Supply Chain Cyber Security Industry Coordination
The Industry Organizations Collaboration Effort
The NATF and other industry organizations are working together to provide a streamlined, effective, and efficient industry-accepted approach for entities to assess supplier cyber security practices. The model, if applied widely, will reduce the burden on suppliers so their efforts with purchasers can be prioritized and entities can be provided with more information effectively and efficiently. The industry organizations collaboration effort is focused on improving cyber security, and assisting registered entities with compliance to regulatory requirements.
Each of the industry organizations and many individual entities are working on solutions for various stages of the supply chain cyber security risk assessment lifecycle. These solutions are brought together in this effort to provide a cohesive approach. This approach may change over time as it matures but staying cohesive will be key to maintaining streamlined effective and efficient cyber security.
This website provides information on the approach (also referred to as the “model”), projects/activities that have been accomplished, and projects/activities in progress, upcoming presentations, links and contact information, and recent news.
The Model
NATF Supplier Cyber Security Assessment Model Overview
Supplier Cyber Security Assessment Model
NATF Cyber Security Criteria for Suppliers
Energy Sector Supply Chain Risk Questionnaire (Unformatted, Formatted)
Revision Process for the Energy Sector Supply Chain Risk Questionnaire and NATF Cyber Security Criteria for Suppliers
Upcoming Meetings and Activities
Expand all
Announcements (View All)
October 30, 2020
NATF is hosting an Industry Organizations webinar for suppliers!
This webinar will be provided twice, on December 1 and January 12, to help suppliers understand the requests they are receiving from entities and how they can be prepared to provide entities will responses. The webinar will cover the NATF Criteria and Questionnaire, as well as how suppliers can work directly with entities and with solution providers. Just as the IO Team is working to converge industry on what information is necessary to obtain from suppliers, the Team is also working with suppliers so they will have the information you need readily available. The invitation to attend this webinar is provided on the Industry Organizations webpage. Click HERE for the Supplier Communication Webinar Invitation.
Many entities and solution providers involved in the Industry Organizations collaboration effort have agreed to distribute the letter invitation to their suppliers. We are also asking that you, as you are able, distribute the letter invitation to your organization’s suppliers.
You are also welcome to attend these webinars. Registration is required to join this event. If you plan to attend and have not registered, please do so now.
Click HERE to register for the December 1, 2020 webinar
Click HERE to register for the January 12, 2021 webinar
September 23, 2020
NATF Posts Revision Process for Supply Chain Criteria and Questionnaire
The NATF has posted the "Revision Process for the Energy Sector Supply Chain Risk Questionnaire and NATF Cyber Security Criteria for Suppliers" for industry use.
The purpose of this process is to facilitate periodic reviews and modifications of the NATF “Energy Sector Supply Chain Risk Questionnaire” (Questionnaire) and the “NATF Cyber Security Criteria for Suppliers” (Criteria), which were developed for industry-wide use to drive consistency of information obtained from suppliers of bulk power system hardware, software, and services.
Consistent with the NATF’s open, collaborative, and consensus-based approach, modifications via this process will be made with consideration of input from across industry and will include adding, deleting, or modifying individual questions in the Questionnaire or individual criterion in the Criteria as well as adding, deleting, or modifying mappings to security frameworks (e.g., SOC2, ISO27001, etc.).
The process is available on the NATF Supply Chain Cyber Security Industry Coordination page.