Supply Chain Cyber Security Industry Coordination


The Industry Organizations Collaboration Effort

The NATF and other industry organizations are working together to provide a streamlined, effective, and efficient industry-accepted approach for entities to assess supplier cyber security practices. The model, if applied widely, will reduce the burden on suppliers so their efforts with purchasers can be prioritized and entities can be provided with more information effectively and efficiently. The industry organizations collaboration effort is focused on improving cyber security, and assisting registered entities with compliance to regulatory requirements.

Each of the industry organizations and many individual entities are working on solutions for various stages of the supply chain cyber security risk assessment lifecycle. These solutions are brought together in this effort to provide a cohesive approach. This approach may change over time as it matures but staying cohesive will be key to maintaining streamlined effective and efficient cyber security.

This website provides information on the approach (also referred to as the “model”), projects/activities that have been accomplished, and projects/activities in progress, upcoming presentations, links and contact information, and recent news. 

Upcoming Meetings and Activities

MRO SAC Webinar on the Supply Chain Effectiveness Survey Results (April 12)
  • April 12, 2022│10:00 a.m. to 11:30 a.m. Central
  • Registration is required; to register for this event, please click here.
  • Additional information below


Event Announcement

MRO SAC to Host Upcoming Webinar

Supply Chain Effectiveness Survey Results

April 12, 2022│10:00 a.m. to 11:30 a.m. Central

Event Details

MRO’s Security Advisory Council (SAC) is pleased to announce it is hosting a webinar on Supply Chain Effectiveness Survey Results. The NERC Supply Chain Working Group (SCWG) surveyed industry in 2021 on the effectiveness of the Supply Chain Risk Management requirements. Industry responded well to the survey and provided good feedback and comments. The SCWG reviewed the results of the survey and developed key take-aways and conclusions. The results of the survey will be discussed during this Webinar.


  • Jason Nations, Director of Enterprise Security, Oklahoma Gas and Electric Corp., MRO SAC Member
  • Tony Eddleman, Director of NERC Reliability Compliance, Nebraska Public Power District, MRO SAC Member


To register for this event, please click here. Registration closes on April 12, 2022.WebEx information will be provided to registrants upon approval.

For questions on this event please contact

Expand all

Collapse all

Announcements (View All)

June 06, 2022

NATF Supply Chain Criteria and Risk Questionnaire Version 3.0 Posted for Industry Use

The “NATF Supply Chain Security Criteria” and “Energy Sector Supply Chain Risk Questionnaire” version 3.0 documents and associated revision process have been posted for industry use on the Supply Chain Cyber Security Industry Coordination page of the NATF public website. A new “Version History” link has been added, which includes all prior versions and redlines of the NATF criteria and risk questionnaire.

The updates have been reviewed and accepted by the ERO Enterprise to ensure its continued endorsement of the two NATF CIP-013 Implementation Guidance documents: “NATF CIP-013 Implementation Guidance: Independence Assessments of Vendors” and “NATF CIP-013 Implementation Guidance: Supply Chain Risk Management Plans.” This provision has been added to the revision process so the NATF does not need to resubmit the NATF Implementation Guidance documents to the ERO Enterprise for re-endorsement after each revision cycle. Specifically, the ERO has the ability to review the proposed changes and notify the NATF if any of the proposed revisions would cause the ERO to revoke its endorsement. 

In addition to the updates to the revision process, revisions for the 2022 revision cycle include three new criteria, two new questions, and the removal of four questions that were determined to be duplicative. Other minor changes include additional notes and terminology updates to provide clarity.

Read More

March 14, 2022

NATF Criteria, Questionnaire, and Revision Process Revisions Posted for Industry-Wide Comment through April 13

The NATF Criteria and Questionnaire Revision Team has reviewed suggestions for modifications to the “NATF Supply Chain Security Criteria,” “Energy Sector Supply Chain Risk Questionnaire,” and associated revision process. The proposed changes have been posted for industry-wide comment through April 13 on the NATF Supply Chain Cyber Security Industry Coordination page. Input can be submitted to

Please review the criteria, questionnaire, and revision process for changes indicated by red text.

A summary of changes is available in the “Version History” notes section of each document. The redlines for the questionnaire are provided in the formatted version only; conforming final changes will be made to the unformatted version.

The revision team will review comments in April and May and provide a summary of its determinations. The updated documents will be posted following NATF board approval in June.

Read More