RG1.152 安全系统中数字计算机的准则 2006

TheU.S.NuclearRegulatoryCommission(NRC)issuesregulatoryguidestodescribeandmakeavailabletothepublicmethodsthattheNRCstaffconsidersacceptableforuseinimplementingspecificpartsoftheagency’sregulations,techniquesthatthestaffusesinevaluatingspecificproblemsorpostulatedaccidents,anddatathatthestaffneedinreviewingapplicationsforpermitsandlicenses.Regulatoryguidesarenotsubstitutesforregulations,andcompliancewiththemisnotrequired.MethodsandsolutionsthatdifferfromthosesetforthinregulatoryguideswillbedeemedacceptableiftheyprovideabasisforthefindingsrequiredfortheissuanceorcontinuanceofapermitorlicensebytheCommission.Thisguidewasissuedafterconsiderationofcommentsreceivedfromthepublic.TheNRCstaffencouragesandwelcomescommentsandsuggestionsinconnectionwithimprovementstopublishedregulatoryguides,aswellasitemsforinclusioninregulatoryguidesthatarecurrentlybeingdeveloped.TheNRCstaffwillreviseexistingguides,asappropriate,toaccommodatecommentsandtoreflectnewinformationorexperience.WrittencommentsmaybesubmittedtotheRulesandDirectivesBranch,OfficeofAdministration,U.S.NuclearRegulatoryCommission,Washington,DC20555-0001.Regulatoryguidesareissuedin10broaddivisions:1,PowerReactors;2,ResearchandTestReactors;3,FuelsandMaterialsFacilities;4,EnvironmentalandSiting;5,MaterialsandPlantProtection;6,Products;7,Transportation;8,OccupationalHealth;9,AntitrustandFinancialReview;and10,General.Requestsforsinglecopiesofdraftoractiveregulatoryguides(whichmaybereproduced)shouldbemadetotheU.S.NuclearRegulatoryCommission,Washington,DC20555,Attention:ReproductionandDistributionServicesSection,orbyfaxto(301)415-2289;orbyemailtoDistribution@nrc.gov.ElectroniccopiesofthisguideandotherrecentlyissuedguidesareavailablethroughtheNRC’spublicWebsiteundertheRegulatoryGuidesdocumentcollectionoftheNRC’sElectronicReadingRoomat’sAgencywideDocumentsAccessandManagementSystem(ADAMS)at(DraftwasissuedasDG-1130,datedDecember2004)CRITERIAFORUSEOFCOMPUTERSINSAFETYSYSTEMSOFNUCLEARPOWERPLANTSA.INTRODUCTIONGeneralDesignCriterion(GDC)21,“ProtectionSystemReliabilityandTestability,”ofAppendixA,“GeneralDesignCriteriaforNuclearPowerPlants,”toTitle10,Part50,“DomesticLicensingofProductionandUtilizationFacilities,”oftheCodeofFederalRegulations(10CFRPart50),requires,amongotherthings,thatprotectionsystems(orsafetysystems)mustbedesignedforhighfunctionalreliabilitycommensuratewiththesafetyfunctionstobeperformed.CriterionIII,“DesignControl,”ofAppendixB,“QualityAssuranceCriteriaforNuclearPowerPlantsandFuelReprocessingPlants,”to10CFRPart50,requires,amongotherthings,thatqualitystandardsmustbespecifiedanddesigncontrolmeasuresmustbeprovidedforverifyingorcheckingtheadequacyofdesign.ThisregulatoryguidedescribesamethodthatthestaffoftheU.S.NuclearRegulatoryCommission(NRC)deemsacceptableforcomplyingwiththeCommission’sregulationsforpromotinghighfunctionalreliability,designquality,andcyber-securityfortheuseofdigitalcomputersinsafetysystemsofnuclearpowerplants.Inthiscontext,theterm“computer”identifiesasystemthatincludescomputerhardware,software,firmware,andinterfaces.TheAdvisoryCommitteeonReactorSafeguardshasbeenconsultedconcerningthisguideandhasconcurredinthestatedregulatorypositions.RG1.152,Rev.2,Page2Thisregulatoryguidecontainsinformationcollectionsthatarecoveredbytherequirementsof10CFRPart50,whichtheOfficeofManagementandBudget(OMB)approvedunderOMBcontrolnumber3150-0011.TheNRCmayneitherconductnorsponsor,andapersonisnotrequiredtorespondto,aninformationcollectionrequestorrequirementunlesstherequestingdocumentdisplaysacurrentlyvalidOMBcontrolnumber.B.DISCUSSIONIEEEStd7-4.3.2-2003,“StandardCriteriaforDigitalComputersinSafetySystemsofNuclearPowerGeneratingStations,”waspreparedbyWorkingGroupSC6.4,“ApplicationofProgrammableDigitalComputerstoSafetySystems,”oftheInstituteofElectricalandElectronicsEngineers(IEEE)NuclearPowerEngineeringCommittee.ThisstandardevolvedfromIEEEStd7-4.3.2-1993andreflectsadvancesindigitaltechnology.ItalsorepresentsacontinuedeffortbyIEEEtosupportthespecification,design,andimplementationofcomputersinsafetysystemsofnuclearpowerplants.Inaddition,IEEEStd7-4.3.2-2003specifiescomputer-specificrequirementstosupplementthecriteriaandrequirementsofIEEEStd603-1998,“StandardCriteriaforSafetySystemsforNuclearPowerGeneratingStations.”Instrumentationandcontrol(I&C)systemdesignsthatusecomputersinsafetysystemsmakeextensiveuseofadvancedtechnology(i.e.,equipmentanddesignpractices).Thesedesignsareexpectedtobesignificantlyandfunctionallydifferentfromcurrentdesigns,andmayincludetheuseofmicroprocessors,digitalsystemsanddisplays,fiberoptics,multiplexing,anddifferentisolationtechniquestoachievesufficientindependenceandredundancy.Withtheintroductionofdigitalsystemsintoplantsafetysystemdesigns,concernshaveemergedregardingthepossibilitythatadesignerrorinthesoftwarein