June 09, 2021

The “Supply Chain Security Assessment Model,” “NATF Supply Chain Security Criteria,” and “Energy Sector Supply Chain Risk Questionnaire” version 2.0 documents have been posted for industry use on the Supply Chain Cyber Security Industry Coordination page of the NATF public website.

Supported by the Industry Organizations Team, the model and complementary products provide a streamlined, effective, and efficient industry-accepted approach for entities to evaluate supplier supply chain security practices.

The five-step model provides a solid foundation for identifying, assessing, and mitigating supply chain risks; provides for inclusion of suppliers and solution providers depending upon each entity’s needs; and provides for flexibility of each entity’s implementation.

The criteria includes mapping to existing security frameworks and is categorized into two areas: (1) supplier’s organizational information and (2) supplier’s level of adherence to supply chain security practices.

A formatted and unformatted version of the questionnaire is provided. The formatted version includes guidance based upon answers to a series of “qualifier” questions that identifies optional questions for utilities to consider in a risk assessment. The unformatted version is text-only for easy incorporation into various toolsets or existing company spreadsheets.