendor's personnel must be audited by the licensee or applicant on a nominal 12-month frequency.

(3) Licensee's and applicant's contracts with contractors or vendors must reserve the licensee's or applicant's right to audit the contractors or vendors and the contractor's or vendor's subcontractors providing access authorization program services at any time, including at unannounced times, as well as to review all information and documentation that is reasonably relevant to the performance of the program.

(4) Licensee's and applicant's contracts with the contractors or vendors, and contractors' or vendors' contracts with subcontractors, must also require that the licensee or applicant shall be provided access to and be permitted to take away copies of any documents or data that may be needed to assure that the contractor or vendor and its subcontractors are performing their functions properly and that staff and procedures meet applicable requirements.

(5) Audits must focus on the effectiveness of the access authorization program or program element(s), as appropriate. At least one member of the licensee or applicant audit team shall be a person who is knowledgeable of and practiced with meeting the performance objectives and requirements of the access authorization program or program elements being audited. The individuals performing the audit of the access authorization program or program element(s) shall be independent from both the subject access authorization programs' management and from personnel who are directly responsible for implementing the access authorization program or program elements being audited.

(6) The results of the audits, along with any recommendations, must be documented in the site corrective action program in accordance with § 73.55(b)(10) and reported to senior management having responsibility in the area audited and to management responsible for the access authorization program. Each audit report must identify conditions that are adverse to the proper performance of the access authorization program, the cause of the condition(s), and, when appropriate, recommended corrective actions, and corrective actions taken. The licensee, applicant, or contractor or vendor shall review the audit findings and take any additional corrective actions, to include re-auditing of the deficient areas where indicated, to preclude repetition of the condition.

(7) Licensees and applicants may jointly conduct audits, or may accept audits of the contractors or vendors that were conducted by other licensees and applicants who are subject to this section, if the audit addresses the services obtained from the contractor or vendor by each of the sharing licensees and applicants. The contractors or vendors may jointly conduct audits, or may accept audits of its subcontractors that were conducted by other licensees, applicants, or contractors or vendors who are subject to this section, if the audit addresses the services obtained from the subcontractor by each of the sharing licensees, applicants, and the contractors or vendors.

(i) Licensees, applicants, and contractors or vendors shall review audit records and reports to identify any areas that were not covered by the shared or accepted audit and ensure that authorization program elements and services upon which the licensee, applicant, or contractor or vendor relies are audited, if the program elements and services were not addressed in the shared audit.

(ii) Sharing licensees and applicants need not re-audit the same contractor or vendor for the same time. Sharing contractors or vendors need not re-audit the same subcontractor for the same time.

(iii) Sharing licensees, applicants, and contractors or vendors shall maintain a copy of the shared audits, including findings, recommendations, and corrective actions.

(o) Records. Licensee, applicants, and contractors or vendors shall maintain the records that are required by the regulations in this section for the period specified by the appropriate regulation. If a retention period is not otherwise specified, these records must be retained until the Commission terminates the facility's license, certificate, or other regulatory approval.

(1) Records may be stored and archived electronically, provided that the method used to create the electronic records meets the following criteria:

(i) Provides an accurate representation of the original records;

(ii) Prevents unauthorized access to the records;

(iii) Prevents the alteration of any archived information and/or data once it has been committed to storage; and

(iv) Permits easy retrieval and re-creation of the original records.

(2) Licensees and applicants who are subject to this section shall retain the following records:

(i) Records of the information that must be collected under paragraphs (d) and (e) of this section that results in the granting of unescorted access or certifying of unescorted access authorization for at least 5 years after the licensee or applicant terminates or denies an individual's unescorted access or unescorted access authorization or until the completion of all related legal proceedings, whichever is later;

(ii) Records pertaining to denial or unfavorable termination of unescorted access or unescorted access authorization and related management actions for at least 5 years after the licensee or applicant terminates or denies an individual's unescorted access or unescorted access authorization or until the completion of all related legal proceedings, whichever is later; and

(iii) Documentation of the granting and termination of unescorted access or unescorted access authorization for at least 5 years after the licensee or applicant terminates or denies an individual's unescorted access or unescorted access authorization or until the completion of all related legal proceedings, whichever is later. Contractors or vendors may maintain the records that are or were pertinent to granting, certifying, denying, or terminating unescorted access or unescorted access authorization that they collected for licensees or applicants. If the contractors or vendors maintain the records on behalf of a licensee or an applicant, they shall follow the record retention requirement specified in this section. Upon termination of a contract between the contractor and vendor and a licensee or applicant, the contractor or vendor shall provide the licensee or applicant with all records collected for the licensee or applicant under this chapter.

(3) Licensees, applicants, and contractors or vendors shall retain the following records for at least 3 years or until the completion of all related proceedings, whichever is later:

(i) Records of behavioral observation training conducted under paragraph (f)(2) of this section; and

(ii) Records of audits, audit findings, and corrective actions taken under paragraph (n) of this section.

(4) Licensees, applicants, and contractors or vendors shall retain written agreements for the provision of services under this section, for three years after termination or completion of the agreement, or until completion of all proceedings related to a denial or unfavorable termination of unescorted access or unescorted access authorization that involved those services, whichever is later.

(5) Licensees, applicants, and contractors or vendors shall retain records of the background investigations, psychological assessments, supervisory reviews, and behavior observation program actions related to access authorization program personnel, conducted under paragraphs (d) and (e) of this section, for the length of the individual's employment by or contractual relationship with the licensee, applicant, or the contractor or vendor and three years after the termination of employment, or until the completion of any proceedings relating to the actions of such access authorization program personnel, whichever is later.

(6) Licensees, applicants, and the contractors or vendors who have been authorized to add or manipulate data that is shared with licensees subject to this section shall ensure that data linked to the information about individuals who have applied for unescorted access or unescorted access authorization, which is specified in the licensee's or applicant's access authorization program documents, is retained.

(i) If the shared information used for determining individual's trustworthiness and reliability changes or new or additional information is developed about the individual, the licensees, applicants, and the contractors or vendors that acquire this information shall correct or augment the data and ensure it is shared with licensees subject to this section. If the changed, additional or developed information has implications for adversely affecting an individual's trustworthiness and reliability, the licensee, applicant, or the contractor or vendor who discovered or obtained the new, additional or changed information, shall, on the day of discovery, inform the reviewing official of any licensee or applicant access authorization program under which the individual is maintaining his or her unescorted access or unescorted access authorization status of the updated information.

(ii) The reviewing official shall evaluate the shared information and take appropriate actions, which may include denial or unfavorable termination of the individual's unescorted access authorization. If the notification of change or updated information cannot be made through usual methods, licensees, applicants, and the contractors or vendors shall take manual actions to ensure that the information is shared as soon as reasonably possible. Records maintained in any database(s) must be available for NRC review.

(7) If a licensee or applicant administratively withdraws an individual's unescorted access or unescorted access authorization status caused by a delay in completing any portion of the background investigation or for a licensee or applicant initiated evaluation, or re-evaluation that is not under the individual's control, the licensee or applicant shall record this administrative action to withdraw the individual's unescorted access or unescorted access authorization with other licensees subject to this section. However, licensees and applicants shall not document this administrative withdrawal as denial or unfavorable termination and shall not respond to a suitable inquiry conducted under the provisions of 10 CFR parts 26, a background investigation conducted under the provisions of this section, or any other inquiry or investigation as denial nor unfavorable termination. Upon favorable completion of the background investigation element that caused the administrative withdrawal, the licensee or applicant shall immediately ensure that any matter that could link the individual to the administrative action is eliminated from the subject individual's access authorization or personnel record and other records, except if a review of the information obtained or developed causes the reviewing official to unfavorably terminate or deny the individual's unescorted access.

(a) General. (1) Each licensee who is authorized to engage in an activity subject to regulation by the Commission shall comply with the requirements of this section.

(2) Each applicant for a license to engage in an activity subject to regulation by the Commission, as well as each entity who has provided written notice to the Commission of intent to file an application for licensing, certification, permitting, or approval of a product subject to regulation by the Commission shall submit fingerprints for those individuals who will have access to Safeguards Information.

(3) Before receiving its operating license under 10 CFR part 50 or before the Commission makes its finding under § 52.103(g) of this chapter, each applicant for a license to operate a nuclear power reactor (including an applicant for a combined license) or a non-power reactor may submit fingerprints for those individuals who will require unescorted access to the nuclear power facility or non-power reactor facility.

(b) General performance objective and requirements. (1) Except those listed in paragraph (b)(2) of this section, each licensee subject to the provisions of this section shall fingerprint each individual who is permitted unescorted access to the nuclear power facility, the non-power reactor facility in accordance with paragraph (g) of this section, or access to Safeguards Information. The licensee will then review and use the information received from the Federal Bureau of Investigation (FBI) and, based on the provisions contained in this section, determine either to continue to grant or to deny further unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information for that individual. Individuals who do not have unescorted access or access to Safeguards Information shall be fingerprinted by the licensee and the results of the criminal history records check shall be used before making a determination for granting unescorted access to the nuclear power facility, non-power reactor facility, or to Safeguards Information.

(2) Licensees need not fingerprint in accordance with the requirements of this section for the following categories:

(i) For unescorted access to the nuclear power facility or the non-power reactor facility (but must adhere to provisions contained in §§ 73.21 and 73.22): NRC employees and NRC contractors on official agency business; individuals responding to a site emergency in accordance with the provisions of § 73.55(a); offsite emergency response personnel who are responding to an emergency at a non-power reactor facility; a representative of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement at designated facilities who has been certified by the NRC; law enforcement personnel acting in an official capacity; Federal, State or local government employees who have had equivalent reviews of FBI criminal history data; and individuals employed at a facility who possess “Q” or “L” clearances or possess another active government granted security clearance (i.e., Top Secret, Secret, or Confidential);

(ii) For access to Safeguards Information only but must adhere to provisions contained in §§ 73.21, 73.22, and 73.23: the categories of individuals specified in 10 CFR 73.59.

(iii) Any licensee currently processing criminal history requests through the FBI pursuant to Executive Order 13467, as amended by Executive Order 13764, need not also submit such requests to the NRC under this section; and

(iv) Upon further notice to licensees and without further rulemaking, the Commission may waive certain requirements of this section on a temporary basis.

(v) Individuals who have a valid unescorted access authorization to a non-power reactor facility on November 7, 2012 are not required to undergo a new fingerprint-based criminal history records check pursuant to paragraph (g) of this section, until such time that the existing authorization expires, is terminated, or is otherwise to be renewed.

(3) The licensee shall notify each affected individual that the fingerprints will be used to secure a review of his/her criminal history record, and inform the individual of proper procedures for revising the record or including explanation in the record.

(4) Fingerprinting is not required if the licensee is reinstating the unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information granted an individual if:

(i) The individual returns to the same nuclear power utility or non-power reactor facility that granted access and such access has not been interrupted for a continuous period of more than 365 days; and

(ii) The previous access was terminated under favorable conditions.

(5) Fingerprints need not be taken, in the discretion of the licensee, if an individual who is an employee of a licensee, contractor, manufacturer, or supplier has been granted unescorted access to a nuclear power facility, a non-power reactor facility, or to Safeguards Information by another licensee, based in part on a criminal history records check under this section. The criminal history records check file may be transferred to the gaining licensee in accordance with the provisions of paragraph (f)(3) of this section.

(6) All fingerprints obtained by the licensee under this section must be submitted to the Attorney General of the United States through the Commission.

(7) The licensee shall review the information received from the Attorney General and consider it in making a determination for granting unescorted access to the individual or access to Safeguards Information.

(8) A licensee shall use the information obtained as part of a criminal history records check solely for the purpose of determining an individual's suitability for unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information.

(c) Prohibitions. (1) A licensee may not base a final determination to deny an individual unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information solely on the basis of information received from the FBI involving:

(i) An arrest more than 1 year old for which there is no information of the disposition of the case; or

(ii) An arrest that resulted in dismissal of the charge or an acquittal.

(2) A licensee may not use information received from a criminal history check obtained under this section in a manner that would infringe upon the rights of any individual under the First Amendment to the Constitution of the United States, nor shall the licensee use the information in any way which would discriminate among individuals on the basis of race, religion, national origin, sex, or age.

(d) Procedures for processing of fingerprint checks. (1) For the purpose of complying with this section, licensees shall, using an appropriate method listed in § 73.4, submit to the NRC's Division of Physical and Cyber Security Policy, Mail Stop T-07D04M , one completed, legible standard fingerprint card (Form FD-258, ORIMDNRCOOOZ) or, where practicable, other fingerprint records for each individual requiring unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information, to the Director of the NRC's Division of Physical and Cyber Security Policy, marked for the attention of the Division's Criminal History Check Section. Copies of these forms may be obtained by writing the Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, by calling 301-415-5877, or by email to [email protected]. Guidance on what alternative formats might be practicable is referenced in § 73.4. The licensee shall establish procedures to ensure that the quality of the fingerprints taken results in minimizing the rejection rate of fingerprint cards due to illegible or incomplete cards.

(2) The Commission will review applications for criminal history checks for completeness. Any Form FD-258 or other fingerprint record containing omissions or evident errors will be returned to the licensee for corrections. The fee for processing fingerprint checks includes one free resubmission if the initial submission is returned by the FBI because the fingerprint impressions cannot be classified. The one free resubmission must have the FBI Transaction Control Number reflected on the resubmission. If additional submissions are necessary, they will be treated as an initial submittal and require a second payment of the processing fee. The payment of a new processing fee entitles the submitter to an additional free resubmittal, if necessary. Previously rejected submissions may not be included with the third submission because the submittal will be rejected automatically.

(3)(i) Fees for the processing of fingerprint checks are due upon application. Licensees shall submit payment with the application for the processing of fingerprints, and payment must be made payable to the U.S. Nuclear Regulatory Commission. The payments are to be made in U.S. funds using the electronic payment methods accepted at www.Pay.gov. (For guidance on making payments, contact the Criminal history Program, Division of Physical and Cyber Security Policy at 301-415-7513). Combined payment for multiple applications is acceptable.

(ii) The application fee is the sum of the user fee charged by the FBI for each fingerprint card or other fingerprint record submitted by the NRC on behalf of a licensee, and an administrative processing fee assessed by the NRC. The NRC processing fee covers administrative costs associated with NRC handling of licensee fingerprint submissions. The Commission publishes the amount of the fingerprint records check application fee on the NRC public Web site. (To find the current fee amount, go to the Electronic Submittals page at http://www.nrc.gov/site-help/e-submittals.html and see the link for the Criminal History Program.) The Commission will directly notify licensees who are subject to this regulation of any fee changes.

(4) The Commission will forward to the submitting licensee all data received from the FBI as a result of the licensee's application(s) for criminal history checks, to include the FBI fingerprint record.

(e) Right to correct and complete information. (1) Prior to any final adverse determination, the licensee shall make available to the individual the contents of records obtained from the FBI for the purpose of assuring correct and complete information. Confirmation of receipt by the individual of this notification must be maintained by the licensee for a period of 1 year from the date of the notification.

(2) If after reviewing the record, an individual believes that it is incorrect or incomplete in any respect and wishes changes, corrections, or updating (of the alleged deficiency), or to explain any matter in the record, the individual may initiate challenge procedures. These procedures include direct application by the individual challenging the record to the agency, i.e., law enforcement agency, that contributed the questioned information or direct challenge as to the accuracy or completeness of any entry on the criminal history record to the Federal Bureau of Investigation Criminal Investigative Services Division, 1000 Custer Hollow Road, Clarksburg, WV 26537-9700 as set forth in 28 CFR 16.30 through 16.34. In the latter case, the FBI then forwards the challenge to the agency that submitted the data requesting that agency to verify or correct the challenged entry. Upon receipt of an official communication directly from the agency that contributed the original information, the FBI Criminal Justice Information Services Division makes any changes necessary in accordance with the information supplied by that agency. Licensees must provide at least 10 days for an individual to initiate action to challenge the results of an FBI criminal history records check after the record being made available for his/her review. The licensee may make a final adverse determination based upon the criminal history record, if applicable, only upon receipt of the FBI's confirmation or correction of the record.

(3) In addition to the right to obtain records from the FBI in paragraph (e)(1) of this section and the right to initiate challenge procedures in paragraph (e)(2) of this section, an individual participating in an NRC adjudication and seeking to obtain Safeguards Information for use in that adjudication may appeal a final adverse determination by the NRC Office of Administration to the presiding officer of the proceeding. The request may also seek to have the Chief Administrative Judge designate an officer other than the presiding officer of the proceeding to review the adverse determination.

(f) Protection of information. (1) Each licensee who obtains a criminal history record on an individual under this section shall establish and maintain a system of files and procedures for protection of the record and the personal information from unauthorized disclosure.

(2) The licensee may not disclose the record or personal information collected and maintained to persons other than the subject individual, his/her representative, or to those who have a need to have access to the information in performing assigned duties in the process of granting or denying unescorted access to the nuclear power facility, the non-power reactor facility or access to Safeguards Information. No individual authorized to have access to the information may re-disseminate the information to any other individual who does not have a need to know.

(3) The personal information obtained on an individual from a criminal history record check may be transferred to another licensee:

(i) Upon the individual's written request to the licensee holding the data to re-disseminate the information contained in his/her file; and

(ii) The gaining licensee verifies information such as name, date of birth, social security number, sex, and other applicable physical characteristics for identification.

(4) The licensee shall make criminal history records obtained under this section available for examination by an authorized representative of the NRC to determine compliance with the regulations and laws.

(5) The licensee shall retain all fingerprint and criminal history records received from the FBI, or a copy if the individual's file has been transferred, on an individual (including data indicating no record) for one year after termination or denial of unescorted access to the nuclear power facility, the non-power reactor facility, or access to Safeguards Information.

(g) Fingerprinting requirements for unescorted access for non-power reactor licensees. (1) No person shall be permitted unescorted access to a non-power reactor facility unless that person has been determined by an NRC-approved reviewing official to be trustworthy and reliable based on the results of an FBI fingerprint-based criminal history records check obtained in accordance with this paragraph. The reviewing official is required to have unescorted access in accordance with this section or access to Safeguards Information.

(2) Each non-power reactor licensee subject to the requirements of this section shall obtain the fingerprints for a criminal history records check for each individual who is seeking or permitted:

(i) Unescorted access to vital areas of the non-power reactor facility; or

(ii) Unescorted access to special nuclear material in the non-power reactor facility provided the individual who is seeking or permitted unescorted access possesses the capability and knowledge to make unauthorized use of the special nuclear material in the non-power reactor facility or to remove the special nuclear material from the non-power reactor in an unauthorized manner.

(a) Each operating nuclear power reactor licensee with a license issued under part 50 or 52 of this chapter shall comply with the requirements of this section.

(b) The licensee shall assess and manage the potential for adverse effects on safety and security, including the site emergency plan, before implementing changes to plant configurations, facility conditions, or security.

(c) The scope of changes to be assessed and managed must include planned and emergent activities (such as, but not limited to, physical modifications, procedural changes, changes to operator actions or security assignments, maintenance activities, system reconfiguration, access modification or restrictions, and changes to the security plan and its implementation).

(d) Where potential conflicts are identified, the licensee shall communicate them to appropriate licensee personnel and take compensatory and/or mitigative actions to maintain safety and security under applicable Commission regulations, requirements, and license conditions.

Fingerprinting, and the identification and criminal history records checks required by section 149 of the Atomic Energy Act of 1954, as amended, and other elements of background checks are not required for the following individuals prior to granting access to Safeguards Information, including Safeguards Information designated as Safeguards Information-Modified Handling as defined in 10 CFR 73.2:

(a) An employee of the Commission or the Executive Branch of the United States government who has undergone fingerprinting for a prior U.S. government criminal history records check;

(b) A member of Congress;

(c) An employee of a member of Congress or Congressional committee who has undergone fingerprinting for a prior U.S. government criminal history records check;

(d) The Comptroller General or an employee of the Government Accountability Office who has undergone fingerprinting for a prior U.S. Government criminal history records check;

(e) The Governor of a State or his or her designated State employee representative;

(f) A representative of a foreign government organization that is involved in planning for, or responding to, nuclear or radiological emergencies or security incidents who the Commission approves for access to Safeguards Information, including Safeguards Information designated as Safeguards Information—Modified Handling;

(g) Federal, State, or local law enforcement personnel;

(h) State Radiation Control Program Directors and State Homeland Security Advisors or their designated State employee representatives;

(i) Agreement State employees conducting security inspections on behalf of the NRC pursuant to an agreement executed under section 274.i. of the Atomic Energy Act of 1954, as amended;

(j) Representatives of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement who have been certified by the NRC;

(k) Any agent, contractor, or consultant of the aforementioned persons who has undergone equivalent criminal history records and background checks to those required by 10 CFR 73.22(b) or 73.23(b).

(l) Tribal official or the Tribal official's designated representative, and Tribal law enforcement personnel.

Each nonpower reactor licensee who, pursuant to the requirements of part 70 of this chapter, possesses at any site or contiguous sites subject to control by the licensee uranium-235 (contained in uranium enriched to 20 percent or more in the U-235 isotope), uranium-233, or plutonium, alone or in any combination in a quantity of 5000 grams or more computed by the formula, grams = (grams contained U-235) + 2.5 (grams U-233 + grams plutonium), shall protect the special nuclear material from theft or diversion pursuant to the requirements of paragraphs 73.67 (a), (b), (c), and (d), in addition to this section, except that a licensee is exempt from the requirements of paragraphs (a), (b), (c), (d), and (e) of this section to the extent that it possesses or uses special nuclear material that is not readily separable from other radioactive material and that has a total external radiation level in excess of 1 gray (100 rad) per hour at a distance of 1 meter (3.3 feet) from any accessible surface without intervening shielding.

(a) Access requirements. (1) Special nuclear material shall be stored or processed only in a material access area. No activities other than those which require access to special nuclear material or equipment employed in the process, use, or storage of special nuclear material, shall be permitted within a material access area.

(2) Material access areas shall be located only within a protected area to which access is controlled.

(3) Special nuclear material not in process shall be stored in a vault equipped with an intrusion alarm or in a vault-type room, and each such vault or vault-type room shall be controlled as a separate material access area.

(4) Enriched uranium scrap in the form of small pieces, cuttings, chips, solutions or in other forms which result from a manufacturing process, contained in 30-gallon or larger containers, with a uranium-235 content of less than 0.25 grams per liter, may be stored within a locked and separately fenced area which is within a larger protected area provided that the storage area is no closer than 25 feet to the perimeter of the protected area. The storage area when unoccupied shall be protected by a guard or watchman who shall patrol at intervals not exceeding 4 hours, or by intrusion alarms.

(5) Admittance to a material access area shall be under the control of authorized individuals and limited to individuals who require such access to perform their duties.

(6) Prior to entry into a material access area, packages shall be searched for devices such as firearms, explosives, incendiary devices, or counterfeit substitute items which could be used for theft or diversion of special nuclear material.

(7) Methods to observe individuals within material access areas to assure that special nuclear material is not diverted shall be provided and used on a continuing basis.

(b) Exit requirement. Each individual, package, and vehicle shall be searched for concealed special nuclear material before exiting from a material access area unless exit is into a contiguous material access area. The search may be carried out by a physical search or by use of equipment capable of detecting the presence of concealed special nuclear material.

(c) Detection aid requirement. Each unoccupied material access area shall be locked and protected by an intrusion alarm on active status. All emergency exits shall be continuously alarmed.

(d) Testing and maintenance. Each licensee shall test and maintain intrusion alarms, physical barriers, and other devices utilized pursuant to the requirements of this section as follows:

(1) Intrusion alarms, physical barriers, and other devices used for material protection shall be maintained in operable condition.

(2) Each intrusion alarm shall be inspected and tested for operability and required functional performance at the beginning and end of each interval during which it is used for material protection, but not less frequently than once every seven (7) days.

(e) Response requirement. Each licensee shall establish, maintain, and follow an NRC-approved safeguards contingency plan for responding to threats, thefts, and radiological sabotage related to the special nuclear material and nuclear facilities subject to the provisions of this section. Safeguards contingency plans must be in accordance with the criteria in Appendix C to this part, “Licensee Safeguards Contingency Plans.”

(f) In addition to the fixed-site requirements set forth in this section and in § 73.67, the Commission may require, depending on the individual facility and site conditions, any alternate or additional measures deemed necessary to protect against radiological sabotage at nonpower reactors licensed to operate at or above a power level of 2 megawatts thermal.

Notwithstanding any other provision of the Commission's regulations, fingerprinting and the identification and criminal history records checks required by section 149 of the Atomic Energy Act of 1954, as amended, are not required for the following individuals prior to granting unescorted access to radioactive materials or other property that the Commission determines by regulation or order to be of such significance to the public health and safety or the common defense and security as to warrant fingerprinting and background checks:

(a) An employee of the Commission or of the Executive Branch of the U.S. Government who has undergone fingerprinting for a prior U.S. Government criminal history check;

(b) A Member of Congress;

(c) An employee of a member of Congress or Congressional committee who has undergone fingerprinting for a prior U.S. Government criminal history check;

(d) The Governor of a State or his or her designated State employee representative;

(e) Federal, State, or local law enforcement personnel;

(f) State Radiation Control Program Directors and State Homeland Security Advisors or their designated State employee representatives;

(g) Agreement State employees conducting security inspections on behalf of the NRC pursuant to an agreement executed under section 274.i. of the Atomic Energy Act;

(h) Representatives of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement who have been certified by the NRC.

(a) General performance objectives. (1) Each licensee who possesses, uses or transports special nuclear material of moderate or low strategic significance shall establish and maintain a physical protection system that will achieve the following objectives:

(i) Minimize the possibilities for unauthorized removal of special nuclear material consistent with the potential consequences of such actions; and

(ii) Facilitate the location and recovery of missing special nuclear material.

(2) To achieve these objectives, the physical protection system shall provide:

(i) Early detection and assessment of unauthorized access or activities by an external adversary within the controlled access area containing special nuclear material;

(ii) Early detection of removal of special nuclear material by an external adversary from a controlled access area;

(iii) Assure proper placement and transfer of custody of special nuclear material; and

(iv) Respond to indications of an unauthorized removal of special nuclear material and then notify the appropriate response forces of its removal in order to facilitate its recovery.

(b)(1) A licensee is exempt from the requirements of this section to the extent that he possesses, uses, or transports:

(i) Special nuclear material which is not readily separable from other radioactive material and which has a total external radiation level in excess of 1 gray (100 rad) per hour at a distance of 1 meter (3.3 feet) from any accessible surface without intervening shielding, or

(ii) Sealed plutonium-beryllium neutron sources totaling 500 grams or less contained plutonium at any one site or contiguous sites, or

(iii) Plutonium with an isotopic concentration exceeding 80 percent in plutonium-238.

(2) A licensee who has quantities of special nuclear material equivalent to special nuclear material of moderate strategic significance distributed over several buildings may, for each building which contains a quantity of special nuclear material less than or equal to a level of special nuclear material of low strategic significance, protect the material in that building under the lower classification physical security requirements.

(c) Each licensee who possesses, uses, transports, or delivers to a carrier for transport special nuclear material of moderate strategic significance, or 10 kg or more of special nuclear material of low strategic significance shall:

(1) Submit a security plan or an amended security plan describing how the licensee will comply with all the requirements of paragraphs (d), (e), (f), and (g) of this section, as appropriate, including schedules of implementation. The licensee shall retain a copy of the effective security plan as a record for three years after the close of period for which the licensee possesses the special nuclear material under each license for which the original plan was submitted. Copies of superseded material must be retained for three years after each change.

(2) Within 30 days after the plan submitted pursuant to paragraph (c)(1) of this section is approved, or when specified by the NRC in writing, implement the approved security plan.

(d) Fixed site requirements for special nuclear material of moderate strategic significance. Each licensee who possesses, stores, or uses quantities and types of special nuclear material of moderate strategic significance at a fixed site or contiguous sites, except as allowed by paragraph (b)(2) of this section and except those who are licensed to operate a nuclear power reactor pursuant to part 50, shall:

(1) Use the material only within a controlled access area which is illuminated sufficiently to allow detection and surveillance of unauthorized penetration or activities,

(2) Store the material only within a controlled access area such as a vault-type room or approved security cabinet or their equivalent which is illuminated sufficiently to allow detection and surveillance of unauthorized penetration or activities,

(3) Monitor with an intrusion alarm or other device or procedures the controlled access areas to detect unauthorized penetration or activities,

(4) Conduct screening prior to granting an individual unescorted access to the controlled access area where the material is used or stored, in order to obtain information on which to base a decision to permit such access,

(5) Develop and maintain a controlled badging and lock system to identify and limit access to the controlled access areas to authorized individuals,

(6) Limit access to the controlled access areas to authorized or escorted individuals who require such access in order to perform their duties,

(7) Assure that all visitors to the controlled access areas are under the constant escort of an individual who has been authorized access to the area,

(8) Establish a security organization or modify the current security organization to consist of at least one watchman per shift able to assess and respond to any unauthorized penetrations or activities in the controlled access areas,

(9) Provide a communication capability between the security organization and appropriate response force,

(10) Search on a random basis vehicles and packages leaving the controlled access areas, and

(11) Establish and maintain written response procedures for dealing with threats of thefts or thefts of these materials. The licensee shall retain a copy of the response procedures as a record for the period during which the licensee possesses the appropriate type and quantity of special nuclear material requiring this record under each license for which the original procedures were developed and, for three years thereafter. Copies of superseded material must be retained for three years after each change.

(e) In-transit requirements for special nuclear material of moderate strategic significance. (1) Each licensee who transports, exports or delivers to a carrier for transport special nuclear material of moderate strategic significance shall:

(i) Provide advance notification to the receiver of any planned shipments specifying the mode of transport, estimated time of arrival, location of the nuclear material transfer point, name of carrier and transport identification,

(ii) Receive confirmation from the receiver prior to the commencement of the planned shipment that the receiver will be ready to accept the shipment at the planned time and location and acknowledges the specified mode of transport,

(iii) Check the integrity of the container and locks or seals prior to shipment, and

(iv) Arrange for the in-transit physical protection of the materials in accordance with the requirements of § 73.67(e)(3) unless the receiver is a licensee and has agreed in writing to arrange for the in-transit physical protection.

(2) Each licensee who receives special nuclear material of moderate strategic significance shall:

(i) Check the integrity of the containers and seals upon receipt of the shipment,

(ii) Notify the shipper of receipt of the material as required in § 74.15 of this chapter, and

(iii) Arrange for the in-transit physical protection of the material in accordance with the requirements of § 73.67(e)(3) unless the shipper is a licensee and has agreed in writing to arrange for the in-transit physical protection.

(3) Each licensee who arranges for the in-transit physical protection of special nuclear material of moderate strategic significance, or who takes delivery of this material free on board (f.o.b.) the point at which it is delivered to a carrier for transport shall:

(i) Arrange for telephone or radio communications between the transport and the licensee or its designee: (A) To periodically confirm the status of the shipment (B) for notification of any delays in the scheduled shipment, and (C) to request appropriate local law enforcement agency response in the event of an emergency.

(ii) Minimize the time that the material is in transit by reducing the number and duration of nuclear material transfers and by routing the material in the most safe and direct manner,

(iii) Conduct screening of all licensee employees involved in the transportation of the material in order to obtain information on which to base a decision to permit them control over the material,

(iv) Establish and maintain written response procedures for dealing with threats of thefts or thefts of this material. The licensee shall retain a copy of the current response procedures as a record for three years after the close of period for which the licensee possesses the special nuclear material under each license for which the original procedures were developed and copies of superseded material must be retained for three years after each change.

(v) Make arrangements to be notified immediately of the arrival of the shipment at its destination, or of any such shipment that is lost or unaccounted for after the estimated time of arrival at its destination, and

(vi) Initiate immediately a trace investigation of any shipment that is determined to be lost or unaccounted for after a reasonable time beyond the estimated arrival time.

(vii) Notify the NRC Operations Center after the discovery of the loss of the shipment and after recovery of or accounting for such lost shipment, in accordance with the provisions of §§ 73.1200 and 73.1205 of this part.

(4) Each licensee who arranges the physical protection of strategic special nuclear material in quantities of moderate strategic significance while in transit or who takes delivery of this material free on board (f.o.b.) the point at which it is delivered to a carrier for transport shall comply with the requirements of paragraphs (e) (1), (2), and (3) of this section. The licensee shall retain each record required by paragraphs (e) (1), (2), (3), and (4) (i) and (ii) of this section for three years after close of period licensee possesses special nuclear material under each license that authorizes these licensee activities. Copies of superseded material must be retained for three years after each change. In addition, the licensee shall—

(i) Make all shipments of the material either (A) in dedicated transports with no intermediate stops to load or unload other cargo and with no carrier or vehicle transfers or temporary storage in-transit, or (B) under arrangements whereby the custody of the shipment and all custody transfers are acknowledged by signature, and

(ii) Maintain the material under lock or under the control of an individual who has acknowledged acceptance of custody of the material by signature.

(5) Each licensee who exports special nuclear material of moderate strategic significance shall comply with the requirements specified in paragraphs (c) and (e) (1), (3), and (4) of this section. The licensee shall retain each record required by these sections for three years after the close of period for which the licensee possesses the special nuclear material under each license that authorizes the licensee to export this material. Copies of superseded material must be retained for three years after each change.

(6) Each licensee who imports special nuclear material of moderate strategic significance shall,

(i) Comply with the requirements specified in paragraphs (c) and (e) (2), (3), and (4) of this section. The licensee shall retain each record required by these sections for three years after the close of period for which the licensee possesses the special nuclear material under each license that authorizes the licensee to import this material. Copies of superseded material must be retained for three years after each change.

(ii) Notify the exporter who delivered the material to a carrier for transport of the arrival of such material.

(7) If, after receiving advance notice pursuant to § 73.72 from a licensee planning to import, export, transport, deliver to a carrier for transport in a single shipment, or take delivery at the point where it is delivered to a carrier, special nuclear material of moderate strategic significance containing in any part strategic special nuclear material, it appears to the Commission that two or more shipments of special nuclear material of moderate strategic significance, constituting in the aggregate an amount equal to or greater than a formula quantity of strategic special nuclear material, may be en route at the same time, the Commission may order one or more of the shippers to delay shipment according to the following provisions:

(i) The shipper shall provide to the Commission, upon request, such additional information regarding a planned shipment as the Commission considers pertinent to the decision on whether to delay such shipment.

(ii) The receiver of each shipment, or the shipper if the receiver is not a licensee, shall notify the Director, Division of Physical and Cyber Security Policy, Office of Nuclear Security and Incident Response, by telephone, no later than 24 hours after arrival of such shipment at its final destination, or after such shipment has left the United States as an export, to confirm the integrity of the shipment at the time of receipt or exit from the United States.

(iii) The Commission shall notify the affected shippers no later than two days before the scheduled shipment date that a given shipment is to be delayed.

(iv) Shipments of special nuclear material of moderate strategic significance which are protected in accordance with the provisions of §§ 73.20, 73.25, and 73.26 shall not be subject to orders to delay shipment nor considered to constitute a portion of an aggregate formula quantity of strategic special nuclear material for the purposes of determining whether any shipments must delayed.

(f) Fixed site requirements for special nuclear material of low strategic significance. Each licensee who possesses, stores, or uses special nuclear material of low strategic significance at a fixed site or contiguous sites, except those who are licensed to operate a nuclear power reactor pursuant to part 50, shall:

(1) Store or use the material only within a controlled access area,

(2) Monitor with an intrusion alarm or other device or procedures the controlled access areas to detect unauthorized penetrations or activities,

(3) Assure that a watchman or offsite response force will respond to all unauthorized penetrations or activities, and

(4) Establish and maintain response procedures for dealing with threats of thefts or thefts of this material. The licensee shall retain a copy of the current response procedures as a record for three years after the close of period for which the licensee possesses the special nuclear material under each license for which the procedures were established. Copies of superseded material must be retained for three years after each change.

(g) In-transit requirements for special nuclear material of low strategic significance. (1) Each licensee who transports or who delivers to a carrier for transport special nuclear material of low strategic significance shall:

(i) Provide advance notification to the receiver of any planned shipments specifying the mode of transport, estimated time of arrival, location of the nuclear material transfer point, name of carrier and transport identification,

(ii) Receive confirmation from the receiver prior to commencement of the planned shipment that the receiver will be ready to accept the shipment at the planned time and location and acknowledges the specified mode of transport,

(iii) Transport the material in a tamper indicating sealed container,

(iv) Check the integrity of the containers and seals prior to shipment, and

(v) Arrange for the in-transit physical protection of the material in accordance with the requirements of § 73.67(g)(3) of this part, unless the receiver is a licensee and has agreed in writing to arrange for the in-transit physical protection.

(2) Each licensee who receives quantities and types of special nuclear material of low strategic significance shall:

(i) Check the integrity of the containers and seals upon receipt of the shipment,

(ii) Notify the shipper of receipt of the material as required in § 74.15 of this chapter, and

(iii) Arrange for the in-transit physical protection of the material in accordance with the requirements of § 73.67(g)(3) of this part, unless the shipper is a licensee and has agreed in writing to arrange for the in-transit physical protection.

(3) Each licensee, either shipper or receiver, who arranges for the physical protection of special nuclear material of low strategic significance while in transit or who takes delivery of such material free on board (f.o.b.) the point at which it is delivered to a carrier for transport shall:

(i) Establish and maintain response procedures for dealing with threats or thefts of this material. The licensee shall retain a copy of the current response procedures as a record for three years after the close of period for which the licensee possesses the special nuclear material under each license for which the procedures were established. Copies of superseded material must be retained for three years after each change.

(ii) Make arrangements to be notified immediately of the arrival of the shipment at its destination, or of any such shipment that is lost or unaccounted for after the estimated time of arrival at its destination, and

(iii)(A) Immediately conduct a trace investigation of any shipment that is lost or unaccounted for after the estimated arrival time; and

(B) Notify the NRC Operations Center after the discovery of the loss of the shipment and after recovery of or accounting for such lost shipment, in accordance with the provisions of §§ 73.1200 and 73.1205 of this part.

(4) Each licensee who exports special nuclear material of low strategic significance shall comply with the appropriate requirements specified in paragraphs (c) and (g) (1) and (3) of this section. The licensee shall retain each record required by these sections for three years after the close of period for which the licensee possesses the special nuclear material under each license that authorizes the licensee to export this material. Copies of superseded material must be retained for three years after each change.

(5) Each licensee who imports special nuclear material of low strategic significance shall:

(i) Comply with the requirements specified in paragraphs (c) and (g) (2) and (3) of this section and retain each record required by these paragraphs for three years after the close of period for which the licensee possesses the special nuclear material under each license that authorizes the licensee to import this material. Copies of superseded material must be retained for three years after each change.

(ii) Notify the person who delivered the material to a carrier for transport of the arrival of such material.