GENERAL PROVISIONS § 25.1 Purpose. This part establishes procedures for granting, reinstating, extending, transferring and terminating access authorizations of licensee personnel, licensee contractors or agents and other persons (e.g, individuals involved in adjudicatory procedures as set forth in 10 CFR Part 2, Subpart I) who may require access to information classified at the Secret and Confidential National Security Information and/or Restricted Data level. § 25.3 Scope. The regulations in this part apply to licensees and others who may require access to National Security Information and/or Restricted Data related to a license or application for a license. § 25.5 Definitions. "Access authorization" means an administrative determination that an individual (including a consultant) who is employed by or an applicant for employment with the NRC, NRC contractors, agents, and licensees of the NRC, or other person designated by the Executive Director for Operations, is eligible for a security clearance for access to Restricted Data or national security information. "Act" means the Atomic Energy Act of 1954 (68 Stat. 919), as amended. "Commission" means the Nuclear Regulatory Commission or its duly authorized representatives. "L" access authorization means an access authorization granted by the Commission which is normally based on a National Agency Check (NAC) or NAC and Inquiry (NACI) conducted by the Office of Personnel Management. "License" means a license issued pursuant to 10 CFR Parts 50, 70, or 72. "Matter" means documents or mate rial. "National Security Information" means information or matter that is owned by, produced for or by, or under the control of, the United States Government, and that has been determined pursuant to Executive Order 12065 or prior orders to require protec tion against unauthorized disclosure and is so designated. "Need-to-know" means a determination by persons having responsibility for classified information or matter, that a proposed recipient's access to such classified information or matter is necessary in the performance of his official, contractual, or licensee duties of employment under the cognizance of the Commission. "Person" means (1) any individual, corporation, partnership, firm, association, trust, estate, public or private institution, group, government agency other than the Commission or the Department of Energy (DOE), except that the DOE shall be considered a person to the extent that its facilities are subject to the licensing and related regulatory authority of the Commission pursuant to section 202 of the Energy Reorganization Act of 1974 and sections 104, 105 and 202 of the Uranium Mill Tailings Radiation Control Act of 1978, any State or any political subdivision of, or any political entity within a State, any foreign government or nation or any political subdivision of any such government or nation, or other entity; and (2) any legal successor, representative, agent, or agency of the foregoing. "Q" Access Authorization means an access authorization granted by the Commission based on a full field investigation conducted by the Office of Personnel Management, the Federal Bureau of Investigation, or other U.S. Government agency which conducts personnel security investigations. "Restricted Data" means all data concerning design, manufacture or utilization of atomic weapons, the production of special nuclear material, or the use of special nuclear material in the production of energy, but shall not include data declassified or removed from the Restricted Data category pursuant to section 142 of the Act. [45 FR 14481, Mar. 5, 1980, as amended at 46 FR 58283, Dec. 1, 1981; 47 FR 38683, Sept. 2, 1982] § 25.7 Interpretations. Except as specifically authorized by the Commission in writing, no interpretation of the meaning of the regu lations in this part by any officer or employee of the Commission other than a written interpretation by the General Counsel will be recognized to be binding upon the Commission. § 25.9 Communications. Except where otherwise specified, all communications and reports concerning the regulations in this part should be addressed to the Director, Division of Security, U.S. Nuclear Regulatory Commission, Washington, D.C. 20555. § 25.11 Specific exemptions. The Commission may, upon application of any interested party, grant an exemption from the requirements of this Part 25. Exemptions will be granted only if they are authorized by law and will not constitute an undue risk to the common defense and security. Documentation related to the request, notification and processing of an exemption shall be maintained for two years beyond the period covered by the exemption. § 25.13 Records maintenance. Each licensee or organization employing individuals approved for personnel security access authorization under this part, shall maintain records as prescribed within the part. These records shall be subject to review and inspection by NRC representatives during security surveys. ACCESS AUTHORIZATIONS § 25.15 Access permitted under “Q” or “L” access authorization. (a) A "Q" access authorization permits an individual access on a need-toknow basis to (1) Secret and Confidential Restricted Data and (2) Secret and Confidential National Security Information including intelligence information, CRYPTO (i.e., cryptographic information) or other classified communications security (COMSEC) information. (b) An "L" access authorization permits an individual access on a need-toknow basis to Confidential Restricted Data and Secret and Confidential National Security Information other than the categories specifically included in paragraph (a) of this section. (c) Each employee of the Commission is processed for one of the two levels of access authorization. Licensees and other persons will furnish National Security Information and/or Restricted Data to a Commission employee on official business when the employee has the appropriate level of NRC access authorization and need-toknow. Some individuals are permitted to begin NRC employment without an access authorization. However, no NRC employee shall be permitted access to any classified information until the appropriate level of access authorization has been granted to that employee by NRC. [42 FR 28893, June 6, 1977, as amended at 47 FR 9195, Mar. 4, 1982] § 25.17 Approval for processing applicants for access authorization. (a) Access authorization shall be requested for licensee employees or other persons (e.g., 10 CFR Part 2, Subpart I) who need access to National Security Information and/or Restricted Data in connection with activities under Parts 50 or 70. (b) The request must include a completed personnel security packet (see § 25.17(c)) and request form (NRC237) signed by a licensee or licensee contractor official. (c) Each personnel security packet so submitted, shall include the following completed forms: (1) Personnel Security Questionnaire, (NRC-1, Parts I and II); (2) National Agency Check-Data for Nonsensitive or Noncritical-Sensitive Position (SF-85A)—for "L" cases only; (3) Two Standard Fingerprint cards, (FD-258); (4) Security (NRC-176); Acknowledgment, (5) Authority to Release Information, (NRC-259); and (6) Related forms where specified in accompanying instructions (NRC-254 and NRC-254A). Forms identified in paragraphs (c) (1) and (2) of this section must be typed. Only a Security Acknowledgment (NRC Form 176) need be completed by any person possessing an active access authorization or in processing for an access authorization prior to the effec tive date of this rule. The access authorizations must be at an equivalent level to those required by NRC and granted or processed by another Federal agency. (d) To avoid delays in processing requests for access authorizations, each security packet should be reviewed for completeness and correctness (including legibility of response on the forms) prior to submittal. (e) Applications for access authorization processing must be accompanied by a check or money order, payable to the United States Nuclear Regulatory Commission, representing the current cost for the processing of each "Q" and "L" access authorization request. Access authorization fees will be published in December of each year and will be applicable to each access authorization request received during the following calendar year. Applications from individuals having current Federal access authorizations may be processed expeditiously at less cost, since the Commission may accept the certification of access authorizations and investigative data from other Federal Government agencies which grant personnel access authorizations. [45 FR 14481, Mar. 5, 1980, as amended at 45 FR 71763, Oct. 30, 1980; 47 FR 9195, Mar. 4, 1982] § 25.19 Processing applications. Each application for access authorization together with its accompanying fee shall be submitted to the NRC Division of Security. If necessary the NRC Division of Security may obtain approval from the appropriate Commission office exercising licensing or regulatory authority before processing the access authorization request. If the applicant is disapproved for processing, the NRC Division of Security will notify the submitter in writing and will return the original application (security packet) and its accompanying fee. § 25.21 Determination of initial and continued eligibility for access authorization. (a) Following receipt by the NRC Division of Security of the reports of the personnel security investigations, the record will be reviewed to determine that granting an access authorization will not endanger the common defense and security and is clearly consistent with the national interest. If such a determination is made, access authorization will be granted. Questions as to initial eligibility, and any subsequent developments that raise a question of continued eligibility for access authorization will be determined in accordance with Part 10 of Chapter I. (b) The NRC Division of Security shall be promptly notified of developments which bear on continued eligibility for access authorization throughout the period for which the authorization is active (e.g., persons who marry subsequent to the completion of a personnel security packet must report this change by submitting a completed form entitled "Data Report on Spouse"). § 25.23 Notification of grant of access au thorization. The determination to grant access authorization will be furnished in writing to the licensee or organization which initiated the request. Records of these notifications must be maintained by the licensee or requesting organization for one year after the access authorization has been terminated by the NRC Division of Security. This information may also be furnished to other representatives of the Commission, to licensees, contractors, or other Federal agencies. Notifications of access authorization will not be given in writing to the individual himself except: (a) In those cases in which the determination was made as a result of a Personnel Security Board or a Personnel Security Review Board hearing, or (b) When the individual also is the official designated by the licensee to whom written NRC notifications are forwarded. § 25.25 Cancellation of requests for access authorization. When a request for an individual's access authorization is withdrawn or cancelled, the NRC Division of Security will be notified by the requestor immediately by telephone so that the full field investigation or National Agency Check may be discontinued. The caller will supply the full name and date of birth of the individual, the date of request, and the type of access authorization originally requested ("Q" or "L"). Such telephone notice shall be promptly confirmed in writing. § 25.27 Reopening of cases in which requests for access authorizations are cancelled. (a) In conjunction with a new request for access authorization for individuals whose cases were previously cancelled, new fingerprint cards in duplicate and a new Security Acknowledgment shall be furnished to the NRC Division of Security along with the request. (b) Additionally, if six months or more have elapsed since the date of the last Personnel Security Questionnaire, a complete personnel security packet (see § 25.17 (c)) shall be executed by the individual. The NRC Division of Security, based on investigative or other needs, may require a complete personnel security packet in other cases as well. A fee, equal to the amount paid for an initial request, will be charged only if a new or updating investigation is required. § 25.29 Reinstatement of access authorization. An up-to-date personnel security packet will be furnished with a request for reinstatement of an access authorization if 6 months or more have elapsed since termination of access authorization and a year or more has elapsed since the date of the previous Personnel Security Questionnaire, or if any significant changes are known to have occurred since the termination. A new Security Acknowledgment will be obtained in all cases. Where personnel security packets are not required, a request for reinstatement shall state the level of access authorization to be reinstated and the full name and date of birth of the individual in order to establish positive identification. A fee, equal to the amount paid for an initial request, will be charged only if a new or updating investigation is required. § 25.31 Extensions and transfers of access authorizations. (a) The NRC Division of Security may, on request, extend the authorization of an individual who possesses an access authorization in connection with a particular employer or activity, to permit access to National Security Information and/or Restricted Data in connection with an assignment with another employer or activity. (b) The NRC Division of Security may, on request, transfer an access authorization when an individual's access authorization under one interest is terminated, simultaneously with his being granted access authorization for another employer or activity. (c) Requests for extension or transfer of access authorization shall state the full name of the person, his date of birth and level of access authorization. The Director, Division of Security, may require a new personnel security packet (see § 25.17(c)) to be completed by the applicant. A fee, equal to the amount paid for an initial request, will be charged only if a new or updating investigation is required. § 25.33 Termination of access authorizations. (a) Access authorizations will be terminated when: (1) Access authorization is no longer required, or (2) An individual is separated from the employment or the activity for which he obtained an access authorization for a period of 90 days or more, or (3) An individual, pursuant to 10 CFR Part 10, is no longer eligible for access authorization. (b) A representative of the licensee or other organization which employs the individual whose access authorization will be terminated shall immediately notify the NRC Division of Security when the circumstances noted in paragraph (a)(1) or (a)(2) of this section exist; inform the individual that his access authorization is being terminated, and the reason; and that he will be considered for reinstatement of access authorization if he resumes work requiring it. 13-025 0-83--19 (c) When an access authorization is to be terminated, a representative of the licensee or other organization shall conduct a security termination briefing of the individual involved, explain the Security Termination Statement (NRC Form 136) and have the individual execute the form. The official shall notify the NRC Division of Security promptly in writing that a briefing was conducted and forward the original copy of the executed Security Termination Statement to the Division of Security. CLASSIFIED VISITS § 25.35 Classified visits. Visits to NRC, NRC contractor, licensee or licensed related facilities, or other government agencies and their contractors involving access to classified information by individuals covered by this part require advance certification of "need-to-know" and verification of NRC access authorization. Individuals planning such visits shall complete NRC Form 277, "Request for Visit or Access Approval," with the "need-to-know" certified by the appropriate Commission Office exercising licensing or regulatory authority. This Commission office shall then forward the request to the NRC Division of Security at least 15 days in advance of the date of the visit for appropriate verification of NRC access authorization. The Division of Security shall forward the form to the facility to be visited. [45 FR 14481, Mar. 5, 1980. Redesignated at 47 FR 9196, Mar. 4, 1982] 30.14 Exempt concentrations. 30.15 Certain items containing byproduct material. 30.16 Resins containing scandium-46 and designed for sand-consolidation in oil wells. 30.18 Exempt quantities. 30.19 Self-luminous products containing tritium, krypton-85, or promethium-147. 30.20 Gas and aerosol detectors containing byproduct material. LICENSES 30.31 Types of licenses. 30.32 Application for specific licenses. 30.33 General requirements for issuance of specific licenses. 30.34 Terms and conditions of licenses. 30.36 Expiration of licenses. 30.37 Applications for renewal of licenses. 30.38 Applications for amendment of li censes. 30.39 Commission action on applications to renew or amend. |