Supply Chain Cyber Security Industry Coordination
The Industry Organizations Collaboration Effort
The NATF and other industry organizations are working together to provide a streamlined, effective, and efficient industry-accepted approach for entities to assess supplier cyber security practices. The model, if applied widely, will reduce the burden on suppliers so their efforts with purchasers can be prioritized and entities can be provided with more information effectively and efficiently. The industry organizations collaboration effort is focused on improving cyber security, and assisting registered entities with compliance to regulatory requirements.
Each of the industry organizations and many individual entities are working on solutions for various stages of the supply chain cyber security risk assessment lifecycle. These solutions are brought together in this effort to provide a cohesive approach. This approach may change over time as it matures but staying cohesive will be key to maintaining streamlined effective and efficient cyber security.
This website provides information on the approach (also referred to as the “model”), projects/activities that have been accomplished, and projects/activities in progress, upcoming presentations, links and contact information, and recent news.
The Model
Supply Chain Security Assessment Model
NATF Supply Chain Security Criteria
Energy Sector Supply Chain Risk Questionnaire (Unformatted, Formatted)
Revision Process for the Energy Sector Supply Chain Risk Questionnaire and NATF Cyber Security Criteria for Suppliers
Upcoming Meetings and Activities
Expand all
Announcements (View All)
July 20, 2021
Supply Chain Security Assessment Model Adoption Survey Results Posted
The results of the Industry Organizations Metric Team’s survey to determine adoption of the model, criteria, and questionnaire have been posted to the supply chain industry coordination resources page under the "Resources/Documents" headings.
The posting consists of a spreadsheet containing responses and a PDF containing charts and graphs of the responses. The response was lower than anticipated; however, the respondents provided thoughtful comments that will help guide future activities to help align industry on what information is needed from suppliers to conduct a supply chain risk assessment.
June 09, 2021
NATF Supply Chain Model, Criteria, and Risk Questionnaire Version 2.0 Posted for Industry Use
The “Supply Chain Security Assessment Model,” “NATF Supply Chain Security Criteria,” and “Energy Sector Supply Chain Risk Questionnaire” version 2.0 documents have been posted for industry use on the Supply Chain Cyber Security Industry Coordination page of the NATF public website.
Supported by the Industry Organizations Team, the model and complementary products provide a streamlined, effective, and efficient industry-accepted approach for entities to evaluate supplier supply chain security practices.
The five-step model provides a solid foundation for identifying, assessing, and mitigating supply chain risks; provides for inclusion of suppliers and solution providers depending upon each entity’s needs; and provides for flexibility of each entity’s implementation.
The criteria includes mapping to existing security frameworks and is categorized into two areas: (1) supplier’s organizational information and (2) supplier’s level of adherence to supply chain security practices.
A formatted and unformatted version of the questionnaire is provided. The formatted version includes guidance based upon answers to a series of “qualifier” questions that identifies optional questions for utilities to consider in a risk assessment. The unformatted version is text-only for easy incorporation into various toolsets or existing company spreadsheets.