Supply Chain Cyber Security Industry Coordination


The Industry Organizations Collaboration Effort

The NATF and other industry organizations are working together to provide a streamlined, effective, and efficient industry-accepted approach for entities to assess supplier cyber security practices. The model, if applied widely, will reduce the burden on suppliers so their efforts with purchasers can be prioritized and entities can be provided with more information effectively and efficiently. The industry organizations collaboration effort is focused on improving cyber security, and assisting registered entities with compliance to regulatory requirements.

Each of the industry organizations and many individual entities are working on solutions for various stages of the supply chain cyber security risk assessment lifecycle. These solutions are brought together in this effort to provide a cohesive approach. This approach may change over time as it matures but staying cohesive will be key to maintaining streamlined effective and efficient cyber security.

This website provides information on the approach (also referred to as the “model”), projects/activities that have been accomplished, and projects/activities in progress, upcoming presentations, links and contact information, and recent news. 

Upcoming Meetings and Activities

Expand all

Collapse all

Announcements (View All)

November 02, 2022

Annual Supply Chain Criteria and Questionnaire Revision Process Underway

The NATF is commencing the annual revision process for the “NATF Supply Chain Security Criteria” and the “Energy Sector Supply Chain Risk Questionnaire.” The revision process, the criteria, and the questionnaire are posted on the NATF’s public Supply Chain Cyber Security Industry Coordination site. The process is open to industry, suppliers, regulators, and other stakeholders.

Input on the criteria and questionnaire can be submitted to until close of business February 17 for consideration in the 2023 review cycle.

As the criteria and questionnaire are mechanisms to drive convergence on the information needed to conduct supplier risk assessments, it is important that the information you need to conduct risk analyses is included!

As a reminder: The criteria and questionnaire capture supplier information important to the electric sector for conducting risk assessments while keeping the amount of data received to a manageable level. The criteria are also verifiable. They are mapped to National Institute of Standards and Technology (NIST) frameworks; and while NIST does not have a third-party certification or assessment available, the criteria are also mapped to other security frameworks that are certified or assessed by a qualified third-party. Note that while there is not a single security framework that addresses all criteria, including NIST, most can be verified by obtaining a combination of certifications and/or assessments.

Read More

October 21, 2022

NATF Congratulates Tony Eddleman

The NATF congratulates Tony Eddleman, director of NERC reliability compliance at Nebraska Public Power District, for receiving the 2022 E-ISAC Electricity Security Service Award in honor of Michael J. Assante. Manny Cancel, sr. vice president and CEO of the E-ISAC, presented the award to Tony during this week’s GridSecCon event. Tony’s commitment to excellence, work ethic, and tireless efforts have benefited industry and NATF progress in supply chain risk management.

Read More