Cybersecurity Framework Profile for Semiconductor Manufacturing

The semiconductor manufacturing process is highly complex and relies on interconnected networks, making it vulnerable to cyber threats. A cybersecurity incident could disrupt production, compromise data, and impact the safety and reliability of devices, affecting the overall integrity of the supply chain.

A risk-based approach to help the semiconductor manufacturing industry prioritize their cybersecurity activities

The NIST Cybersecurity Framework Version 2.0 Semiconductor Manufacturing Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to the overall semiconductor manufacturing process. The Profile is a supplement to current cybersecurity standards, regulations, and industry guidelines that are already being used by the semiconductor manufacturing industry.
Status: Preparing Draft

The project team is developing the draft of the NIST Cybersecurity Framework Version 2.0 Semiconductor Manufacturing Profile.

Abstract

Semiconductor manufacturing is the process used to produce electronic devices, including integrated circuits (ICs) (computer processors, microcontrollers, and memory chips). Many of these devices can be found in everyday technology that we use, including smartphones, laptops, smart home devices and kitchen appliances, medical devices, and more.  This highlights the importance of securing the semiconductor manufacturing industry, which is increasingly becoming more vulnerable to a range of threats and open to multiple attack vectors.

The NCCoE partnered with SEMI's Semiconductor Manufacturing Cybersecurity Consortium (SMCC) Working Group 4 (WG4) to develop a NIST Cybersecurity Framework (CSF) 2.0 Semiconductor Manufacturing Community Profile. SMCC WG4 has assembled a dedicated team of experts representing industry and government. SMCC members represent SEMI association. The team is working to identify and prioritize mission objectives to connect operational activities to cyber activities. The Semiconductor Manufacturing mission objectives reflect organizational priorities, and thanks to the continued support of industry stakeholders, vendors, and end-users, these mission objectives track to subcategories and informative references that facilitate and encourage sector adoption and use.

The Profile aims to strengthen semiconductor manufacturing through the development and adoption of a NIST CSF 2.0 Community Profile for Semiconductor Manufacturing with the community (e.g., SEMI, government, and academia). The non-regulatory, voluntary Profile is intended to supplement, not replace, an existing risk management program or the current cybersecurity standards, regulations, and industry guidelines that are in current use by the semiconductor manufacturing industry.

To help organizations with safeguarding semiconductor manufacturing, the NCCoE together with SEMI SMCC, and its members, is developing the Profile around high-level, mission-oriented goals (“Mission Objectives”) of the semiconductor manufacturing ecosystem. These Mission Objectives will not address every technical aspect of the SEMI process since technical components of SEMI systems vary widely and cannot be captured in their entirety within a single Profile. However, the Profile will help the SEMI manufacturing sector focus on cybersecurity functions that require attention and leave individual stakeholders to implement specific cybersecurity controls that are best suited for their circumstances.

To help organizations with safeguarding semiconductor manufacturing, the NCCoE together with SEMI SMCC, and its members, is developing the Profile around high-level, mission-oriented goals ("Mission Objectives") of the semiconductor manufacturing infrastructure.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself

First & Last Name