The Industry Organizations Collaboration Effort

The NATF and other industry organizations are working together to provide a streamlined, effective, and efficient industry-accepted approach for entities to assess supplier cyber security practices. The model, if applied widely, will reduce the burden on suppliers so their efforts with purchasers can be prioritized and entities can be provided with more information effectively and efficiently. The industry organizations collaboration effort is focused on improving cyber security, and assisting registered entities with compliance to regulatory requirements.

Each of the industry organizations and many individual entities are working on solutions for various stages of the supply chain cyber security risk assessment lifecycle. These solutions are brought together in this effort to provide a cohesive approach. This approach may change over time as it matures but staying cohesive will be key to maintaining streamlined effective and efficient cyber security.

This website provides information on the approach (also referred to as the “model”), projects/activities that have been accomplished, and projects/activities in progress, upcoming presentations, links and contact information, and recent news. 

Supplier Sharing Calls

The intention of the Supplier Sharing Calls calls is to encourage conversation between suppliers and with the end-users of their products and services, provide a forum to share forefront security concerns and how to address them, and to discuss general security practices. These calls will be applicable to suppliers of all sizes and security maturity.

Upcoming Meetings and Activities

Supplier Sharing Call - Open to Suppliers and NATF Members (June 19)

Expand all

Collapse all

Announcements  (View All)

May 28, 2024

NATF Supply Chain Criteria and Risk Questionnaire Version 5.0 Posted for Industry Use

The 2024 annual revision process has been completed with NATF approval of the final documents on May 21, 2024. The NATF Supply Chain Security Criteria and Energy Sector Supply Chain Risk Questionnaire version 5.0 documents have been posted for industry use on the Supply Chain Industry Coordination page of the NATF public website. The “Version History” link includes all prior versions and redlines of the NATF criteria and questionnaire.

The updates were reviewed and accepted by the ERO Enterprise to ensure its continued endorsement of the two NATF CIP-013 Implementation Guidance documents: NATF CIP-013 Implementation Guidance: Using Independent Assessments of Vendors and NATF CIP-013 Implementation Guidance: Supply Chain Risk Management Plans.

Revisions for the 2024 annual cycle include a comprehensive refresh of all framework mappings, as well as the addition of CIP-005-7 and CIP-010-4 mappings. An optional scoring mechanism was added to the NATF criteria to align with this existing feature of the questionnaire.  Additionally, the questionnaire has been mapped to the same industry frameworks included in the criteria. Other changes include revised question wording for clarity, additional guidance text, and the merging of similar questions to improve efficiency.

Read More

March 21, 2024

NATF Announces the Supplier List

It can be challenging to request supply chain security information from potential suppliers and have to wait for responses! The NATF announces a new resource for locating suppliers that can provide security information upon request – the NATF Supplier List. This list also provides the contact information for each supplier and the certifications the suppliers can provide.

If you are a supplier, this is an opportunity to reach potential customers! Contact the NATF at supplychain@natf.net to be included on the list!

The NATF Supplier List can be located at  Supply Chain Industry Coordination under "The Model".

Read More