Completed Projects/Activities

Criteria for Supplier Evaluation

  • The NATF Criteria (Version 1)

Supplier Evaluation

  • The NATF Criteria Application Guide
  • The NATF Supplier Cyber Security Assessment Model
  • Supplier & Product Assessment Database / Compliance Technology (A2V)

Risk Assessment

  • Cyber Security Supply Chain Risk Management Implementation Guidance (from CIP-013 Drafting Team)
  • NATF Cyber Security Supply Chain Risk Management Guidance Whitepaper
  • NATF CIP-013 Implementation Guidance v2 (Reliance on 3rd-party assessments)
  • APPA/NRECA Managing Cyber Supply Chain Risk-Best Practices for Small Entities Whitepaper
  • NAGF Cyber Security Supply Chain Management White Paper
  • EPRI Supply Chain Risk Assessment Report
  • NERC Final Supply Chain Report

Purchase Method and Terms

  • EEI Model Procurement Contract Language Addressing Cybersecurity Supply Chain Risk
  • DOE Cybersecurity Risk Management Lifecycle (SCWG Whitepaper)

Monitor Risk

  • Vendor Cyber Security Risk Management Lifecycle (SCWG Whitepaper)

Technical Whitepapers

  • SCWG Security Guidelines/Whitepapers
  1. Open Source Software
  2. Secure Equipment Delivery
  3. Risks Related to Cloud Computing
  4. Vendor Cyber Security Risk Management Lifecycle
  5. Supply Chain Cyber Security Risk Management Lifecycle
  6. Vendor Identified Incident Response Measures
  7. Procurement Language
  8. Provenance