October 02, 2023

The annual revision process for the NATF Supply Chain Security Criteria and the Energy Sector Supply Chain Risk Questionnaire is underway. The revision process, the criteria, and the questionnaire are posted on the NATF’s public Supply Chain Cyber Security Industry Coordination site. The process is open to industry, suppliers, regulators, and other stakeholders to provide the opportunity for input.

These tools are useful for risk management and compliance efforts. Both the criteria and the questionnaire are incorporated into the ERO Enterprise-endorsed implementation guidance documents for CIP-013 (available on the NERC website and the NATF public website):

• NATF CIP-013 Implementation Guidance: Using Independent Assessments of Vendors
• NATF CIP-013 Implementation Guidance: Supply Chain Risk Management Plans

These documents support using the criteria and questionnaire in a risk-based manner, where the entity determines which criteria or questions apply for a procurement.

Input on the criteria and questionnaire can be submitted to supplychain@natf.net until close of business January 26 for consideration in the 2024 review cycle.