March 05, 2021
The NATF Questionnaire and Criteria revision team has reviewed suggestions for modifications to the Questionnaire and Criteria, and adopted changes have been posted for industry-wide comments through April 2. Please submit your comments to firstname.lastname@example.org. The redlined spreadsheets are located here:
Please review the Questionnaire and Criteria for:
- changes in the Questionnaire (formatted version) and Criteria
- the questions and criteria in general for alignment to the information you collect from suppliers
- the mapping to the security frameworks
Changes are indicated by red text and a summary of changes is available on the “Confidentiality” tab of each document. The redlines for the Questionnaire are provided in the formatted version only. Conforming final changes will be made to the unformatted version.
A webinar will be provided on March 19 from 11:30 am - 12:30 pm eastern. This webinar is open to industry. Register here.
The review team will review comments in April and will provide a summary for their determinations. The final changes will be provided to the NATF board for approval in May, and upon approval the revised Questionnaire and Criteria will be posted.
Main points to note:
- The Questionnaire and Criteria have been reviewed by the E-ISAC and NERC for sufficiency in regards to the Solar Winds hack, and it was determined that no additional changes were needed.
- The Questionnaire and Criteria were both reviewed to determine if they would obtain sufficient information regarding countries of origin.
- In the Questionnaire, mapping was added to the new supplier criteria
- In the Criteria, three questions from the “Organizational Information” section were moved into the “Supplier Criteria” tab
- The changes to the Questionnaire are denoted in the formatted version for comments; final changes will be included in the unformatted after approval.