Cybersecurity profile for semiconductor manufacturing: Share your feedback

NIST plans to release the updated profile in Q3 of fiscal year 2025.

The SEMI Semiconductor Manufacturing Cybersecurity Consortium (SMCC), in partnership with the National Institute of Standards and Technology (NIST), has developed a semiconductor industry community profile for NIST Cybersecurity Framework 2.0 (CSF 2.0), now available for public feedback. Initially announced in Sep 2024, the profile provides cybersecurity guidelines specific to semiconductor manufacturing.

Courtesy: Control Engineering, using information from SEMI

The commentary period runs from Feb. 27 through April 14, 2025, with a public workshop on March 13, 2025, to review feedback and discuss next steps. NIST and SMCC seek input from stakeholders involved in semiconductor supply chain security, including cybersecurity professionals, equipment manufacturers, engineers, architects, operations professionals, and professionals from fabs, fabless companies, and semiconductor or electronic system providers.

NIST expects to release the updated profile in Q3 of fiscal year 2025. To review and provide feedback, visit the National Cybersecurity Center of Excellence (NCCoE) website and sign up for updates through the Community of Interest.

“Society’s reliance on electronic devices demands quality and security as the industry grows closer to reaching $1 trillion in annual revenue,” said Melissa Grupen-Shemansky, Ph.D., CTO and vice president of technology communities at SEMI.

“NIST, in collaboration with industry leaders through SEMI and government agencies, has developed and is releasing a comprehensive framework designed to safeguard semiconductor manufacturing from emerging threats and vulnerabilities,” said Sanjay Rekhi, group leader of the Security Components and Mechanisms Group at NIST. “This initiative is part of a broader, multi-year effort to strengthen the security of critical infrastructure, with a particular focus on the security of semiconductors and their supply chain.”

Aligned with the 2023 National Cybersecurity Strategy’s goal of strengthening supply chain security for information, communications, and operational technology, the White House Office of the National Cyber Director (ONCD) included a Cybersecurity Framework Profile under initiative 5.5.5 in the National Cybersecurity Strategy Implementation Plan Version 2. SMCC identified a need for a cybersecurity profile specific to semiconductor manufacturing and formed a working group (WG4) in collaborationwith the federal government to develop it. WG4 authors include representatives from Advanced Energy Industries, Applied Materials, ASML, IBM, Intel, PEER Group, Texas Instruments, Tokyo Electron Limited and TxOne Networks.

“As the semiconductor industry continues its evolution, the adoption of NIST semiconductor profile can help address the industry’s growing cybersecurity challenges,” said Raj Potturi, senior director information security and risk management for Applied Materials, and SMCC WG4 co-chair. “As the first community profile developed from scratch under initiative 5.5.5, its creation validates the importance of the semiconductor industry and the need to keep it safe from cyberattacks.”

“The next step is to promote broad adoption of this NIST CSF 2.0 Community Profile to reduce cybersecurity risks for the semiconductor manufacturers,” said Daniel Pletea, SMCC WG4 co-chair. “This will be achieved by creating an implementation guide through a similar NIST and SEMI collaboration.”

SMCC will offer guidance on cybersecurity for semiconductor manufacturing equipment, share details  on implementation, and provide progress updates on the community profile. For more information, visit the project webpage.

Edited by Puja Mitra, WTWH Media, for Control Engineering, from a SEMI news release.