(a) Introduction. (1) Each licensee that is licensed to operate a commercial nuclear plant under part 53 of this chapter and elects to implement the requirements of this section must identify achievable target sets in accordance with paragraph (b)(5) of this section and develop, implement, and maintain a physical protection program under the following requirements:
(i) Each licensee that demonstrates no achievable target sets exist in accordance with paragraph (b)(5) of this section, and does not credit any active measures (e.g., operator action, mitigative action, detection, assessment, armed response) in making that demonstration, is exempt from the remaining requirements of this section.
(ii) Each licensee that demonstrates no achievable target sets exist in accordance with paragraph (b)(5) of this section, and credits active measures in making that demonstration, must implement the requirements of this section through its physical security plan, training and qualification plan, safeguards contingency plan, and cybersecurity plan, referred to collectively hereafter as “security plans,” before initial fuel load into the reactor (or, for a fueled manufactured reactor, before initiating the removal of the features to prevent criticality required under § 53.620(d)(1) of this chapter); for such licensees, the requirements of paragraphs (b)(2) through (4) of this section will be deemed satisfied if the physical protection program is designed to ensure that the credited active measures will be implemented in response to threats up to and including the design-basis threat of radiological sabotage.
(iii) Each licensee that demonstrates achievable target sets exist, in accordance with paragraph (b)(5) of this section, must implement the requirements of this section through its physical security plan, training and qualification plan, safeguards contingency plan, and cybersecurity plan, referred to collectively hereafter as “security plans,” before initial fuel load into the reactor (or, for a fueled manufactured reactor, before initiating the removal of the features to prevent criticality required under § 53.620(d)(1) of this chapter).
(2) The security plans must identify, describe, and account for site-specific conditions that affect the licensee's capability to satisfy the requirements of this section.
(b) General performance objective and requirements. (1) The licensee must establish, implement, and maintain a physical protection program and a security organization, which will have as their objective to provide reasonable assurance that activities involving special nuclear material are not inimical to the common defense and security and do not constitute an unreasonable risk to the public health and safety.
(2) To satisfy the general performance objective of paragraph (b)(1) of this section, the physical protection program must protect against the design-basis threat of radiological sabotage as stated in § 73.1. Specifically, the licensee must—
(i) Ensure that the physical protection program capabilities to protect against the design-basis threat of radiological sabotage are maintained at all times; and
(ii) Provide defense in depth in achieving performance requirements through the integration of engineered systems, administrative controls, and management measures.
(3) The physical protection program must be designed to prevent the release of radionuclides from any source from exceeding the dose reference values defined in § 53.210 of this chapter.
(4) The physical protection program must be designed and implemented to achieve and maintain the reliability and availability of structures, systems, and components (SSCs) required for demonstrating compliance with the following performance requirements at all times:
(i) Intrusion detection. The licensee must be capable of detecting attempted and actual unauthorized access to interior and exterior areas containing SSCs needed to implement safety and security functions.
(ii) Intrusion assessment. The licensee must be capable of timely assessment for determining the cause of a detected intrusion.
(iii) Security communication. The licensee must be capable of continuous security communications. Communication systems must account for design-basis threats that can interrupt or interfere with continuity or integrity of communications.
(iv) Security response. The physical protection program must be designed to provide timely security response to interdict and neutralize adversary attacks up to and including the design-basis threat of radiological sabotage. The physical protection program must be designed to provide layers of security response, with each layer assuring that a single failure does not result in the loss of capability to neutralize the design-basis threat adversary. Structures, systems, and components relied on for delay functions must be designed to allow for timely security responses to adversary attacks with adequate defense in depth.
(A) The security response may rely on the use of onsite responders, law enforcement or other offsite armed responders, or a combination thereof, to fulfill the interdiction and neutralization functions required by paragraph (b)(4)(iv) of this section. A licensee relying entirely or partially on law enforcement or other offsite armed responders must—
(1) Maintain the capability to detect, assess, interdict, and neutralize threats as required by paragraphs (b)(4)(i), (b)(4)(ii), and (b)(4)(iv) of this section;
(2) Provide adequate delay to enable law enforcement or other offsite armed responders to fulfill the interdiction and neutralization functions for threats up to and including the design-basis threat of radiological sabotage;
(3) Provide necessary information about the facility and make available periodic training to law enforcement or other offsite armed responders who will fulfill the interdiction and neutralization functions for threats up to and including the design-basis threat of radiological sabotage;
(4) Fully describe in the safeguards contingency plan the role that law enforcement or other offsite armed responders will play in the licensee's protective strategy. The description must provide sufficient detail to enable the NRC to determine that the licensee's physical protection program provides reasonable assurance of adequate protection against threats up to and including the design-basis threat of radiological sabotage; and
(5) Identify criteria and measures to compensate for the degradation or absence of law enforcement or other offsite armed responders and propose suitable compensatory measures that meet the requirements of paragraph (h)(3) of this section to address this degradation.
(B) For licensees relying entirely or partially on law enforcement responders to fulfill the interdiction and neutralization functions required by paragraph (b)(4)(iv) of this section, the training and qualification requirements related to armed response personnel in paragraphs (c) and (e) of this section do not apply to law enforcement responders. The licensee shall continue to satisfy the performance evaluation requirements in paragraph (g) of this section for all armed response personnel, including law enforcement.
(v) Protecting against land and waterborne vehicle bomb assaults. The licensee must be capable of protecting the plant against the design-basis threat vehicle bomb assault. The methods that are relied on to protect against a design-basis threat land vehicle and waterborne vehicle bomb assault must be designed to protect the reactor building and structures containing safety- or security-related systems, and components from explosive effects.
(vi) Access control portals. The licensee must be capable of detecting and denying unauthorized access to persons and pass-through of contraband materials (e.g., weapons, incendiary devices, explosives) to protected areas.
(5) The licensee must identify and document complete and accurate target sets in accordance with the following:
(i) Preventative operator actions may be credited as target set elements when: sufficient time to implement exists; environmental conditions allow operator actions to be completed successfully; adversary interference is precluded; all equipment required for operator actions is available, dedicated, staged, and maintained; approved procedures exist specific to the task being performed; and training is maintained for proficiency of the credited operator action.
(ii) The identification of target sets must not assume the success of the security organization; except that licensees may consider delay provided by the security organization when assessing the availability of operator actions.
(iii) The licensee must consider cyberattacks in the identification of target sets.
(iv) The licensee must further identify achievable target sets through a site-specific analysis. Achievable target sets are those that are within the capabilities of the design-basis threat adversary to compromise, destroy, or render non-functional; cannot be mitigated after adversary interference is precluded and prior to a release of radionuclides exceeding dose reference values defined in 10 CFR 53.210; and, if defeated, result irreversibly in exceedance of the dose reference values in 10 CFR 53.210.
(v) The licensee must document and maintain the process used to identify achievable target sets, to include the site-specific analyses and methodologies used to determine and group the target set equipment or elements, including elements not contained in a protected or vital area.
(vi) The licensee must implement a process for the oversight of target set equipment and systems to ensure that changes to the configuration of the identified equipment and systems are considered in the licensee's protective strategy. Where appropriate, changes must be made to documented target sets.
(vii) The licensee must maintain records in accordance with paragraph (j) of this section and, in addition, must maintain site-specific analyses until submittal of the licensee's certifications required by § 53.1070 of this chapter.
(6) The licensee must identify and analyze site-specific conditions, including achievable target sets, that may affect the physical protection program needed to implement the requirements of this section. The licensee must account for these conditions in demonstrating compliance with the requirements of this section.
(7) The licensee must establish, implement, and maintain a performance evaluation program to assess the effectiveness of the licensee's implementation of the physical protection program to protect against the design-basis threat of radiological sabotage.
(8) The licensee must establish, implement, and maintain an access authorization program under § 73.56, and must describe the program in the physical security plan.
(9) The licensee must establish, implement, and maintain a cybersecurity program under § 73.54 or § 73.110 and must describe the program in the cybersecurity plan.
(10) The licensee must establish, implement, and maintain an insider mitigation program and must describe the program in the physical security plan.
(i) The insider mitigation program must monitor the initial and continuing trustworthiness and reliability of individuals granted or retaining unescorted access or unescorted access authorization to a protected or vital area, and implement defense-in-depth methodologies to minimize the potential for an insider (active, passive, or both) to adversely affect, either directly or indirectly, the licensee's capability to protect against radiological sabotage.
(ii) The insider mitigation program must integrate elements of—
(A) The access authorization program under § 73.56 or § 73.120;
(B) The fitness-for-duty program under 10 CFR part 26;
(C) The cybersecurity program under § 73.54 or § 73.110; and
(D) The physical protection program under this section.
(11) The licensee must have the capability to track, trend, correct, and prevent recurrence of failures and deficiencies in the implementation of the requirements of this section.
(12) Implementation of security plans and associated procedures must be coordinated with other onsite plans and procedures to preclude conflict during both normal and emergency conditions and ensure the adequate management of the safety and security interface.
(13)(i) The licensee must ensure that the firearms background check requirements of § 73.17 of this part are met for all members of the security organization whose official duties require access to covered weapons or who inventory enhanced weapons.
(ii) The provisions of this paragraph (b)(13) are only applicable to licensees subject to this section that are also subject to the firearms background check provisions of § 73.17 of this part.
(c) Security organization. The licensee must establish and maintain a security organization that is staffed, trained, qualified, and equipped to implement the physical protection program under the requirements of this section.
(1) The licensee must establish a management system for maintaining and implementing security policies and procedures to implement the requirements of this section and the security plans.
(2) Implementing procedures must document the conduct of security operations, security design and configuration controls, maintenance, training and qualification, and contingency responses.
(3) The licensee must—
(i) Establish a process for the approval of designs, policies, processes, and procedures and changes by the individual with overall responsibility for the physical protection program; and
(ii) Ensure that revisions and changes to the physical protection program and implementing policies, processes, and procedures satisfy the requirements of this section.
(4) The licensee must retain, in accordance with § 73.70, all analyses, assessments, calculations, and descriptions of the technical basis for demonstrating compliance with the performance requirements of paragraph (b) of this section. The licensee must protect these records in accordance with the requirements for protecting safeguards information in §§ 73.21 and 73.22.
(5) The licensee may not permit any individual to implement any part of the physical protection program unless the individual has been trained, equipped, and qualified to perform their assigned duties and responsibilities in accordance with the training and qualification plan.
(d) Search requirements. The licensee must establish and implement searches of individuals, vehicles, and materials to detect and prevent the introduction into the protected area of firearms, explosives, incendiary devices, or other items and material which could be used to commit radiological sabotage.
(e) Training and qualification program. The licensee must establish and maintain a training and qualification program that ensures personnel who are responsible for the physical protection of the facility against radiological sabotage are able to effectively perform their assigned security-related job duties for implementing the requirements of this section and must describe the program in the training and qualification plan.
(f) Security reviews. The licensee must establish and implement security reviews to assess the effectiveness of the implementation of the physical protection program. Security reviews must be performed by individuals independent of those personnel responsible for program management and any individual who has direct responsibility for implementing the onsite physical protection program.
(1) The licensee must review each element of the physical protection program at a frequency commensurate with the importance or significance to safety of plant operations to ensure timely identification and documentation of vulnerabilities, improvements, and corrective actions. The objective of these reviews must be maintaining effective implementation of the engineered and administrative controls required to achieve the physical protection program functions and the management system required to implement programs and requirements in this section.
(2) The licensee must establish and perform self-assessments to ensure the effective implementation of the physical protection program functions of detection, assessment, communication, delay, and interdiction and neutralization to protect against the design-basis threat of radiological sabotage. The licensee must perform design verification and assessments of the capabilities of active and passive engineering systems relied on to protect against the design-basis threat.
(3) Reviews of the security program must include, but are not limited to, an audit of the effectiveness of the physical protection program, security plans, implementing procedures, cybersecurity programs, safety/security interface activities, the testing, maintenance, and calibration program, and response commitments by local, State, and Federal law enforcement authorities.
(4) The results and recommendations of the onsite physical protection program reviews, management's findings regarding program effectiveness, and any actions taken as a result of recommendations from prior program reviews, must be documented in a report and must be maintained in an auditable form and available for inspection.
(g) Performance evaluation. Licensee performance evaluations must include methods appropriate and necessary to assess, test, and challenge the integration of the physical protection program's functions to protect against the design-basis threat, including measures to protect against cyberattack and engineered systems designed to protect against the design-basis threat standalone ground vehicle bomb attack.
(1) The licensee must establish the frequencies for performance evaluations commensurate with the security significance of the physical protection program.
(2) The licensee must document processes and procedures for implementing the performance evaluations. The licensee must maintain records, including results, findings, and corrective actions identified during the performance evaluations.
(h) Maintenance, testing, and calibration and corrective actions. (1) The licensee must ensure that security SSCs, including supporting systems, are inspected, tested, and calibrated for operability and performance at intervals necessary and sufficient to meet the requirements of this section.
(2) The licensee must implement corrective actions to ensure resolution of identified vulnerabilities and deficiencies to meet the requirements of this section.
(3) The licensee must establish and implement timely compensatory measures for degraded or inoperable security SSCs to meet the requirements of this section. Compensatory measures must provide a level of protection that is equivalent to the protection that was provided prior to the degradation or inoperability of the security structures, systems, or components.
(4) The licensee must document processes and procedures and maintain records for implementing the corrective actions, compensatory measures, and maintenance, inspection, testing, and calibration of security SSCs.
(i) Suspension of security measures. (1) The licensee may suspend implementation of affected requirements of this section in accordance with § 53.740(h) of this chapter under the following conditions:
(i) In an emergency, when action is immediately needed to protect the public health and safety; and
(ii) During severe weather, when the suspension of affected security measures is immediately needed to protect the personal health and safety of personnel.
(2) Suspended security measures must be reinstated as soon as conditions permit.
(3) The suspension of security measures must be reported and documented in accordance with the provisions of §§ 73.1200 and 73.1205.
(j) Records. (1) The Commission may inspect, copy, retain, and remove all reports, records, and documents required to be kept by Commission regulations, orders, or license conditions, whether the reports, records, and documents are kept by the licensee or a contractor.
(2) The licensee must maintain all records required to be kept by Commission regulations, orders, or license conditions, until the Commission terminates the license for which the records were developed and must maintain superseded portions of these records for at least 3 years after the record is superseded, unless otherwise specified by the Commission.
(3) If a contracted security force is used to implement the onsite physical protection program, the licensee's written agreement with the contractor must be retained by the licensee as a record for the duration of the contract.
(4) Review and audit reports must be available for inspection, for a period of 3 years.
(a) Each licensee that is licensed to operate a commercial nuclear plant under 10 CFR part 53 and elects to implement the requirements of this section must establish, implement, and maintain a cybersecurity program that is commensurate with the potential consequences resulting from cyberattacks, up to and including the design-basis threat as described in § 73.1. The cybersecurity program must provide reasonable assurance that digital computer and communication systems and networks are adequately protected against cyberattacks that are capable of causing the following consequences:
(1) Adversely impacting the safety, security, and emergency preparedness functions performed by digital assets that prevent a postulated fission product release resulting in offsite doses exceeding the values in § 53.210 of this chapter.
(2) Adversely impacting the security functions performed by digital assets necessary for implementing the physical security requirements in § 53.860(a) of this chapter.
(b) To protect digital computer and communication systems and networks associated with the functions described in paragraphs (a)(1) and (2) of this section, the licensee must—
(1) Analyze the potential consequences resulting from cyberattacks on digital computer and communication systems and networks and identify those assets that must be protected to demonstrate compliance with paragraph (a) of this section; and
(2) Implement the cybersecurity program in accordance with paragraph (d) of this section.
(c) The licensee must protect the systems and networks identified in paragraph (b)(1) of this section in a manner that is commensurate with the potential consequences resulting from cyberattacks that:
(1) Adversely impact the integrity or confidentiality of data and/or software;
(2) Deny access to systems, services, and/or data; and
(3) Adversely impact the operation of systems, networks, and associated equipment.
(d) The cybersecurity program must be designed in a manner that is commensurate with the potential consequences resulting from cyberattacks through the following steps:
(1) Implement security controls to protect the assets identified under paragraph (b)(1) of this section from cyberattacks, commensurate with their safety and security significance;
(2) Apply and maintain defense-in-depth protective strategies to ensure the capability to detect, delay, respond to, and recover from cyberattacks capable of causing the consequences identified in paragraph (a) of this section;
(3) Mitigate the adverse effects of cyberattacks capable of causing the consequences identified in paragraph (a) of this section; and
(4) Ensure that the functions of protected assets identified under paragraph (b)(1) of this section are not adversely impacted due to cyberattacks.
(e) The licensee must implement the following requirements in a manner that is commensurate with the potential consequences resulting from cyberattacks:
(1) As part of the cybersecurity program, the licensee must comply with the requirements in § 73.54(d)(1), (2), and (4), and must ensure that modifications to assets, identified under paragraph (b)(1) of this section are evaluated before implementation to ensure that the cybersecurity performance objectives identified in paragraph (a) of this section are maintained.
(2) The licensee must establish, implement, and maintain a cybersecurity plan that implements the cybersecurity program requirements of this section.
(i) The cybersecurity plan must describe how the requirements of this section will be implemented and must account for the site-specific conditions that affect implementation.
(ii) The cybersecurity plan must include measures for incident response and recovery for cyberattacks. The cybersecurity plan must include the analysis identified under paragraph (b)(1) of this section and describe how the licensee will—
(A) Apply and maintain defense-in-depth protective strategies as required in paragraph (d)(2) of this section;
(B) Maintain the capability for timely detection and response to cyberattacks;
(C) Mitigate the consequences of cyberattacks;
(D) Correct exploited vulnerabilities; and
(E) Restore affected systems, networks, and/or equipment affected by cyberattacks.
(3) The licensee must develop and maintain written policies and implementing procedures to implement the cybersecurity plan. Policies, implementing procedures, and other supporting technical information used by the licensee need not be submitted for Commission review and approval as part of the cybersecurity plan but are subject to inspection by NRC staff on a periodic basis.
(4) The licensee must establish and implement cybersecurity reviews to assess the effectiveness of the implementation of the cybersecurity program.
(i) The licensee must review each element of the cybersecurity program at a frequency commensurate with the importance or significance to safety of plant operations to ensure timely identification and documentation of vulnerabilities, improvements, and corrective actions.
(ii) Cybersecurity reviews must be performed by individuals independent of those personnel responsible for program management and any individual who has direct responsibility for implementing the cybersecurity program.
(iii) The licensee must establish and perform self-assessments to ensure the effective implementation of the cybersecurity program.
(iv) The results and recommendations of the cybersecurity program reviews, management's findings regarding program effectiveness, and any actions taken as a result of recommendations from prior program reviews, must be documented in a report and must be maintained in an auditable form and available for inspection.
(5) The licensee must retain all records and supporting technical documentation required to demonstrate compliance with the requirements of this section as a record until the Commission terminates the license for which the records were developed and must maintain superseded portions of these records for at least three (3) years after the record is superseded, unless otherwise specified by the Commission.
(a) Introduction and scope. Each applicant for an operating license or a holder of a combined license under 10 CFR part 53 must establish, maintain, and implement an access authorization program before initial fuel load into the reactor (or, for a fueled manufactured reactor, before initiating the removal of the features to prevent criticality required under § 53.620(d)(1) of this chapter). The requirements in this section apply to applicants and licensees who demonstrate compliance with 10 CFR 73.100(a)(1)(i).
(b) Applicability. (1) The following individuals must be subject to an access authorization program under this section:
(i) Any individual to whom a licensee intends to grant unescorted access to a commercial nuclear plant protected area, vital area, or controlled access area where licensed material is used or stored;
(ii) Any individual whose duties and responsibilities permit the individual to take actions by electronic means, either on site or remotely, that could adversely impact the licensee's or applicant's operational safety, security, or emergency preparedness;
(iii) Any individual who has responsibilities for implementing a licensee's or applicant's protective strategy, including armed security force officers, alarm station operators, and tactical response team leaders but not including Federal, State, or local law enforcement personnel; and
(iv) The licensee or applicant access authorization program reviewing official or contractor or vendor access authorization program reviewers.
(2) The licensee or applicant may subject other individuals, including employees of a contractor or a vendor who are designated in access authorization program procedures, to an access authorization program that demonstrates compliance with the requirements of this section.
(c) General performance objectives and requirements. Each licensee's or applicant's access authorization program under this section must demonstrate that the individuals who are specified in paragraph (b) of this section are trustworthy and reliable, such that they do not constitute an unreasonable risk to public health and safety or the common defense and security. The licensee's access authorization program must maintain the capabilities for demonstrating compliance with the following performance requirements:
(1) Background investigation. (i)(A) Licensees and applicants must ensure that any individual seeking initial unescorted access or to maintain unescorted access is subject to a background investigation.
(B) Background investigations must include the program elements contained under § 37.25 of this chapter and must also include a credit history evaluation.
(ii) Background investigations must include fingerprinting and an FBI identification and criminal history records check in accordance with § 37.27 of this chapter.
(iii) Licensees must have the informed and signed consent of the subject individual to initiate a background investigation. This consent must include authorization to share personal information with other individuals or organizations as necessary to complete the background investigation. A signed consent must be obtained prior to any reinvestigation. The subject individual may withdraw his or her consent at any time. Licensees must inform the individual that—
(A) If an individual withdraws his or her consent, the licensee may not initiate any elements of the background investigation that were not in progress at the time the individual withdrew his or her consent; and
(B) The withdrawal of consent for the background investigation is sufficient cause for denial or termination of unescorted access authorization.
(2) Behavioral observation. Licensees, applicants, contractors, and vendors must ensure the access authorization program includes provisions that the individuals specified in paragraph (b) of this section are subject to behavioral observation.
(i) Each person subject to behavioral observation must communicate to the licensee or applicant observed behaviors or activities of individuals that may constitute an unreasonable risk to the health and safety of the public and common defense and security.
(ii) Behavioral observation must include visual observation, in person or remotely by video, to detect and promptly report to plant supervision any concerns arising from behavioral observation, including, but not limited to, concerns related to any questionable behavior patterns or activities of others.
(3) Self-reporting of legal actions. Licensees or applicants must inform personnel who are granted and who maintain unescorted access of their responsibilities to self-report to plant supervision legal actions taken by a law enforcement authority or court of law against the individual that could result in incarceration or a court order or that requires a court appearance, including but not limited to an arrest, an indictment, the filing of charges, or a conviction, but excluding minor civil actions or misdemeanors such as parking violations or speeding tickets, for any individual who has applied for unescorted access or who maintains unescorted access.
(4) Unescorted access. Licensees or applicants must grant unescorted access only after the licensee has verified an individual is trustworthy and reliable. A list of persons currently approved for unescorted access to a protected area, vital area, or controlled access area must be maintained at all times. Unescorted access determinations must be reviewed annually by the reviewing official. Licensees and applicants must complete an FBI criminal history record check update for each individual maintaining unescorted access, within 10 years of the last review.
(5) Termination of unescorted access. Licensees and applicants must promptly terminate unescorted access when this access is no longer required or a reviewing official determines an individual is no longer trustworthy and reliable in accordance with this section.
(6) Determination basis for access. (i) The licensee's or applicant's reviewing official must determine whether to permit, deny, unfavorably terminate, maintain, or administratively withdraw an individual's unescorted access based on an evaluation of all of the information collected to demonstrate compliance with the requirements of this section.
(ii) Licensees and applicants must provide individuals subject to this section, prior to any final adverse determination, the right to complete, correct, and explain information obtained as a result of the licensee's background investigation pursuant to § 37.23(g) of this chapter.
(iii) The licensee's or applicant's reviewing officials are the only individuals authorized to make unescorted access determination decisions. Each licensee or applicant must name one or more individuals to be reviewing officials pursuant to the requirements of § 37.23(b)(2) of this chapter.
(7) Review procedures. Review procedures must be established in accordance with § 37.23(f) of this chapter, to include provisions for the notification in writing of individuals who are denied unescorted access or who are unfavorably terminated.
(8) Protection of information. Licensees, applicants, contractors, or vendors must establish and maintain a system of files and procedures in accordance with § 37.31 of this chapter, to ensure personal information is not disclosed to unauthorized persons.
(9) Access authorization reviews and corrective action. Licensees and applicants must develop, implement, and maintain procedures for conduct of access authorization reviews and corrective actions in accordance with § 37.33 of this chapter to ensure the continuing effectiveness of the access authorization program and to ensure that the access authorization program and program elements are in compliance with the requirements of this section. Each licensee and applicant must be responsible for the continuing effectiveness of the access authorization program, including access authorization program elements that are provided by the contractors or vendors, and the access authorization programs of any of the contractors or vendors that are accepted by the licensee or applicant.
(10) Records. Licensees, applicants, and contractors or vendors must document the processes and procedures for maintaining records used or created to establish an individual's trustworthiness and reliability or to document access determinations. Licensees, applicants, and contractor or vendors must—
(i) Retain documentation regarding the trustworthiness and reliability of individual employees for 3 years from the date the individual no longer requires unescorted access;
(ii) Retain a copy of the current access authorization program procedures as a record for 3 years after the procedure is no longer needed. If any portion of the procedure is superseded, retain the superseded material for 3 years after the record is superseded; and
(iii) Retain the list of persons approved for unescorted access for 3 years after the list is superseded or replaced. Records maintained in any database(s) must be available for NRC review.