10 C.F.R. § 73.100
(a) Introduction.
(1) Each licensee that is licensed to operate a commercial nuclear plant under part 53 of this chapter and elects to implement the requirements of this section must identify achievable target sets in accordance with paragraph (b)(5) of this section and develop, implement, and maintain a physical protection program under the following requirements:
(b) General performance objective and requirements.
(2) To satisfy the general performance objective of paragraph (b)(1) of this section, the physical protection program must protect against the design-basis threat of radiological sabotage as stated in § 73.1. Specifically, the licensee must—
(4) The physical protection program must be designed and implemented to achieve and maintain the reliability and availability of structures, systems, and components (SSCs) required for demonstrating compliance with the following performance requirements at all times:
(iv) Security response. The physical protection program must be designed to provide timely security response to interdict and neutralize adversary attacks up to and including the design-basis threat of radiological sabotage. The physical protection program must be designed to provide layers of security response, with each layer assuring that a single failure does not result in the loss of capability to neutralize the design-basis threat adversary. Structures, systems, and components relied on for delay functions must be designed to allow for timely security responses to adversary attacks with adequate defense in depth.
(A) The security response may rely on the use of onsite responders, law enforcement or other offsite armed responders, or a combination thereof, to fulfill the interdiction and neutralization functions required by paragraph (b)(4)(iv) of this section. A licensee relying entirely or partially on law enforcement or other offsite armed responders must—
(1) Maintain the capability to detect, assess, interdict, and neutralize threats as required by paragraphs (b)(4)(i), (b)(4)(ii), and (b)(4)(iv) of this section;
(2) Provide adequate delay to enable law enforcement or other offsite armed responders to fulfill the interdiction and neutralization functions for threats up to and including the design-basis threat of radiological sabotage;
(3) Provide necessary information about the facility and make available periodic training to law enforcement or other offsite armed responders who will fulfill the interdiction and neutralization functions for threats up to and including the design-basis threat of radiological sabotage;
(4) Fully describe in the safeguards contingency plan the role that law enforcement or other offsite armed responders will play in the licensee's protective strategy. The description must provide sufficient detail to enable the NRC to determine that the licensee's physical protection program provides reasonable assurance of adequate protection against threats up to and including the design-basis threat of radiological sabotage; and
(5) Identify criteria and measures to compensate for the degradation or absence of law enforcement or other offsite armed responders and propose suitable compensatory measures that meet the requirements of paragraph (h)(3) of this section to address this degradation.
(5) The licensee must identify and document complete and accurate target sets in accordance with the following:
(10) The licensee must establish, implement, and maintain an insider mitigation program and must describe the program in the physical security plan.
(ii) The insider mitigation program must integrate elements of—
(13)
(c) Security organization. The licensee must establish and maintain a security organization that is staffed, trained, qualified, and equipped to implement the physical protection program under the requirements of this section.
(3) The licensee must—
(f) Security reviews. The licensee must establish and implement security reviews to assess the effectiveness of the implementation of the physical protection program. Security reviews must be performed by individuals independent of those personnel responsible for program management and any individual who has direct responsibility for implementing the onsite physical protection program.
(g) Performance evaluation. Licensee performance evaluations must include methods appropriate and necessary to assess, test, and challenge the integration of the physical protection program's functions to protect against the design-basis threat, including measures to protect against cyberattack and engineered systems designed to protect against the design-basis threat standalone ground vehicle bomb attack.
(h) Maintenance, testing, and calibration and corrective actions.
(i) Suspension of security measures.
(1) The licensee may suspend implementation of affected requirements of this section in accordance with § 53.740(h) of this chapter under the following conditions:
(j) Records.