The Model
Supply Chain Security Assessment Model
NATF Supply Chain Security Criteria
Energy Sector Supply Chain Risk Questionnaire (Unformatted, Formatted)
Resources
APPA’s Cyber Supply Chain Risk Management (external)
EEI Model Procurement Contract Language Addressing Cybersecurity Supply Chain Risk V2 (external)
NATF CIP-013-1 Implementation Guidance
NATF Guidance for CIP-010-3 Software Integrity
Understanding Third-Party Assessments
Presentations
Industry Organizations Aligned Approach for Supply Chain Cyber Security Webinar 02242020
The Energy Sector Supply Chain Risk Questionnaire Webinar 05192020
Large Entity Use Case Webinar 06022020
Large Entity Use Case Webinar - Exelon 09012020
NATF Criteria and Questionnaire Overview Use and Revision Process 10022020
Technical Assessment Methodology for Cyber Security - EPRI 10142020
Solution Provider Webinar - EPRI 10142020
Suppliers Responding to Requests for Cyber Security Information 12012020
Suppliers Responding to Requests for Cyber Security Information 01122021
Questionnaire and Criteria Revisions Overview 03192021
NERC Supply Chain Working Group (SCWG) Security Guidelines
- Cyber Security Risk Management Lifecycle
- Procurement Language
- Provenance
- Risk Considerations for Open Source Software
- Risks Related to Cloud Service Providers
- Secure Equipment Delivery
- Vendor Incident Response
- Vendor Risk Management Lifecycle
Asset to Vendor Network (A2V) Supplier & Product Assessment Database / Compliance Technology
IHS Markit KY3P – Know Your Third Party / Third Party Risk Management