NUPIC February 2016 Conference
Cyber Security Lessons Learned
Jeff Kaar – PG&E
Final Answer: See attached MS Word files
1.“Cyber Security Requirements for Vendors” – 1p
2.“Cyber Security for CDA items or Projects NEI 08 09”- 6p
3.“Vendor Expectations from Cyber Security View”- 3p
4. PBSA checklist based on Reg. Guide 1.152 - 11p
5.“PGE Procedure CF2.ID2, para. 5.15, “Software
Configuration Management for Plant Operations and
Operations Support” – 20p
•NUREG CR-7117–section 2.12, Sys Lifecycle – 101p
•EPRI 1025824- “Cyber Security Procurement
Methodology” (9/12); section 3-Procurement; - 106p
1
NUPIC February 2016 Conference
Cyber Security Lessons Learned
Jeff Kaar – PG&E
Governing documents for Cyber Security:
• 10 CFR 73.54 – Protection of Digital Computer &
Communication System & Network (5/2009+180da)
• Reg Guide 5.71 (1/2010, 105 p) Cyber Security
Programs for Nuclear Facilities (#5 RG = Security)
• NEI 08-09 (4/2010, Rev 6, 90 p) - Cyber Security Plan
for Nuclear Power Reactors
• Cyber Security Plan Plant LAR submittal by 7/2010
• Reg Guide 1.152 (7/2011, r 3, 13 p) Criteria for Use of
Computers in Safety Systems of NPP (by 12/15)
2