The Model

NATF Supplier Cyber Security Assessment Model Overview

Supplier Cyber Security Assessment Model

NATF Cyber Security Criteria for Suppliers

Energy Sector Supply Chain Risk Questionnaire (Unformatted, Formatted)



EEI Model Procurement Contract Language Addressing Cybersecurity Supply Chain Risk V2 (external)

NATF CIP-013-1 Implementation Guidance

NATF Guidance for CIP-010-3 Software Integrity

Understanding Third-Party Assessments


Industry Organizations Aligned Approach for Supply Chain Cyber Security Webinar 02242020

Securing Your Supply Chain – Designing and Implementing Supply Chain Security Programs – APPA 05082020

The Energy Sector Supply Chain Risk Questionnaire Webinar 05192020

Large Entity Use Case Webinar 06022020

Large Entity Use Case Webinar - Exelon 09012020

Supply Chain sites

Contributing Organizations

Related Government Activity

NERC Supply Chain Working Group (SCWG) Security Guidelines

  • Cyber Security Risk Management Lifecycle
  • Provenance
  • Risk Considerations for Open Source Software
  • Risks Related to Cloud Service Providers
  • Secure Equipment Delivery
  • Vendor Incident Response
  • Vendor Risk Management Lifecycle

NERC Supply Chain Risk Mitigation Program Initiatives Webpage

PwC: Are you inundated with vendor management questionnaires? SOC 2 reporting can help

Support Products and Services

Asset to Vendor Network (A2V) Supplier & Product Assessment Database / Compliance Technology

EPRI Technology Assessment Methodology (TAM) / Cyber Security Data Sheets (CSDS) for device and system supply chain risk assessment

UL Supplier Cyber Trust Level