Nuclear Regulatory Commission, Regulatory Guide 1.152, Rev. 3, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants (July 2011) (full-text).
In addition to endorsing provisions of IEEE Standard 7-4.3.2-2003 as being applicable to compliance with cited regulations, Regulatory Guide 1.152, Revision 3 contains regulatory criteria on the establishment of a Secure Development and Operational Environment for digital safety systems.
The establishment of a Secure Development and Operational Environment (SDOE) refers to: (1) appropriate physical, logical and programmatic controls during the safety system development phases (i.e., concepts, requirements, design, implementation, testing) to detect and prevent the inclusion of unwanted, unneeded and undocumented functionality and (2) appropriate physical, logical and administrative controls within a facility to ensure that the integrity, reliability, and functionality of digital safety systems are not degraded by undesirable behavior of connected systems or events initiated by inadvertent access to the system. These SDOE actions may include adoption of protective design features into the digital safety system design to preclude non-malicious inadvertent access to the system and/or protection against undesirable behavior from connected systems when operational. Note that while these SDOE features may also serve a cyber security function, cyber security is evaluated under the provisions of 10 C.F.R. 73.54.