The Industry Organizations Collaboration Effort
The NATF and other industry organizations are working together to provide a streamlined, effective, and efficient industry-accepted approach for entities to assess supplier cyber security practices. The model, if applied widely, will reduce the burden on suppliers so their efforts with purchasers can be prioritized and entities can be provided with more information effectively and efficiently. The industry organizations collaboration effort is focused on improving cyber security, and assisting registered entities with compliance to regulatory requirements.
Each of the industry organizations and many individual entities are working on solutions for various stages of the supply chain cyber security risk assessment lifecycle. These solutions are brought together in this effort to provide a cohesive approach. This approach may change over time as it matures but staying cohesive will be key to maintaining streamlined effective and efficient cyber security.
This website provides information on the approach (also referred to as the “model”), projects/activities that have been accomplished, and projects/activities in progress, upcoming presentations, links and contact information, and recent news.
The Model (Version History)
NATF Supply Chain Security Assessment Model
NATF Supply Chain Criteria and Questionnaire Quickstart Guide
NATF Supply Chain Security Criteria (v6.0)
Energy Sector Supply Chain Risk Questionnaire (v6.0)
NATF Criteria and Questionnaire Revision Process
Supplier List - Suppliers with NATF Criteria and Questionnaire Responses Available
Resources (View All)
NATF CIP-013 Implementation Guidance-Independent Assessments of Vendors (ERO Endorsed)
NATF CIP-013 Implementation Guidance-Supply Chain Risk Management Plans (ERO Endorsed)
NATF Industry Collaboration: Using Solution Providers for Third-Party Risk Management
Click "View All" above to access additional documents, presentations, supply-chain sites, and support products and services.
Supplier Sharing Calls
The intention of the Supplier Sharing Calls calls is to encourage conversation between suppliers and with the end-users of their products and services, provide a forum to share forefront security concerns and how to address them, and to discuss general security practices. These calls will be applicable to suppliers of all sizes and security maturity.
Upcoming Meetings and Activities
Expand all
Announcements (View All)
January 20, 2026
Registration Open for Joint Supply Chain Practice Group/Supplier Sharing Call on February 2
North American bulk electric system entities and suppliers are encouraged to register for NATF's upcoming Joint Supply Chain Practice Group/Supplier Sharing calls. These calls are jointly facilitated by NATF members, NATF staff, and suppliers to discuss a range of supply chain topics relevant to industry. Additional calls will be held in May and October 2026.
The intent of these calls is to encourage conversation between suppliers and entities, provide a forum for suppliers to share forefront security concerns, and discuss general supply chain best practices. These calls are applicable to suppliers and entities of all sizes or security maturity and are not recorded in order to facilitate candid conversation.
For February’s call, we’ll look forward to hearing from NEMA regarding their Make It American program and grid reliability report, as well as a discussion on FEOC regulation and sourcing requirements.
- Date: February 2nd, 2026
- Time: 2:00pm - 3:00pm eastern
- Location: Online Webinar
- Registration deadline: January 29, 2026
Advance registration is required: NATF February Supplier Sharing Call - Registration
If you have any questions, please contact supplychain@natf.net
January 13, 2026
NATF Supply Chain Criteria and Questionnaire Quickstart Guide Released
Since their creation over five years ago, the NATF Supply Chain Security Criteria and Energy Sector Supply Chain Risk Questionnaire have provided industry with ready-made tools that entities can use to evaluate their supplier’s security posture. These tools help entities conduct more thorough supplier risk assessments and assist entities in meeting their CIP-013 compliance obligations.
However, entities and suppliers that are not yet familiar with the criteria and questionnaire may be unsure how to start using these powerful tools. Therefore, the NATF Supply Chain Criteria and Questionnaire Quickstart Guide (Quickstart Guide) has been created to provide simple, step-by-step instruction in a brief and accessible format. The Quickstart Guide provides instructions for entities working to obtain information from suppliers, and for suppliers working to respond to requests for information from entities.
The Quickstart Guide has been posted on the NATF’s public Supply Chain Industry Coordination website alongside the existing criteria and questionnaire tools.