Supply Chain Cyber Security Industry Coordination


The Industry Organizations Collaboration Effort

The NATF and other industry organizations are working together to provide a streamlined, effective, and efficient industry-accepted approach for entities to assess supplier cyber security practices. The model, if applied widely, will reduce the burden on suppliers so their efforts with purchasers can be prioritized and entities can be provided with more information effectively and efficiently. The industry organizations collaboration effort is focused on improving cyber security, and assisting registered entities with compliance to regulatory requirements.

Each of the industry organizations and many individual entities are working on solutions for various stages of the supply chain cyber security risk assessment lifecycle. These solutions are brought together in this effort to provide a cohesive approach. This approach may change over time as it matures but staying cohesive will be key to maintaining streamlined effective and efficient cyber security.

This website provides information on the approach (also referred to as the “model”), projects/activities that have been accomplished, and projects/activities in progress, upcoming presentations, links and contact information, and recent news. 

Upcoming Meetings and Activities

Supplier Sharing Workshop - Open to Suppliers and NATF Members (November 6&7)

Renowned speakers will provide an overview of national supply chain risk management strategies and tools to implement strategies. See agenda for details.

Expand all

Collapse all

Announcements (View All)

June 06, 2023

NATF Supply Chain Criteria and Risk Questionnaire Version 4.0 Posted for Industry Use

The NATF Supply Chain Security Criteria and Energy Sector Supply Chain Risk Questionnaire version 4.0 documents have been posted for industry use on the Supply Chain Cyber Security Industry Coordination page of the NATF public website. The “Version History” link includes all prior versions and redlines of the NATF criteria and risk questionnaire.

The updates were reviewed and accepted by the ERO Enterprise to ensure its continued endorsement of the two NATF CIP-013 Implementation Guidance documents: NATF CIP-013 Implementation Guidance: Independence Assessments of Vendors and NATF CIP-013 Implementation Guidance: Supply Chain Risk Management Plans.  

Revisions for the 2023 annual cycle include a new detailed change log for the NATF criteria and risk questionnaire. In particular, the security frameworks identified in the NATF criteria were revised and one new supplier criteria was added. The questionnaire is now available in one format merging the previous unformatted, formatted, and scorable options. Other minor changes include additional notes, references, and terminology updates to provide clarity. 

Read More

March 10, 2023

NATF Supply Chain Criteria and Questionnaire Revision Redlines Posted for Industry-Wide Comment through April 9

The NATF Criteria and Questionnaire Revision Team has reviewed suggested modifications to the “NATF Supply Chain Security Criteria” and the “Energy Sector Supply Chain Risk Questionnaire.” The proposed changes have been posted for industry-wide comment on the NATF Supply Chain Cyber Security Industry Coordination page. A summary of changes is available in the “Change Log” section of each document, and changes are indicated by red font.

Feedback on the proposed changes can be submitted to through April 9.

The revision team will review comments in April and May and make any final determinations. The updated documents will be posted following NATF board approval in June.

Read More