SEMI Cybersecurity Consortium's NIST Semiconductor Manufacturing Community Profile Opens for Public Feedback

MILPITAS, Calif., Feb. 28, 2025 /PRNewswire/ -- The SEMI Semiconductor Manufacturing Cybersecurity Consortium (SMCC), in partnership with the National Institute of Standards and Technology (NIST), advanced a semiconductor industry community profile for NIST Cybersecurity Framework 2.0 (CSF 2.0), opening it for public commentary. Originally announced in September of 2024, the community profile will provide a strategic cybersecurity roadmap specific to semiconductor manufacturing, focused on bolstering the industry's resilience to cybersecurity threats.

The commentary period runs from February 27 through April 14, 2025, with a public workshop to review comments and plan the next steps to follow on March 13, 2025. NIST and SMCC request feedback from stakeholders interested in securing the semiconductor supply chain including cybersecurity professionals, equipment manufacturers, engineers, architects, operations professionals, representatives from fabs, fabless companies, and other semiconductor or electronic system providers.

NIST is planning to release the final draft of the profile in Q3 of fiscal year 2025. To review and comment, visit the National Cybersecurity Center of Excellence (NCCoE) website and join the Community of Interest to receive updates on the profile.

"Society's reliance on electronic devices demands quality and security as the industry grows closer to reaching $1 trillion in annual revenue," said Melissa Grupen-Shemansky, Ph.D., CTO and Vice President of Technology Communities at SEMI. "This collaboration between NIST and SEMI member companies is helping to foster cybersecurity resilience within the industry, while serving the technology needs of the public."

"NIST, in collaboration with industry leaders through SEMI and government agencies, has developed and is releasing a comprehensive framework designed to safeguard semiconductor manufacturing from emerging threats and vulnerabilities," said Sanjay Rekhi, group leader of the Security Components and Mechanisms Group at NIST. "This initiative is part of a broader, multi-year effort to strengthen the security of critical infrastructure, with a particular focus on the security of semiconductors and their supply chain."

In support of the 2023 National Cybersecurity Strategy's strategic objective to secure global supply chains for information, communications and operational technology products and services, the White House Office of the National Cyber Director (ONCD) included a Cybersecurity Framework Profile as part of initiative 5.5.5 in the National Cybersecurity Strategy Implementation Plan Version 2. SMCC recognized the need for a cybersecurity community profile specific to semiconductor manufacturing and assigned a working group (WG4) to develop one with the federal government. WG4 authors of the profile include representatives from Advanced Energy Industries, Applied Materials, ASML, IBM, Intel, PEER Group, Texas Instruments, Tokyo Electron Limited and TxOne Networks.

"This community profile is demonstrating the power of collaboration to solve complex challenges spanning the semiconductor supply chain," said Doug Suerich, Director of Marketing for PEER Group and SMCC governing council member. "Thanks to committed resources from NIST, the efforts of our collaborators, SEMI's strong leadership, and SMCC's dedicated governing council, we can strengthen the resilience of our industry."

"As the semiconductor industry continues its evolution, the adoption of NIST semiconductor profile can help address the industry's growing cybersecurity challenges," said Raj Potturi, Senior Director Information Security & Risk Management for Applied Materials, and SMCC WG4 Co-chair. "As the first community profile developed from scratch under initiative 5.5.5, its creation validates the importance of the semiconductor industry and the need to keep it safe from cyberattacks."

"The next step is to promote broad adoption of this NIST CSF 2.0 Community Profile to reduce cybersecurity risks for the semiconductor manufacturers," said Daniel Pletea, SMCC WG4 Co-chair. "This will be achieved by creating an implementation guide through a similar NIST and SEMI collaboration."

SMCC will provide cybersecurity recommendations for semiconductor manufacturing equipment, information on implementation, and updates on the development of the community profile. For more information, visit the project webpage or contact cybersecurity@semi.org.

About SMCC
The Semiconductor Manufacturing Cybersecurity Consortium (SMCC) is a SEMI technology community founded in 2024 to develop and promote a standard based, semiconductor industry wide approach to improve cybersecurity and accelerate implementation of actionable solutions. The vision of SMCC is to strengthen cyber resilience and protection of the global semiconductor supply chain against evolving threats. SMCC's reach extends all over the world and enables our members to connect and collaborate on specific cybersecurity issues and challenges affecting different regions. It focuses on important cybersecurity issues and seeks to find solutions that will benefit the entire industry. 

About SEMI 
SEMI^® is the global industry association connecting over 3,000 member companies and 1.5 million professionals worldwide across the semiconductor and electronics design and manufacturing supply chain. We accelerate member collaboration on solutions to top industry challenges through Advocacy, Workforce Development, Sustainability, Supply Chain Management and other programs. Our SEMICON^® expositions and events, technology communities, standards and market intelligence help advance our members' business growth and innovations in design, devices, equipment, materials, services and software, enabling smarter, faster, more secure electronics. Visit www.semi.org, contact a regional office, and connect with SEMI on LinkedIn and X to learn more.  

About NIST
The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation's oldest physical science laboratories. Congress established the agency to remove a major challenge to U.S. industrial competitiveness at the time — a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany and other economic rivals.  

The National Cybersecurity Center of Excellence (NCCoE) under NIST is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses' most pressing cybersecurity challenges. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries or broad, cross-sector technology challenges. Working with technology partners — from Fortune 50 market leaders to smaller companies specializing in IT security — the NCCoE develops modular, easily adaptable example cybersecurity solutions demonstrating how to apply standards and best practices using commercially available technology. 

Association Contact
Samer Bahou/SEMI Corporate
Phone: 1.408.943.7870
Email: sbahou@semi.org

SOURCE SEMI