March 18, 2025

NATF Supply Chain Risk Assessment Guidance is Published

Given the dynamic supplier landscape, how can entities ensure they are performing effective and consistent risk assessments of potential - and current - suppliers? Additionally, how can entities ensure the results of those assessments are properly documented and maintained? These are the core questions that the newly-published NATF Supply Chain Risk Assessment Guidance is designed to address.

Expanding on "Step 3: Conduct Risk Assessment" of the NATF Supply Chain Risk Assessment Model, this guidance provides various methodologies for performing supplier risk assessments, along with a discussion on the relative advantages and disadvantages of each. Various documentation techniques are also discussed along with suggested risk dispositions and definitions, along with a brief review on how supplier risk assessments fit into a larger Supply Chain Risk Management (SCRM) program.

This guidance, along with many other Supply Chain resources, may be found on NATF’s Supply Chain Industry Coordination website.

Read More

March 07, 2025

NATF Criteria and Questionnaire Revision Redlines Posted for Industry-Wide Comment through April 11, 2025

The NATF Criteria and Questionnaire Revision Team has reviewed suggested modifications to the NATF Supply Chain Security Criteria and the Energy Sector Supply Chain Risk Questionnaire. The proposed changes have been posted for industry-wide comment on the NATF Supply Chain Industry Coordination page. A summary of changes is available in the “Change Log” section of each document, and changes are indicated by red font.

Feedback on the proposed changes can be submitted to supplychain@natf.net through April 11^th, 2025.

The Revision Team will review the comments received and make any final determinations. The updated documents will be posted following NATF approval.

Read More

January 10, 2025

January 2025 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:

• NATF Welcomes New Member
• NERC-NATF-EPRI Annual Transmission Planning and Modeling Seminar
• NATF Criteria and Questionnaire Revision Process Underway
• Tom Galloway Participates on UTC Podcast

Read More

October 16, 2024

October 2024 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:

• NATF Welcomes New Member
• NATF Human Performance Certification
• NERC-NATF-EPRI Annual Transmission Planning and Modeling Workshop
• Annual Supply Chain Criteria and Questionnaire Revision Process Underway
• Recently Posted Redacted Operating Experience Report

Read More

October 07, 2024

Annual Supply Chain Criteria and Questionnaire Revision Process Underway

The annual revision process for the NATF Supply Chain Security Criteria and the Energy Sector Supply Chain Risk Questionnaire is underway. The revision process, the criteria, and the questionnaire are posted on the NATF’s public Supply Chain Industry Coordination website. The process is open to industry, suppliers, regulators, and other stakeholders to provide the opportunity for input.

Input on the criteria and questionnaire can be submitted to supplychain@natf.net until close of business January 31, 2025, for consideration in the 2025 review cycle.

These tools are useful for risk management and compliance efforts. Both the criteria and the questionnaire are incorporated into the ERO Enterprise-endorsed implementation guidance documents for CIP-013 (available on the NERC website and the NATF public website):

• NATF CIP-013 Implementation Guidance: Using Independent Assessments of Vendors
• NATF CIP-013 Implementation Guidance: Supply Chain Risk Management Plans

These documents support using the criteria and questionnaire in a risk-based manner, where the entity determines which criteria or questions apply for a procurement.

As the criteria and questionnaire are mechanisms to drive convergence on the information needed to conduct supplier risk assessments, it is important that the information you need to conduct risk analyses is included!

As a reminder: The criteria and questionnaire capture supplier information important to the energy sector for conducting risk assessments while keeping the amount of data received to a manageable level. The criteria are also verifiable. They are mapped to National Institute of Standards and Technology (NIST) frameworks; and while NIST does not have a third-party certification or assessment available, the criteria are also mapped to other security frameworks that are certified or assessed by a qualified third-party. Note that while there is not a single security framework that addresses all criteria, including NIST, most can be verified by obtaining a combination of certifications and/or assessments. 

Read More

May 28, 2024

NATF Supply Chain Criteria and Risk Questionnaire Version 5.0 Posted for Industry Use

The 2024 annual revision process has been completed with NATF approval of the final documents on May 21, 2024. The NATF Supply Chain Security Criteria and Energy Sector Supply Chain Risk Questionnaire version 5.0 documents have been posted for industry use on the Supply Chain Industry Coordination page of the NATF public website. The “Version History” link includes all prior versions and redlines of the NATF criteria and questionnaire.

The updates were reviewed and accepted by the ERO Enterprise to ensure its continued endorsement of the two NATF CIP-013 Implementation Guidance documents: NATF CIP-013 Implementation Guidance: Using Independent Assessments of Vendors and NATF CIP-013 Implementation Guidance: Supply Chain Risk Management Plans.

Revisions for the 2024 annual cycle include a comprehensive refresh of all framework mappings, as well as the addition of CIP-005-7 and CIP-010-4 mappings. An optional scoring mechanism was added to the NATF criteria to align with this existing feature of the questionnaire.  Additionally, the questionnaire has been mapped to the same industry frameworks included in the criteria. Other changes include revised question wording for clarity, additional guidance text, and the merging of similar questions to improve efficiency.

Read More

March 21, 2024

NATF Announces the Supplier List

It can be challenging to request supply chain security information from potential suppliers and have to wait for responses! The NATF announces a new resource for locating suppliers that can provide security information upon request – the NATF Supplier List. This list also provides the contact information for each supplier and the certifications the suppliers can provide.

If you are a supplier, this is an opportunity to reach potential customers! Contact the NATF at supplychain@natf.net to be included on the list!

The NATF Supplier List can be located at  Supply Chain Industry Coordination under "The Model".

Read More

March 08, 2024

NATF Supply Chain Criteria and Questionnaire Revision Redlines Posted for Industry-Wide Comment through April 7

The NATF Criteria and Questionnaire Revision Team has reviewed suggested modifications to the “NATF Supply Chain Security Criteria” and the “Energy Sector Supply Chain Risk Questionnaire.” The proposed changes have been posted for industry-wide comment on the  NATF Supply Chain Cyber Security Industry Coordination page. A summary of changes is available in the “Change Log” section of each document, and changes are indicated by red font.

Feedback on the proposed changes can be submitted to supplychain@natf.net through April 7.

The revision team will review comments in April and make any final determinations. The updated documents will be posted following NATF approval.

Read More

January 30, 2024

January 2024 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:

• NATF Welcomes Missouri River Energy Services and ATCO Electric
• Annual NERC-NATF-EPRI Transmission Planning and Modeling Seminar
• NERC-NATF-EPRI Extreme Weather Transmission Planning and Modeling Seminar
• NATF Supplier Outreach and Coordination
• Supply Chain Resources: Revision Process and Mapping Project
  • Revision Process Underway
  • Coming Soon: Mapping of NATF Criteria and Questionnaire to Established Security Frameworks

Read More

October 05, 2023

October 2023 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:

• NATF CEO Participates in Physical Security Technical Committee
• NERC-NATF-EPRI Annual Transmission Planning and Modeling Workshop
• NATF Supplier Outreach and Coordination
  • ISA Product Certifications and Artificial Intelligence Webinars
  • November Supplier Sharing Seminar
• Supply Chain Resources: Guidance Updated, Revision Process Underway

Read More

October 02, 2023

NATF Supply Chain Risk Management Guidance Updated

The recently posted NATF Supply Chain Risk Management Guidance document provides a high-level overview of key supply chain risk management elements, practices, and resources that are available for entities as they consider implementing, developing, or maturing their own comprehensive supply chain risk management programs. Prominently featured are the NATF's supply chain resources, although resources from other industry participants, such as APPA and EEI, are also included and discussed.

This document revises and replaces the NATF Cyber Security Supply Chain Risk Management Guidance document, created in 2018 in response to the NERC Board of Trustees’ request that the NATF and NAGF “develop white papers to address best and leading practices in supply chain management, including procurement, specifications, vendor requirements and existing equipment management, that are shared across the membership of each Forum, and to the extent permissible under any applicable confidentiality requirements, distribute such white papers to industry.”

The revised document references updated supply chain resources created by the NATF and industry since the publication of the 2018 document, such as the Supply Chain Security Assessment Model, NATF Supply Chain Security Criteria, Energy Sector Supply Chain Risk Questionnaire, and NATF-developed implementation guidance endorsed by the ERO Enterprise. The document may be found on NATF’s public Supply Chain Cyber Security Industry Coordination site.

Read More

October 02, 2023

Annual Supply Chain Criteria and Questionnaire Revision Process Underway

The annual revision process for the NATF Supply Chain Security Criteria and the Energy Sector Supply Chain Risk Questionnaire is underway. The revision process, the criteria, and the questionnaire are posted on the NATF’s public Supply Chain Cyber Security Industry Coordination site. The process is open to industry, suppliers, regulators, and other stakeholders to provide the opportunity for input.

These tools are useful for risk management and compliance efforts. Both the criteria and the questionnaire are incorporated into the ERO Enterprise-endorsed implementation guidance documents for CIP-013 (available on the NERC website and the NATF public website):

• NATF CIP-013 Implementation Guidance: Using Independent Assessments of Vendors
• NATF CIP-013 Implementation Guidance: Supply Chain Risk Management Plans

These documents support using the criteria and questionnaire in a risk-based manner, where the entity determines which criteria or questions apply for a procurement.

Input on the criteria and questionnaire can be submitted to supplychain@natf.net until close of business January 26 for consideration in the 2024 review cycle.

Read More

July 06, 2023

July 2023 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:

• New Video Highlights NATF RESTORE Program (Equipment Sharing) Benefits
• NATF-EPRI-NERC Transmission Resilience Summit
• NATF Supply Chain Criteria and Risk Questionnaire Updated for Industry

• Redacted Operating Experience Reports

Read More

June 14, 2023

NATF-EPRI-NERC 2023 Transmission Resilience Summit

Meeting materials from the NATF-EPRI-NERC 2023 Transmission Resilience Summit held May 17 in Tempe, Arizona, are now posted.

The theme for the summit was climate resilience, with topics focused on lessons learned from past extreme weather events, planning and preparing for future events, emerging technologies, and examples of how resilience is a team sport.

Thank you to Salt River Project for hosting the event.

 

Read More

June 06, 2023

NATF Supply Chain Criteria and Risk Questionnaire Version 4.0 Posted for Industry Use

The NATF Supply Chain Security Criteria and Energy Sector Supply Chain Risk Questionnaire version 4.0 documents have been posted for industry use on the Supply Chain Cyber Security Industry Coordination page of the NATF public website. The “Version History” link includes all prior versions and redlines of the NATF criteria and risk questionnaire.

The updates were reviewed and accepted by the ERO Enterprise to ensure its continued endorsement of the two NATF CIP-013 Implementation Guidance documents: NATF CIP-013 Implementation Guidance: Independence Assessments of Vendors and NATF CIP-013 Implementation Guidance: Supply Chain Risk Management Plans.  

Revisions for the 2023 annual cycle include a new detailed change log for the NATF criteria and risk questionnaire. In particular, the security frameworks identified in the NATF criteria were revised and one new supplier criteria was added. The questionnaire is now available in one format merging the previous unformatted, formatted, and scorable options. Other minor changes include additional notes, references, and terminology updates to provide clarity. 

Read More

April 19, 2023

New Video Highlights NATF RESTORE Program (Equipment Sharing) Benefits

See our new video highlighting the benefits of the NATF RESTORE Program (at the bottom of our Programs page).

RESTORE, or Regional Equipment Sharing for Transmission Outage Restoration, is designed to enhance grid resilience and reliability by identifying sources and facilitating replacement of equipment following disastrous events. This optional, self-funded program is available to any transmission-owning NATF member.

Read More

April 06, 2023

April 2023 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:

• NATF-EPRI-NERC Transmission Resilience Summit
• Supply Chain Criteria and Questionnaire Revisions
• Supplier Sharing Calls
• Redacted Operating Experience Reports

Read More

March 10, 2023

NATF Supply Chain Criteria and Questionnaire Revision Redlines Posted for Industry-Wide Comment through April 9

The NATF Criteria and Questionnaire Revision Team has reviewed suggested modifications to the “NATF Supply Chain Security Criteria” and the “Energy Sector Supply Chain Risk Questionnaire.” The proposed changes have been posted for industry-wide comment on the NATF Supply Chain Cyber Security Industry Coordination page. A summary of changes is available in the “Change Log” section of each document, and changes are indicated by red font.

Feedback on the proposed changes can be submitted to supplychain@natf.net through April 9.

The revision team will review comments in April and May and make any final determinations. The updated documents will be posted following NATF board approval in June.

Read More

February 22, 2023

Registration Open for Upcoming NATF Supplier Sharing Calls

NATF supplier sharing calls are facilitated by suppliers and are typically held exclusively for the supplier community. The next two calls will bring suppliers together with potential customers from the NATF membership for constructive interchange. Supplier-only calls will resume in July.

The discussions will be led by representatives of the hosting suppliers: SEL, Siemens Energy, Hitachi Energy, Schneider Electric. In addition, the calls are supported by representatives from the International Society of Automation (ISA), the National Electrical Manufacturers Association (NEMA), and the US Chamber of Commerce.

Register today! All calls are from 1:00 p.m. – 2:30 p.m. eastern.

Wednesday, March 22, 2023 1:00 PM  Eastern (US & Canada)  |  1 hr 30 mins
Open to suppliers and NATF member companies

• Discussion on the information customers need, what constitutes “good” responses to questions, and the challenges for suppliers.
• Software bills of materials (SBOM) are becoming a hot topic in the industry. How are entities using, or would envision using, them?

Read More