Supply Chain Cyber Security Industry Coordination


The Industry Organizations Collaboration Effort

The NATF and other industry organizations are working together to provide a streamlined, effective, and efficient industry-accepted approach for entities to assess supplier cyber security practices. The model, if applied widely, will reduce the burden on suppliers so their efforts with purchasers can be prioritized and entities can be provided with more information effectively and efficiently. The industry organizations collaboration effort is focused on improving cyber security, and assisting registered entities with compliance to regulatory requirements.

Each of the industry organizations and many individual entities are working on solutions for various stages of the supply chain cyber security risk assessment lifecycle. These solutions are brought together in this effort to provide a cohesive approach. This approach may change over time as it matures but staying cohesive will be key to maintaining streamlined effective and efficient cyber security.

This website provides information on the approach (also referred to as the “model”), projects/activities that have been accomplished, and projects/activities in progress, upcoming presentations, links and contact information, and recent news. 

Upcoming Meetings and Activities

CISA October Series – CISA’s 4th Annual National Cybersecurity Summit


  • Wednesday, October 6: Assembly Required: The Pieces of the Vulnerability Management Ecosystem
  • Wednesday, October 13: Collaborating for the Collective Defense
  • Wednesday, October 20: Team Awesome: The Cyber Workforce
  • Wednesday, October 27: The Cyber/Physical Convergence
MRO Security Conference (October 6)

Register | Agenda

Featuring presentations from:

  • Cheri Caddy, Senior Advisor for Cybersecurity, US DOE, Left of Boom: Cyber Vulnerability Testing for Industrial Control Systems (CyTRICS)
  • Bob Kolasky, CISA Assistant Director, National Risk Management Center (NRMC), A Risk-Based Approach to National Security

Expand all

Collapse all

Announcements (View All)

October 01, 2021

NATF Posts Guidance for Entities Working with Solution Providers

The NATF has posted the “NATF Industry Collaboration: Using Solution Providers for Third-Party Risk Management” guide for industry use. The document clarifies the role of a solution provider and provides guidance for entities that are considering a solution provider’s services to assist with evaluations of suppliers’ cyber security practices. These services, such as gathering supplier information and providing analysis, can provide significant support for an entity’s ongoing supply cyber security risk management.

The Industry Organization Team suppliers and solution providers jointly developed the document. They have provided entities with items to consider based on insights from both perspectives and, through the development of this document, strengthened the relationships between the two industries.

Read More

October 01, 2021

Additional Supply Chain Resources Available!

Links to the following document and presentations have been posted to the Resources page.

Advancing Supply Chain Security in Oil and Gas (World Economic Forum)

The Industry Organizations Team (IO Team) is excited to share the World Economic Forum’s latest publication to which we contributed: “Advancing Supply Chain Security in Oil and Gas: An Industry Analysis.” It includes actionable guidance, methodologies, and examples to improve the oversight of third-party risks and improve cyber resilience across the oil and gas business environment. The World Economic Forum convened over 40 senior executives to help define a practical guide for cybersecurity leaders managing third-party cyber risks within oil and gas supply chains. IO Team companies Schneider Electric and PwC were actively involved in the development of this document, and the IO Team was directly involved through participation from Tony Eddleman and NATF staff. The IO Team was proud to be a part of this unique multi-stakeholder community that is shaping the future of cyber resilience across the oil and gas industry.  

Supply Chain Compliance Joint ERO and CCC Webinar

The presentation and streaming webinar from the August 27, 2021, "Joint CCC/ERO Enterprise Webinar on Supply Chain" have been posted on the NERC website: Presentation | Streaming Webinar

APPA Cyber Supply Chain Risk Management Webinar hosted by MRO Webinar Recording

The Midwest Reliability Organization's (MRO) Security Advisory Council is pleased to announce it hosted a webinar on “Strategies for Securing Your Supply Chain.” Supply chain compromises have made headlines and pose a risk to your organization. Do you know how to secure your supply chain? Are you looking for ideas for enhancing your approach to supply chain security? This presentation provided insights and an overview of the "Cyber Supply Chain Risk Management Practical Guide," which was produced as a collaboration among the American Public Power Association, the Large Public Power Council, and the Transmission Access Policy Study Group. Whether you are just getting started or are looking to identify areas for potential improvement, the manual should provide useful insights and program support for utilities. Learn about this useful manual and how it can improve security within your supply chain.

Read More