Section 1: Objective
1. This regulation provides regulatory requirements for the physical protection of nuclear facilities and nuclear material, including during transport, against malicious acts.
Section 2: Scope
2. This regulation shall apply to general aspects of nuclear security of nuclear facility and nuclear material in use, storage and during transport.
3. This regulation prescribes the nuclear security requirements for the authorized person of a nuclear facility and nuclear material as stipulated in the Regulation on Licensing and Regulatory Oversight of Nuclear Facilities (NRRC-R-03) and the Regulation on Notification on and Authorization of Facilities and Activities with Radiation Sources (NRRC-R-02).
4. This regulation prescribes the nuclear security requirements for the licensee of a nuclear material in transport as stipulated in the Regulation on Safe Transport of Radioactive Materials (NRRC-R-15).
5. This regulation does not address nuclear security requirement for radioactive material that is prescribed in the Regulation on Security of Radioactive Materials (NRRC-R-17).
Section 3: Definitions
Access control
Means to ensure that access is authorized and restricted based on business and security requirements.
Adversary
Any individual performing or attempting to perform a malicious act, an adversary may be an insider, outsider, or collusion of both.
Assessment
The process of analyzing systematically and evaluating an information alert or an instrument alarm to determine whether a nuclear security event has occurred.
Carrier
Any person or organization engaged in the transport of nuclear material with responsibility for implementing and maintaining security measures in accordance with national requirements.
Central alarm station
An installation which provides for the complete and continuous alarm monitoring, assessment and communication with guards, facility management, and response forces.
Competent security agencies
A governmental organization or institution that has been designated by in the Kingdom to carry out one or more nuclear security functions.
Cybersecurity
Protection of networks, IT systems, operational technologies systems and their components of hardware and software, their services and the data they contain, from any penetration, disruption, modification, access, use or unauthorized exploitation. The concept of cybersecurity also includes information security and digital security.
Confidentiality
The prevention of the disclosure of sensitive information that could compromise physical protection.
Contingency plan
A predefined set of actions for response to unauthorized acts indicative of attempted unauthorized removal or sabotage, including threats thereof, designed to effectively counter such acts.
Control (of nuclear material)
shall mean activities, devices, systems, and procedures that ensure that the continuity of knowledge (e.g., location, quantitative measurements) about nuclear material is maintained.
Information and Cybersecurity plan
A plan for the implementation of the information protection and cybersecurity policy specifying organizational roles, responsibilities, and procedures.
Computer-based systems
The computation, communication, instrumentation and control devices that make up functional elements of a facility or activity, including desktop computers, mainframe systems, servers and network devices, as well as lower-level components such as embedded systems and programmable logic controllers.
Delay
The element of a physical protection system designed to increase adversary penetration time for entry and/or exit from the nuclear facility or transport.
Defense in depth
The combination of multiple layers of systems and measures that have to be overcome or circumvented before nuclear security is compromised.
Design basis threat
The attributes and characteristics of potential insider and/or external adversaries who might attempt unauthorized removal or sabotage against which a physical protection system is designed and evaluated.
Detection
A process in a physical protection system that begins with sensing potentially malicious or otherwise unauthorized activity and that is completed with the assessment of the cause of the alarm.
Effective intervention
An intervention that is timely and powerful enough to prevent a person or group of persons, including those equipped with weapons or explosive material, from committing an unauthorized removal or sabotage.
Graded approach
The application of nuclear security measures proportional to the potential consequences of a malicious act.
Guard
A person who is entrusted with responsibility for patrolling, monitoring, assessing, escorting individuals or transport, controlling access and/or providing an initial response.
Information security
The preservation of the confidentiality, integrity and availability of information.
Insider
One or more individuals with authorized access to nuclear facilities or nuclear material in transport who could attempt unauthorized removal or sabotage, or who could aid an external adversary to do so.
Malicious act
Any act or attempt of unauthorized removal or sabotage.
Nuclear security
The prevention and detection of and response to theft, sabotage, unauthorized access, illegal transfer, or other malicious acts involving nuclear material, other radioactive substances, or their associated facilities.
Nuclear security culture
The characteristics, attitudes and behaviors of individuals, organizations and institutions which serves as a means to support, enhance, and sustain nuclear security.
Nuclear security event
An event that has potential or actual implications for nuclear security that must be addressed.
Nuclear security measures
Measures intended to prevent a nuclear security threat from completing criminal or intentional unauthorized acts involving or directed at nuclear material, other radioactive material, associated facilities, or associated activities or to detect or respond to nuclear security events.
Off-site response force
The armed competent security agencies forces whose members are not located at a nuclear facility.
On-site nuclear response force
A team of personnel whose members are -
(a) Trained in the use of firearms, permitted to carry firearms in the Kingdom and qualified to use them, and
(b) Permanently located at a high-security site.
Performance testing
Testing of nuclear security measures and the physical protection system to determine whether or not they are implemented as designed; adequate for the proposed natural, industrial and threat environments; and in compliance with established performance requirements.
Physical barrier
A fence, wall or similar impediment which provides access delay and complements access control.
Physical protection measures
The personnel, procedures, and equipment that constitute a physical protection system.
Physical protection system
An integrated set of nuclear security measures intended to prevent the completion of a malicious act.
Quality assurance
A process that provides confidence that the physical protection requirements are satisfied on a continuing basis.
Response
All the activities by the Kingdom that involve assessing and responding to a nuclear security event.
Response forces
Persons, on-site or off-site, who are armed and appropriately equipped and trained to counter an attempted unauthorized removal or an act of sabotage.
Risk assessment
Overall process systematically identifying, estimating, analysing, and evaluating the risk
Sensitive information
The information in which, the unauthorized disclosure (or modification, alteration, destruction or denial of use) of which could compromise nuclear security or otherwise assist in the carrying out of a malicious act against a nuclear facility, organization or transport.
Sabotage
Any deliberate act directed against a nuclear facility or nuclear material in use, storage or transport which could directly or indirectly endanger the health and safety of personnel, the public or the environment by exposure to radiation or release of radioactive substances.
Security area
For the purpose of implementing defense in depth principle by assigning areas as the following:
I. Limited access area: designated area containing a nuclear facility and nuclear material to which access is limited and controlled for physical protection purposes and where the movement and stay is limited by the decision or decree by a national competent authority.
II. Protected area: area inside a limited access area containing Category I or II nuclear material and/or sabotage targets surrounded by a physical barrier with additional nuclear security measures.
III. Vital area: area inside a protected area containing equipment, systems or devices, or nuclear material, the sabotage of which could directly or indirectly lead to high radiological consequences.
IV. Inner area: an area with additional protection measures inside a protected area, where Category I nuclear material is used and/or stored.
Security plan
A document prepared by the licensee and required to be approved by NRRC that presents a detailed description of the security measures in place at a facility.
Stand-off attack
An attack, executed at a distance from the target nuclear facility or transport, which does not require adversary hands-on access to the target, or require the adversary to overcome the physical protection system.
Sustainability program
A program where the licensee defines activities to ensure sufficient nuclear security measures are maintained.
Target
Nuclear material, other radioactive material, associated facilities, associated activities, or other locations or objects of potential exploitation by a nuclear security threat, including major public events, strategic locations, sensitive information, and sensitive information assets.
Threat
A person or group of persons with motivation, intention, and capability to commit a malicious act.
Threat assessment
An evaluation of the threats based on available intelligence, law enforcement, and open-source information that describes the motivation, intentions, and capabilities of these threats.
Transport control center
A facility, which provides the continuous monitoring of a transport conveyance location and security status and for communication with the transport conveyance shipper, receiver, carrier and, when appropriate, its guards and the response forces.
Transport security plan
A document prepared by the licensee and required to be approved by NRRC that presents a detailed description of the security measures in the transport of nuclear material.
Two-person rule
A procedure that requires at least two authorized and knowledgeable persons to be present to verify that activities involving nuclear material and nuclear facilities are authorized in order to detect access or actions that are unauthorized.
Unauthorized removal
The theft or other unlawful taking of nuclear material.
Unirradiated nuclear material
Material not irradiated in a reactor or material irradiated in a reactor but with a radiation level equal to or less than 1 Gy/h (100 rad/h) at 1 m unshielded.