The Model

Supply Chain Security Assessment Model

NATF Supply Chain Security Criteria (V4.0)

Energy Sector Supply Chain Risk Questionnaire (V4.0)

Revision Process for the Energy Sector Supply Chain Risk Questionnaire and NATF Supply Chain Security Criteria

Supplier List - Suppliers with NATF Criteria and Questionnaire Responses Available

Resources

Documents

APPA’s Cyber Supply Chain Risk Management (external)

EEI Model Procurement Contract Language Addressing Cybersecurity Supply Chain Risk V3 (external)

NATF CIP-013 Implementation Guidance-Independent Assessments (ERO Endorsed)

NATF CIP-013 Implementation Guidance-Supply Chain Risk Management Plans (ERO Endorsed)

NATF Guidance for CIP-010-3 Software Integrity

NATF Supply Chain Risk Management Guidance

Understanding Third-Party Assessments

Summary Results-The Industry Organizations Metrics Team-Supply Chain Security Assessment Adoption 09Jul2021

Survey Results-The Industry Organizations Metrics Team-Supply Chain Security Assessment Adoption 09Jul2021

NATF Industry Collaboration: Using Solution Providers for Third-Party Risk Management

Advancing Supply Chain Security in Oil and Gas: An Industry Analysis (external)

Presentations

Industry Organizations Aligned Approach for Supply Chain Cyber Security Webinar 02242020

Securing Your Supply Chain – Designing and Implementing Supply Chain Security Programs – APPA 05082020

The Energy Sector Supply Chain Risk Questionnaire Webinar 05192020

Large Entity Use Case Webinar 06022020

Large Entity Use Case Webinar - Exelon 09012020

NATF Criteria and Questionnaire Overview Use and Revision Process 10022020

Technical Assessment Methodology for Cyber Security - EPRI 10142020

Solution Provider Webinar - EPRI 10142020

Identifying and Managing Potential Compromise of Network Interface Cards - NATF-RF-SERC Special Webinar 20201022

Suppliers Responding to Requests for Cyber Security Information 12012020

Suppliers Responding to Requests for Cyber Security Information 01122021

Questionnaire and Criteria Revisions Overview 03192021

Supply Chain Compliance Joint ERO and CCC Webinar 08072021 (Presentation | Streaming Webinar)

APPA Cyber Supply Chain Risk Management Webinar hosted by MRO 09222021

NATF Presentation – RF Tech Talk 03212022

NATF Resources Available to Industry for Optimizing Supply Chain Risk Management - SERC 07192022

Optimizing Supplier-Purchaser Interaction for Supply Chain Risk Management - GridSecCon 10182022 (Presentation | Streaming Webinar)

NATF Supply Chain Criteria and Questionnaire Update for UTC SRCC 01232023

NATF Special Webinar: ISA Product Certifications 09262023 (Streaming Webinar)

NATF Supplier Sharing Call: Artificial Intelligence 09272023 (Streaming Webinar)

Supplier Sharing Virtual Workshop 11062023

Supplier Sharing Virtual Workshop 11072023

Supply Chain sites

Contributing Organizations

Related Government Activity

NERC Supply Chain Working Group (SCWG) Security Guidelines

• Cyber Security Risk Management Lifecycle
• Procurement Language
• Provenance
• Risk Considerations for Open Source Software
• Risks Related to Cloud Service Providers
• Secure Equipment Delivery
• Vendor Incident Response
• Vendor Risk Management Lifecycle

NERC Supply Chain Risk Mitigation Program Initiatives Webpage

PwC: Are you inundated with vendor management questionnaires? SOC 2 reporting can help

Support Products and Services

Asset to Vendor Network (A2V) Supplier & Product Assessment Database / Compliance Technology

CyberGRX

EPRI Technology Assessment Methodology (TAM) / Cyber Security Data Sheets (CSDS) for device and system supply chain risk assessment

IHS Markit KY3P – Know Your Third Party / Third Party Risk Management

UL Supplier Cyber Trust Level