May 30, 2025

The 2025 annual revision process has been completed with NATF approval of the final documents on May 20, 2025. The NATF Supply Chain Security Criteria and Energy Sector Supply Chain Risk Questionnaire version 6.0 documents have been posted for industry use on the Supply Chain Industry Coordination page of the NATF public website. The Version History link on that site includes prior versions and redlines. In addition, the NATF Criteria and Questionnaire Revision Process (formerly known as the Revision Process for the Energy Sector Supply Chain Risk Questionnaire and NATF Supply Chain Security Criteria) has also been updated.

Revisions to the NATF Criteria and Questionnaire include updated mappings for NIST’s Cybersecurity Framework (CSF) 2.0, the addition of Artificial Intelligence to several items, and wording edits for enhanced clarity. The layout has been slightly updated to facilitate navigation and readability, with a new “Area of Focus” drop-down box added to the Questionnaire to conserve space and improve specificity when using the optional scoring feature. Updates to the Revision Process include the removal of an unused committee, clarifying participation requirements for revision team members, and dropping an unneeded consulting step before publication.

These updates were reviewed and accepted by the ERO Enterprise to ensure its continued endorsement of the two NATF CIP-013 Implementation Guidance documents: NATF CIP-013 Implementation Guidance: Using Independent Assessments of Vendors and NATF CIP-013 Implementation Guidance: Supply Chain Risk Management Plans.