Nuclear Plant Cybersecurity Under 10 CFR 73.54: The Engineering Requirements

10 CFR 73.54

NRC cybersecurity rule â€” Critical Digital Asset protection with no external communication pathways

NRC 10 CFR 73.54 â€” the rule on protection of digital computer and communication systems and networks â€” requires nuclear power plant licensees to submit a Cyber Security Plan and implement it under NRC oversight. The rule's core requirement: Critical Digital Assets (CDAs) associated with safety, security, and emergency preparedness functions must be protected from cyber attack, and a defined set of defensive architecture measures must be in place. The separation architecture â€” requiring that safety systems have no communication pathway to non-safety networks â€” is not a recommendation. It is a regulatory requirement with no variance process. What the NRC's inspectors examine during periodic assessments is whether the defensive architecture has been maintained as CDAs change, vendors are updated, and systems are modified.

Full article content coming soon.

Compliance Engineering

The engineering behind this article is available as a service.

We have done this work — not advised on it, not reviewed documentation about it. If the problem in this article is your problem, the first call is with a senior engineer who has solved it.

Talk to an Engineer See Case Studies →

Nuclear Plant Cybersecurity Under 10 CFR 73.54: The Engineering Requirements

EU AI Act: What CTOs Actually Need to Do Before August 2026

DORA Is Live. Here's What 'Operational Resilience' Means for Your Codebase

FedRAMP Rev 5: What Changed and Why Most Current ATO Holders Are Already Non-Compliant

The engineering behind this article is available as a service.