In Progress or Future Projects/Activities

Criteria for Supplier Evaluation

  • NATF Criteria Governance (change management)
    • Lead Organization: NATF Supply Chain Cyber Security Steering Team
    • Estimated Completion: August 2020

Supplier Evaluation

  • Supplier Cyber Risk Assessment Questionnaire
    • Lead Organizations: ConEd Working Group and NATF
    • Estimated Completion: April 2020
  • Guidance for Entities on understanding third-party assessments:
    1. What to expect from various assessments
    2. What is included in reports
    3. Understanding the scope of a report
    4. How to know if the report is issued by a qualified third-party assessor
    5. Understanding Terms
    • Lead Organization: Third-party Assessors: Deloitte, Ernst & Young, PWC
    • Estimated Completion: April 2020
  • Supplier & Product Assessment Database / Compliance Technology    
    • Lead Organization: Asset to Vendor Network
    • Available now with over 300 CIP-013 vendor and product assessments. For a free trial, email asantos@fortressinfosec.com
    • Estimated Completion (Incorporating mapping to the NATF Criteria: May 2020
  • The NATF Criteria Application Guide (Update)
    • Lead Organization: NATF
    • Estimated Completion: August 2020
  • Support and Guidance – Webinars and Workshops
    • Lead Organization: NATF/TBD
    • Estimated Completion: April 2020 

Risk Assessment

  • Ways to Mitigate identified Supplier Supply Chain Cyber Security Risks
    • Lead Organization: NATF
    • Estimated Completion: June 2020
  • NATF Cyber Security Supply Chain Risk Management Guidance Whitepaper (Update)
    • Lead Organization: NATF with support from the SCWG
    • Estimated Completion: April 2020
  • NATF CIP-013 Implementation Guidance v2 (Reliance on 3rd-party assessments) (Update)
    • Lead Organization: NATF with support from the SCWG
    • Estimated Completion: April 2020

Purchase Method and Terms

  • EEI Model Procurement Contract Language addressing Cybersecurity Supply Chain Risk (Refine)
    • Lead Organization: EEI Supply Chain Working Group
    • Estimated Completion: TBD

Monitor Risk

Overarching

  • Assistance webinars for smaller entities
    • Lead Organization: APPA/LPPC/NRECA
    • Estimated Completion: TBD
  • Monitor/post governmental activities
    • Lead Organization: Exelon
    • Estimated Completion: TBD

Technical Whitepapers

NERC Compliance

  • Implementation Guidance
    • Lead Organization: NATF (with other qualified organizations) working with NERC CCC
    • Estimated Completion: TBD
  • Support and Guidance - Compliance Webinars and Workshops
    • An opportunity for industry to ahve open dialogue about their programs with ERO Enterprise
    • Lead Organization: NERC CCC
    • Estimated Copmletion: TBD
  • Compliance Templates/Take Away Materials
    • Lead Organization: NAGF with NERC CCC
    • Estimated Completion: TBD