Nuclear Security Requirements and Guidance

What national and international agencies address nuclear security requirements and guidance?

U.S. NRC
The U.S. Nuclear Regulatory Commission (NRC) is responsible for providing the regulatory framework and requirements for domestic nuclear security and safeguards. Companies should reference the NRC’s guidance and engage NRC early in the process with any questions on domestic technology licensing and deployment.
NNSA
NNSA has expertise in the international frameworks , including IAEA guidance and foreign partner domestic nuclear security requirements, that are critical to understand and to integrate into new reactor designs to be best positioned for competitive export.
IAEA
The IAEA seeks to inform and advise States about the relevant international legal instruments, and encourages adherence to and implementation of them.” NNSA works with the IAEA and like-minded Member States to ensure that the international nuclear security framework for advanced reactors is consistent with U.S. requirements and standards, as appropriate to the host country’s threat environment, in order to support deployment of new U.S. reactors internationally.

What international guidance exists for nuclear security?

Nuclear security principles are addressed by the IAEA through the Nuclear Security Series (NSS)  guidance publications, which cover the issue in four levels of specificity, starting with security fundamentals, recommendations, implementing guides, and technical guidance. NNSA nuclear security experts have a long history of contribution and leadership in the development of IAEA publications. This experience allows NNSA to be a resource for U.S. companies and buyer countries to understand and adhere to the baseline guidance on nuclear security provided by the IAEA to ensure each State meets its national responsibilities. 

Learn More 

IAEA NSS Recommendations publication related to physical protection:

NSS No. 13 , Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Revision 5) provides guidance to Member States and their competent authorities on how to develop or enhance, implement, and maintain a physical protection regime for nuclear material and nuclear facilities, through the establishment or improvement of their capabilities to implement legislative and regulatory programs. The overall objectives of a Member State's physical protection regime should be:
  • To protect against unauthorized removal of nuclear material
  • To locate and recover missing nuclear material
  • To protect against sabotage
  • To mitigate or minimize effects of sabotage


IAEA NSS Implementing Guides related to nuclear security:

NSS No. 19 , Establishing the Nuclear Security Infrastructure for a Nuclear Power Programme is designed to assist Member States in understanding and addressing the key actions to establish an effective national nuclear security infrastructure for a nuclear power programme.
NSS No. 27-G , Physical Protection of Nuclear Material and Nuclear Facilities (Implementation of INFCIRC/225/Revision 5) is the main implementing guide on establishing, strengthening and sustaining States and their competent authorities’ national physical protection regimes and implementing the associated systems and measures, including operators’ physical protection systems.
NSS No. 35-G, Security During the Lifetime of a Nuclear Facility provides guidance on nuclear security measures for each stage in the lifetime of a nuclear facility, from planning through decommissioning for States, competent authorities and operators.


IAEA NSS Technical Guides related to nuclear security (note some of these are under active revision now):

NSS No. 4, Engineering Safety Aspects of the Protection of Nuclear Power Plants against Sabotage provides guidelines for evaluating the engineering safety aspects of the protection of nuclear power plants against sabotage.
NSS No. 16, Identification of Vital Areas at Nuclear Facilities presents a structured approach to identifying those areas that contain equipment, systems, and components to be protected against sabotage.
NSS No, 33-T, Computer Security of Instrumentation and Control Systems at Nuclear Facilities establishes guidance addressing the challenge of applying computer security measures to instrumentation and control (I&C) systems at nuclear facilities.

What domestic legal, regulatory and policy frameworks exist for nuclear security?

U.S. domestic nuclear facility security is regulated and guided by the  NRC  through 10 CFR Parts 73  and 74.

Learn More 

10 CFR Part 73  Physical Protection of Plant and Nuclear Materials provides requirements for administrative and engineered systems, which provide key security functions to protect against theft of nuclear material and sabotage of nuclear facilities.
10 CFR Part 74  Material Control and Accounting of Special Nuclear Material provides requirements related to material control and accounting at sites and during transfer of material.


The U.S. NRC also provides the advanced reactor community with guidance on considerations for the facility design process:

"Policy Statement on the Regulation of Advanced Reactors” (73 FR 60612; October 14, 2008) indicated that the design of advanced reactors should “include considerations for safety and security requirements together in the design process such that security issues (e.g., newly identified threats of terrorist attacks) can be effectively resolved through facility design and engineered security features, and formulation of mitigation measures, with reduced reliance on human actions.”
“Preliminary Draft Guidance Non-Light Water Reactor Security Design Considerations” also includes their “Draft Non-LWR Physical and Cyber Security Design Considerations – March 2017” guidance outlining physical and cyber security design considerations:
Physical Security
  • Intrusion detection
  • Intrusion assessment systems
  • Security communication systems
  • Security delay systems
  • Security response
  • Control measures protecting against land and waterborne vehicle bomb assaults
  • Access control portals
Cyber Security
  • Defense model architecture
  • Cyber Security defense-in-depth
  • Least functionality