NATF

The Industry Organizations Collaboration Effort

The NATF and other industry organizations are working together to provide a streamlined, effective, and efficient industry-accepted approach for entities to assess supplier cyber security practices. The model, if applied widely, will reduce the burden on suppliers so their efforts with purchasers can be prioritized and entities can be provided with more information effectively and efficiently. The industry organizations collaboration effort is focused on improving cyber security, and assisting registered entities with compliance to regulatory requirements.

Each of the industry organizations and many individual entities are working on solutions for various stages of the supply chain cyber security risk assessment lifecycle. These solutions are brought together in this effort to provide a cohesive approach. This approach may change over time as it matures but staying cohesive will be key to maintaining streamlined effective and efficient cyber security.

This website provides information on the approach (also referred to as the “model”), projects/activities that have been accomplished, and projects/activities in progress, upcoming presentations, links and contact information, and recent news. 

Resources (View All)

NATF CIP-013 Implementation Guidance-Independent Assessments of Vendors (ERO Endorsed)

NATF CIP-013 Implementation Guidance-Supply Chain Risk Management Plans (ERO Endorsed)

NATF Industry Collaboration: Using Solution Providers for Third-Party Risk Management

Click "View All" above to access additional documents, presentations, supply-chain sites, and support products and services.

Supplier Sharing Calls

The intention of the Supplier Sharing Calls calls is to encourage conversation between suppliers and with the end-users of their products and services, provide a forum to share forefront security concerns and how to address them, and to discuss general security practices. These calls will be applicable to suppliers of all sizes and security maturity.

Upcoming Meetings and Activities

Expand all

Collapse all

Announcements  (View All)

March 18, 2025

NATF Supply Chain Risk Assessment Guidance is Published

Given the dynamic supplier landscape, how can entities ensure they are performing effective and consistent risk assessments of potential - and current - suppliers? Additionally, how can entities ensure the results of those assessments are properly documented and maintained? These are the core questions that the newly-published NATF Supply Chain Risk Assessment Guidance is designed to address.

Expanding on "Step 3: Conduct Risk Assessment" of the NATF Supply Chain Risk Assessment Model, this guidance provides various methodologies for performing supplier risk assessments, along with a discussion on the relative advantages and disadvantages of each. Various documentation techniques are also discussed along with suggested risk dispositions and definitions, along with a brief review on how supplier risk assessments fit into a larger Supply Chain Risk Management (SCRM) program.

This guidance, along with many other Supply Chain resources, may be found on NATF’s Supply Chain Industry Coordination website.

Read More

March 07, 2025

NATF Criteria and Questionnaire Revision Redlines Posted for Industry-Wide Comment through April 11, 2025

The NATF Criteria and Questionnaire Revision Team has reviewed suggested modifications to the NATF Supply Chain Security Criteria and the Energy Sector Supply Chain Risk Questionnaire. The proposed changes have been posted for industry-wide comment on the NATF Supply Chain Industry Coordination page. A summary of changes is available in the “Change Log” section of each document, and changes are indicated by red font.

Feedback on the proposed changes can be submitted to supplychain@natf.net through April 11th, 2025.

The Revision Team will review the comments received and make any final determinations. The updated documents will be posted following NATF approval.

Read More