In Progress or Future Projects/Activities

Criteria for Supplier Evaluation

  • NATF Criteria Governance (change management)
    • Lead Organization: NATF Supply Chain Cyber Security Steering Team
    • Estimated Completion: March 2020
  • The NATF Criteria (refine)
    • Lead Organization: NATF
    • Estimated Completion: February 2020

Supplier Evaluation

  • Supplier Cyber Risk Assessment Questionnaire
    • Lead Organizations: ConEd Working Group and NATF
    • Estimated Completion: February 2020
  • Guidance for Entities on understanding third-party assessment scope (Statement of Applicability) and level of assurance
    • Lead Organization: Third-party Assessors: Ernst & Young, PWC
    • Estimated Completion: February 2020
  • Guidance for Entities on understanding types of evidence for each of the NATF Criteria, and how an entity would obtain assurance for an element of a criterion that was not covered by the third-party’s assessment
    • Lead Organization: Third-party Assessors: Ernst & Young, PWC
    • Estimated Completion: March 2020
  • External Databases for Supplier Data    
    • Lead Organization: EPRI and A2V
    • Estimated Completion: March 2020 (Beta Version)
  • The NATF Criteria Application Guide (Update)
    • Lead Organization: NATF
    • Estimated Completion: February 2020

Risk Assessment

  • Ways to Mitigate identified Supplier Supply Chain Cyber Security Risks
    • Lead Organization: NATF
    • Estimated Completion: June 2020
  • NATF Cyber Security Supply Chain Risk Management Guidance Whitepaper (Update)
    • Lead Organization: NATF with support from the SCWG
    • Estimated Completion: March 2020
  • NATF CIP-013 Implementation Guidance v2 (Reliance on 3rd-party assessments) (Update)
    • Lead Organization: NATF with support from the SCWG
    • Estimated Completion: March 2020

Purchase Method and Terms

  • EEI Model Procurement Contract Language addressing Cybersecurity Supply Chain Risk (Refine)
    • Lead Organization: EEI Supply Chain Working Group
    • Estimated Completion: TBD

Monitor Risk

Overarching

  • Assistance webinars for smaller entities
    • Lead Organization: APPA/LPPC/NRECA
    • Estimated Completion: TBD
  • Monitor/post governmental activities
    • Lead Organization: Exelon
    • Estimated Completion: TBD

Technical Whitepapers

NERC Compliance

  • Key Reliability Standard Spot Check (KRSSC)
    • Lead Organization: NERC CCC
    • Estimated Completion: TBD
  • Implementation Guidance
    • Lead Organization: NERC CCC with support from NATF
    • Estimated Completion: TBD