This Model and complementary products provide a streamlined, effective, and efficient industry-accepted approach for entities to evaluate supplier cyber security practices, which, if applied widely, will enable suppliers to be less burdened and more responsive, provide entities with more and better information, and improve cyber security. This evaluation will provide critical information for entities to consider when conducting risk assessments for potential suppliers of products and services.
The Model describes methods for purchasing entities to gain assurance a supplier is adhering to key supply chain cyber security practices as set forth in the NATF Cyber Security Supply Chain Criteria for Suppliers (the NATF Criteria). The purchasing entity can consider any identified risks in its risk assessment and determine whether the risk is addressed.
The overall objectives of this work and industry’s alignment were to 1) streamline common approaches to evaluating a supplier’s cyber security practices, 2) provide for flexibility within the common approaches, 3) ensure the common approaches are scalable to include all suppliers and purchasing entities, and 4) while the focus is on good cyber security practices, if executed properly, the approaches may support requirements in the NERC supply chain related standards.

Click here to view the webinar recording.