May 18, 2020

The NATF has posted the "Energy Sector Supply Chain Risk Questionnaire" for industry use. 

This questionnaire, developed by a group of more than 20 U.S. energy companies, is designed to provide utilities with a set of supplier- and equipment-focused questions to obtain better information on a supplier’s security posture. The questionnaire works in conjunction with the "NATF Criteria," and together these complementary tools can help our industry drive convergence on information that is needed from suppliers.

The questionnaire denotes where questions directly align or will provide key supporting information regarding a supplier’s adherence to each of the NATF Criteria, and the information obtained through other questions will provide additional insight. Further, in light of the May 1 Executive Order, both the questionnaire and the NATF Criteria gather information regarding a supplier’s sourcing, activities, and staffing in other countries.

Two versions of the questionnaire are available on the Supply Chain Cyber Security Industry Coordination page of the NATF public website. The first includes a series of macros to provide a self-contained tool that can be used by utilities and suppliers. The second version provides a text-only version for easy incorporation into various toolsets or existing company spreadsheets.