The NATF Criteria and Questionnaire

Update:
Mappings to Certifications
May 29, 2024

Open Distribution for Supply Chain Materials

Copyright © 2024 North American Transmission Forum (“NATF”). All rights reserved. The NATF makes no and hereby disclaims all representations or warranties, either express or implied, relating to the
content, including as to the accuracy or completeness of the information. No liability is assumed by the NATF for any damages arising directly or indirectly from the content or by the use or application
thereof. Use of the content constitutes agreement to defend, indemnify, and hold the NATF harmless from and against all claims arising from such use.
NATF Members Guidelines for this Call
• This is an open call
• Participants on this call are not employees of NATF member
companies
• Do not share confidential information
• Avoid conduct that unreasonably restrains competition
• Adhere to your organization’s standards of conduct
• Do not share intellectual property unless authorized

Open Distribution for Supply Chain Materials 2

Guidelines for this Call
• This call is being recorded
• The recording and slides for the call will be available on the NATF
public website at: Supplier Sharing Calls (natf.net)

NATF does not endorse specific solution providers and provides the
webinar content for entity awareness of available resources.

Open Distribution for Supply Chain Materials 3

Please Participate
• Raise your hand
• We will unmute you
• Make sure you are identified in the participant list
• Put a question or comment in the chat
• Put a question or comment in the Q&A

If you put a question or comment in the chat or Q&A but want to remain anonymous,
please open with your request

4
Open Distribution for Supply Chain Materials
Agenda and Today’s Presenters
Opening remarks –
Thomas Galloway, President and CEO, NATF
NATF Supply Chain Criteria and Questionnaire Updates
David James Earley, Program Manager Cybersecurity & Supply Chain, NATF
Obtaining Assurance with Certifications –
Andre Ristaino, Managing Director, Global Consortia and Conformity
Assessment Programs, International Society of Automation (ISA)

5
Open Distribution for Supply Chain Materials
 Opening Remarks
Tom Galloway,
NATF President and CEO

Tom Galloway
NATF President and CEO

Open Distribution for Supply Chain Materials 6

Background
• Membership Organization
• Formed after 2003 blackout
• Prevent recurrence, pursue excellence
• Robust information sharing
• Superior practices (beyond compliance)
• Confidential venues to increase candor
• Mission: Promote excellence in the safe, reliable, secure, and resilient
operation of the electric transmission system.
• Headquarters – Charlotte, NC

Open Distribution for Supply Chain Materials 7

NATF Members
101 members
98 affiliates

Member Types
IOUs
Federal/Provincial
Cooperatives
State/Municipal
ISOs/RTOs

Coverage (US/Canada)
~85% miles 100 kV+
~90% net peak demand

Open Distribution for Supply Chain Materials 8

NATF Supply Chain Activities
• NATF supply chain activities were initiated at the NERC BOT’s
request in August 2017
• NATF Board approved the NATF working industry-wide
(beyond membership)
• NATF activities streamline supply chain risk management
• Relying upon the work of others
• Qualified, third-party certifications offer entities (asset owners)
assurance of the accuracy of information provided by suppliers

Open Distribution for Supply Chain Materials 9

Today’s Webinar
• Updates to the NATF criteria and questionnaire
• Criteria provide key areas to measure a supplier’s security practices
• Questionnaire provides additional questions for more in-depth
coverage
• Leveraging certifications for assurance

Open Distribution for Supply Chain Materials 10

 NATF Supply Chain
Criteria and Questionnaire
Updates
David James Earley, NATF

11
Open Distribution for Supply Chain Materials
Objectives of NATF Supply Chain Initiatives
Security
Identify and address security risks introduced via supply chain

Industry Convergence
Achieve industry and supplier convergence on an approach (NATF Model) to
facilitate assessment of suppliers’ security posture

Efficiency and Effectiveness

Convergence on manageable amount of information to achieve reasonable
assurance of suppliers’ security practices

Compliance
Implementation guidance to meet supply chain related CIP standards

Open Distribution for Supply Chain Materials 12

NATF Supply Chain Security Assessment Model

Collect Information

Evaluate information/address risks

Conduct risk assessment

Make purchase decision

Implement controls and monitor risks

Open Distribution for Supply Chain Materials 13

Collect Information:
The NATF Criteria and Questionnaire
• Were developed in collaboration with industry
• Identify a manageable set of key information needed from suppliers
for SCRM
• Are endorsed by the regulator (NERC and the Regions)
• Offer an annual revision process to help drive convergence
• Are mapped to security frameworks and certifications to support
assurance
• Are offered at no charge for industry use

Open Distribution for Supply Chain Materials 14

NATF Supply Chain Security Criteria

64 criteria for supplier security practices within 6 risk areas

• Access control and management
• Asset, change and configuration management
• Governance
• Incident response
• Information protection
• Vulnerability management

24 organizational information considerations

Open Distribution for Supply Chain Materials 15

NATF Supply Chain Security Criteria
• Changes to Criteria for v5 (approved 5/21/2024):
• Complete refresh of all framework mappings
• Revised frameworks:
• CIP-013-2, NIST 800r5, NIST 800-161r1, NIST 800-171r2, ISO
27001:2022
• Addition of brand-new CIP-005-7 and CIP-010-4 mappings
• Complete set of NERC CIP Supply Chain Standards now listed
• New optional scoring mechanism
• Identical to entity-driven approach used in Questionnaire

Open Distribution for Supply Chain Materials 16

NATF Supply Chain Security Criteria
Provides a basis for measuring a supplier’s security posture/practices (i.e., a “best practices” list)

Developed by NATF-led team of industry SMEs

Updated with input from industry, suppliers, Maps criteria to multiple
third-party assessors, ERO, and FERC security frameworks

Open Distribution for Supply Chain Materials 17

Energy Sector Supply Chain Risk Questionnaire
219 questions in 13 categories Questions for 3 areas
• Company Overview • Supplier Corporate Systems
• Supply Chain & External Dependencies Management • Supplier Product
• Workforce Management • Product Development Systems
• Identity & Access Management
• Cybersecurity Program Management
• Change & Configuration Management
• Cybersecurity Tools & Architecture
• Data Protection
• Event & Incident Response
• Mobile Devices & Application
• Risk Management
• Vulnerability Management
• Additional Comments

Open Distribution for Supply Chain Materials 18

Energy Sector Supply Chain Risk Questionnaire
• Changes to Questionnaire for v5 (approved 5/21/2024):
• Merged similar questions
• COMP-04/COMP-08 and IAM-26/IAM-27
• Added/reworded guidance text for additional clarity
• All-new framework mappings
• First-ever mapping of Questionnaire
• Identical to frameworks used in Criteria for parity

Open Distribution for Supply Chain Materials 19

Energy Sector Supply Chain Risk Questionnaire

Includes a scoring
mechanism

Identifies the main criteria

the question supports

Provides a consistent set of questions that

support the NATF Criteria and help obtain
granular information on a supplier’s security
risk performance

Open Distribution for Supply Chain Materials 20

Energy Sector Supply Chain Risk Questionnaire
All-new framework mappings

Open Distribution for Supply Chain Materials 21

Revision Process for Criteria and Questionnaire
• Provides an annual cycle for industry to
modify the Criteria and Questionnaire
• Based on industry-wide input
• Includes review to maintain ERO endorsement of
the NATF CIP-013 Implementation Guidance
documents

Receive Post Post modified

Consider
industry modifications Criteria and
comments
comments for comment Questionnaire

Prior versions are also

posted for tracking ease

Open Distribution for Supply Chain Materials 22

ERO Endorsed Implementation Guidance:
Supply Chain Risk Management Plans
• Describes how to use the NATF Supply Chain
Security Assessment Model to develop supply
chain cyber security risk management plans
• Focus is on security
• Incorporates by reference the NATF model,
criteria, questionnaire, and associated revision
process
• Provides assurance of alignment between
security and compliance
• Addresses the six risk areas identified in CIP-013,
Requirement R1, Part 1.2
Open Distribution for Supply Chain Materials 23
ERO Endorsed Implementation Guidance:
Using Independent Assessments of Vendors
• Describes how to leverage the work of others
• CIP-013 R1: How to incorporate reliance on
independent assessments into supply chain risk
management plans
• CIP-013 R2: How to document use of
independent assessments when implementing
supply chain risk management plan
• Incorporates by reference the NATF model,
criteria, questionnaire, and associated revision
process

Open Distribution for Supply Chain Materials 24

Where to find
NATF supply chain
resources

https://www.natf.net/industry-
initiatives/supply-chain-industry-
coordination

Open Distribution for Supply Chain Materials 25

Obtaining Assurance
with Certifications
Andre Ristaino, ISA

26
Open Distribution for Supply Chain Materials
International Society of Automation

Automation and Control Systems Certifications

For COTS Products, Service Providers and, Operating Sites
Based on ISA/IEC 62443

www.isasecure.org

29 May 2024

Elevating OT cybersecurity from an art, to a science, to an engineering discipline.

Andre Ristaino
ISA Managing Director, Conformance Programs and Consortia
[email protected] PH: +1 919-323-7660

• Mr. Ristaino directs ISA’s consortiums and alliances, including, ISA Security Compliance Institute, ISA
Wireless Compliance Institute, ISAGCA, ICS4ICS; 150 combined companies with over $1.25 trillion of
turnover.

• Prior to ISA, Mr. Ristaino held positions at NEMA, Renaissance Worldwide and, Deloitte’s Advanced
Manufacturing Technology Group where he was a recognized leader in system lifecycle
methodologies.

• Mr. Ristaino earned a BS in Business Management from the University of Maryland, College Park
and an MS in Applied Computing from the American University in Washington DC with a focus on
expert systems and artificial intelligence.
[email protected]
 ISA Automation Cybersecurity Leadership
ISASecure - ISA/IEC 62443 cybersecurity certification of COTS products, supplier
development processes and automation at asset owner operating sites. Established 2007.
45+ companies www.isasecure.org

ISAGCA - Bridge the gap between ISA/IEC 62443 standards and market adoption. Lead
cybersecurity culture transformation.
60+ companies https://isagca.org

ICS4ICS – Incident Command System for Industrial Control Systems (ICS4ICS) credentials
incident leaders & trains teams for responding to cyber attacks on automation in critical
infrastructure. Collaborates with FEMA and CISA; stood up under ISAGCA. 1,400
volunteers; over 850 companies www.ics4ics.org

ISA99 Committee – The ISA99 Standards committee is the origin of the ISA/IEC 62443
Standards. ISA99 Working groups draft and approve the ISA/IEC 62443 standards for
ISA99 submission to ANSI and IEC for approval as international standards.
Committee Over 1,500 volunteers www.isa.org/ISA99

ISA Education & Training – Education and training in all industrial automation and control
ISA systems topics, including cybersecurity.
Education Over 4,000 students in 2023. https://www.isa.org/training
ISA Conformity Assessment Program
International Society of
Automation (ISA)
501c3
Established 1949

ISA Conformity
Assessment Subsidiary
501c6
Established 2005

ISAGCA WCI ISCI

ISA Global ISA100 Wireless ISA Security
Cybersecurity Alliance Compliance Institute Compliance Institute

ISCI
ISA Security
Compliance Institute
2024 ISA Conformity Assessment Board

Chairman
ISA Past President
(Marty Bince) Prabhu Soundarrajan 2025

Vice Chairman Secretary

ISA VP Standards & ISA CEO / Executive
Practices Director
(David Lee) (Claire Fallon)

At Large – ISA Treasurer At Large – Designated Senior

legal counsel Compliance Expert ISA Staff Director
(Hugh Webster) (Ardis Bartle) (Michael Hamm) (Michela Cobb)

All board positions are voting.

ISA ASCI Managing Director is non-voting. (Andre Ristaino)
ISA Security Compliance Institute Governing Board
Chairman
Brandon Price
ExxonMobil

Vice-chairman Marketing Chairman Technical Chair

Kenny Mesker Sean Haynes John Jilek
Chevron SecurityGate Johnson Controls, Inc.

Governing Board Companies

Chevron ExxonMobil Carrier Global

Honeywell Johnson Controls, Inc. Saudi Aramco
Yokogawa Schneider Electric Trane Technologies
GSK
ISA99 Committee Liaison
ISASecure Supporter Members
YPF
ISO 17065 Conformance Scheme
 ISASecure® Accreditation Bodies and Certification Bodies
ISASecure ISO 17011 AB Geographic Coverage
ANSI/ANAB North America/Global
DAkkS Germany/EU
Japan Accreditation Board Japan
RvA Dutch Accreditation Council Netherlands
Singapore Accreditation Council Singapore
Standards Council of Canada Canada
Taiwan Accreditation Foundation Taiwan
A2LA USA/Global
National Accreditation Board for
India
Certification Bodies (NABCB)
(Must be IAF Signatories for global MLA)
ISASecure CB
ISO 17065/ISO 17025 Coverage
CSSC Japan
Exida USA / Global
TUV Rheinland Germany / Global
FM Approvals USA / Global
TUV SUD Singapore / Global
BYHON Italy / Global
Bureau Veritas Taiwan / Global
Underwriters Labs (UL) USA / Global
TrustCB Netherlands / Global
DNV India / Global
Ikerlan Spain / Global
Kaizen Labs India
AC&E Italy/Global
 ISASecure Global Product Certification Firsts
• 2010 - First global cybersecurity certification scheme for COTS automation and control
systems (OT/CPS). Certifying off the shelf products since 2010.

• Meets ANAB FM 5116 “Suitability of Schemes” requirements, and IAF MD25 and EA-1/22
for EU suitability of schemes.

• 2010 - First OT COTS certification scheme requiring ISO 17065 accredited certification
bodies, independently accredited by ISO 17011 Accreditation Bodies.

• 2011-First OT certification scheme to certify a safety system for nuclear sites (RTP Corp.).

• 2018–Only OT certification scheme to require ISA/IEC 62443-4-1 maturity level 3 to pass.

• 2022-First and only ISA/IEC 62443 OT certification scheme for IIoT devices and gateway.

• 2023-First and only OT certification scheme to implement market surveillance for

product supplier incident response performance.

• 2023-Policies for certifying product families and for certifying OEM/relabeled products.
 ISA/IEC 62443 Automation Security Lifecycle and
Shared Stakeholder Responsibility for Cybersecurity
Asset Owner – Leverage Standards:
• Part 1-1 – Concepts and models Asset Owners
•
•
Part 2-1 – Security program requirements
Part 2-2 – Security protection rating
Operate and Maintain
•
•
Part 2-3 – Patch management
Part 3-2 – Risk assessment and system design
Site Specific Systems
Maintenance Service Provider – Leverage Standards:
• Part 1-1 – Concepts and models
• Part 2-4 – Service providers
Integration Service Provider - Leverage Standards:
• Part 1-1 – Concepts and models
Integrators/Asset Owners
• Part 2-4 – Service providers Engineer and Integrate COTS
•
•
Part 3-2 – Risk assessment and system design
Part 3-3 – System requirements and security levels
into Site Specific Systems
Product Supplier - Leverage Standards:
• Part 1-1 – Concepts and models Product Suppliers
•
•
Part 3-3 – System requirements and security levels
Part 4-1 – Security development lifecycle
Design and Manufacture
• Part 4-2 – Component requirements COTS Control Systems

Currently Available Certifications Future Availability

 ISASecure Certifications Currently Available

Certification Description Certification Mark Availability Date

IIOT Component Security Assurance (ICSA)
ISA/IEC 62443-4-1 and ISA/IEC 62443-4-2
plus 16 extensions Since Dec 2022
Component Security Assurance (CSA)
ISA/IEC 62443 4-1 and ISA/IEC 62443 4-2
Since Aug 2019
System Security Assurance (SSA)
ISA/IEC 62443 3-3 and ISA/IEC 62443 4-2
ISA/IEC 62443-4-1 Since Oct 2018
Security Development Lifecycle Assurance
"An ISASecure Certified
(SDLA) ISA/IEC 62443 4-1
Development Organization"
Since July 2014
 ISASecure Certification Expansion Roadmap

Certification Description Certification Mark Availability Date

IIOT System Security Assurance (ISSA)
ISA/IEC 62443 4-1 and ISA/IEC 62443 3-3 TBD

Automation and Control system Security "ISASecure IEC 62443

Assurance (ACSSA) Conformant Operating Site"
ISA/IEC 62443 2-1, 2-4, 3-2, 3-3 1H 2025

Phase I Study - IIOT Component Certification Based on the ISA/IEC 62443 Standards
https://gca.isa.org/iiot-component-certification-based-on-62443

Phase II Study - IIOT System Implementation and Certification Based on ISA/IEC 62443 Standards
(includes cloud provider)- https://isasecure.org/learning-center
 Development Process versus Product Certifications

Certification Type Recertification Criteria Measure

Organization’s Development Process
ISA/IEC 62443-4-1
Time Driven / Periodic Process Maturity Level
Addresses the supplier’s SDL, design, testing, Every 3 Years ML-1,ML-2, ML-3, ML-4
incident response, patch/release, supply chain

Component and System Products Event Driven

ISA/IEC 62443 4-2 and ISA/IEC 62443-3-3 Security Capability
Level
Addresses the specific product characteristics Product Upgrades as defined int
such as security capabilities/security level, free the 62443 standard SL-1, SL-2, SL-3, SL-4
of known vulnerabilities, robust against network (typically major version releases)
attacks
 ISA/IEC 62443 Component and System Security Levels

• ISCI is now recommending that suppliers certify to level 2 or higher. ISCI SL-1 certifications still
ensures that the supplier’s SDLA is at maturity level 3 or higher.
• OPAF (Open Process Automation Forum) standardized on level 2 or higher for their OPA Specification.
 ISA/IEC 62443-4-1 (development process)
Security Development Lifecycle Assurance (SDLA)
1) Define scope of evaluation (companywide, division, product line, geographic location, other)

2) Organization must have a formal, defined SDL (System Development Lifecycle) methodology

3) Products in the certified organization must be under configuration control

4) Product supplier’s SDL must include all of the requirements in the eight practice areas
defined in the ISA/IEC 62443 standard. (this is what the auditor evaluates)

5) Recertification is time-driven (process) every 36 months after initial certification.

6) ISASecure requires maturity level 3 or better to pass. While the standard provides
‘informative’ definitions for 4 levels of process maturity, it is improper to publish them on a
certificate. So, while we do not publish the maturity level on the certificate, all ISASecure
certifications conform to the level 3 definition or better.
 Eight Practice Areas in ISA/IEC 62443-4-1 (SDLA)
One through Four

Practice 1 Security Management (SM) The purpose of the security management practice is to ensure
that the security-related activities are adequately planned, documented and executed throughout the product’s
lifecycle

Practice 2 Specification of Security Requirements (SR) The processes specified by this practice are
used to document the security capabilities that are required for a product along with the expected product
security context

Practice 3 Secure by Design (SD) The processes specified by this practice are used to ensure that the
product is secure by design including defense in depth

Practice 4 Secure Implementation (SI) The processes specified by this practice are used to ensure that
the product features are implemented securely
 Eight Practice Areas in ISA/IEC 62443-4-1 (SDLA)
Five through Eight

Practice 5 Security Verification and Validation Testing (SVV) The processes specified by this practice
are used to document the security testing required to ensure that all of the security requirements have been
met for the product and that the security of the product is maintained when it is used in its product security
context

Practice 6 Security Defect Management (DM) The processes specified by this practice are used for
handling security-related issues of a product that has been configured to employ its defense in depth strategy
(Practice 3) within the product security context (Practice 2)

Practice 7 Security Update Management (SUM) The processes specified by this practice are used to
ensure security updates associated with the product are tested for regressions and made available to product
users in a timely manner

Practice 8 Security Guidelines (SG) The processes specified by this practice are used to provide
documentation that describes how to integrate, configure, and maintain the defense in depth strategy of the
product in accordance with its product security context
ISA/IEC 62443-4-1 Inventory Requirements
The ISA/IEC 62443-4-1 standard includes a number of supplier requirements for
maintaining an ‘inventory’ of items comprising the component/system. SBOM’s are
one approach for meeting the inventory requirements for software. Inventory
requirements include:

• Software components
• Hardware components
• Compilers
• Configuration control
• Development and test applications (SUM-1, others)
• Third party and open-source components (SM-9, SM-10, others)
An ISASecure specification with these requirements can be downloaded for free using the following link:
• ISASecure ISA/IEC 62443-4-1 assessment matrix
 ISA/IEC 62443-4-2 Component Security Assurance (CSA)
1) Product must be under configuration control and managed within the
organization’s certified SDL methodology.

2) Product development artifacts are audited to confirm that the product is properly
using the organization’s SDL certified to 62443-4-1. This includes audits of testing.

3) Products are VIT (vulnerability identification test) tested with Tenable Nessus
Scanner to confirm no known vulnerabilities exist.

4) Product is evaluated to confirm that it conforms to all of the security capabilities

defined in the 4-2 standard for the target security level (1-4)

5) Recertification is event driven by any product version release that is considered to

be an ‘upgrade’ as defined by the 4-2 standard.

6) ISASecure recommends security level 2 or better but will certify to any level
requested by the supplier.
ISA/IEC 62443-4-2 IIoT Component Security Assurance (ICSA)
1) Same requirements and rules as the CSA certification with the following
adaptations to account for IIoT characteristics.
a) Four requirements from ISA/IEC 62443-4-2 are dropped and sixteen new
requirements are added for things like secure boot, no zones and conduits, etc.

b) Allows only two security capability levels beginning with SL-3+ and then SL-4.
SL-1 and SL-2 are insufficient for IIOT devices and gateways.

2) Recertification is event driven by any product version release that is considered to

be an ‘upgrade’ as defined by the 4-2 standard.
 ISA/IEC 62443-3-3 System Security Assurance (SSA)
1) Product must be under configuration control and managed within the
organization’s certified SDL methodology.

2) Product development artifacts are audited to confirm that the product is properly
using the organization’s SDL certified to 62443-4-1. This includes audits of testing.

3) Products are VIT (vulnerability identification test) tested with Tenable Nessus
Scanner to confirm no known vulnerabilities exist.

4) Product is evaluated to confirm that it conforms to all of the security capabilities

defined in the 62443-3-3 standard for the target security level (1-4)

5) Recertification is event driven by any product version release that is considered to

be an ‘upgrade’ as defined by the 62443-3-3 standard.

6) ISASecure recommends security level 2 or better but will certify to any level
requested by the supplier.
Asset Owner Operating Site Assessment/Certification
ISA/IEC 62443 Asset “Core” ISASecure ACSSA Program
Owner Standards
(346 requirements)
Assessment Certification

62443-2-1 – Security
program Assessment
Certification Definition
requirements Specification & Report
Pass/fail
Standardized assessment
Program policies and procedures
methods, tools, and report.
62443-3-2 – Risk ISASecure TSC
assessment and Develops
Three-day Training Assessor Company
system design Specifications
Class Accreditation
Asset owner standards, ACSSA ISO 17020 and scheme specific
62443-3-3 – System assessment methodology requitements
requirements and
security levels Assessor Personnel
Specification Licensing
Credential Program
Agreements
Profile, education, experience,
62443-2-4 – Service End-users, consultants, CB, other
certifications
provider
Requirements
Planned Milestone Dates for Phase One
• Q3 2024 – ACSSA assessment specifications complete

• Q4 2024 – ACSSA program definition, policies/procedures, CB accreditation

specifications
• Q4 2024 – Assessor Training class complete (3-day class)
• Q1 2025 – ACSSA available for asset owners, consultants, certification bodies
 Cybersecurity Resources at ISA
ISASecure product certifications – https://www.isasecure.org/en-US/
ISASecure ACSSA program details https://isasecure.org/isasecure-site-assessment-0
ISA Global Cybersecurity Alliance - https://isagca.org/
ISAGCA Blogs (tons of great info and free downloads) - https://gca.isa.org/blog
ISA/IEC 62443 Training - https://www.isa.org/training-and-certification/isa-training

OT cybersecurity incident command system for industrial control systems.

www.ics4ics.org

Andre Ristaino, ISA Managing Director, Consortia and Conformity Assessment

[email protected] O: +1 919-990-9222 M: +1 919-323-7660

Elevating OT cybersecurity from an art, to a science, to an engineering discipline

Questions?
Key Takeaways
• Convergence for efficiency—the NATF continues to work
towards bringing industry and suppliers together
• Leverage third-party assessments and certifications
• Endorsed by the ERO-
https://www.nerc.com/pa/comp/guidance
• Available at no cost (it’s FREE)

Open Distribution for Supply Chain Materials 53

Thank you for attending!

[email protected]
[email protected]
[email protected]
[email protected]

Open Distribution for Supply Chain Materials 54

Open Distribution for Supply Chain Materials 55
North American Transmission Forum
9115 Harris Corners Pkwy, Suite 350
Charlotte, NC 28269

(704) 945-1900
[email protected]

Open Distribution for Supply Chain Materials 56