SEMI Semiconductor Cybersecurity Risk Rating Service
SEMI Semiconductor Cyber Security Risk Rating Service is a ‘foundation for cybersecurity assessment’ inspired by the cybersecurity framework of the National Institute of Standards and Technology (NIST) in the United States, covering common security practices to serve as a standard template that familiarizes the semiconductor ecosystem with security maturity assessment and benchmarking, so as to create a unique competitive edge for your business!
- Quantitative Risk Scores and Peer Comparison
- Comprehensive Risk Ratings and SEMI Cyber Security Assessment - Introductory
- Suggestions for Risk Enhancement and Immediate Review on Improvement Results
- Continuous Risk Ratings to Keep You Updated with Changes in Enterprise Risk Index
Semiconductor Cybersecurity Lesson
The lessons of security management best practices are provided to share with small and medium suppliers to improve security. It intends to empower emerging professionals with a conduit to bridge theoretical prowess with pragmatic application, to equip seasoned professionals with a broader perspective, and to facilitate personal enrichment and interactive growth within a thriving community.
SEMI Semiconductor Cybersecurity Resources
Semiconductor Cybersecurity Committee
SEMI Standards
SEMI Taiwan Semiconductor Cybersecurity Newsletter
SEMI E187 Equipment Cybersecurity Standard Implementation Guide and Checklist
The SEMI E187 Checklist was created under the leadership of SEMI Taiwan Cybersecurity Coomittee Working Group leaders, Dr. Ares Cho, Division Director, Information and Communication Research Laboratory, ITRI and Mr. Leon Chang, Department Manager of IT Security Program, TSMC along with all its members.
It provides verification and assistance in evaluating compliance with the SEMI E187 specification according to the provisions of E187. It serves as a basis for assessing compliance when implementing the SEMI E187 Semiconductor Equipment Security Standard within an enterprise.
SEMI E187 was born under the leadership of SEMI semiconductor cybersecurity working group co-leader Professor Xie Xuping of National Yangming Jiaotong University, manager of TSMC Zhang Qihuang, and executive director of Ruikong Network Security Liu Rongtai, and all members jointly edited it.
Its content points out that based on the OT zero-trust security strategy, how the industry can protect the equipment from the period of onboarding, staging, production, and maintenance, and provide enterprises with the guidance to implement the SEMI E187 semiconductor equipment information security standard specification A practical approach while establishing a high-productivity and efficient information security defense strategy, it also meets compliance requirements.
SEMI E187 Semiconductor Equipment Cybersecurity Standards Online Course enables businesses to quickly understand the scope of SEMI E187, its four key aspects, and practical applications in the semiconductor industry. It guides companies to grasp the essential framework of the E187 standard effectively.
✔ Fundamental Framework of SEMI E187
✔ Scope and Applications of SEMI E187
✔ Four Key Aspects of SEMI E187
✔ Practical Applications of SEMI E187 Standards
The SEMI E187 Semiconductor Equipment Cybersecurity Standard defines comprehensive and fundamental cybersecurity requirements as design benchmarks to ensure the safety of semiconductor wafer fab equipment, safeguarding operations and maintenance processes.
✔ Operating System Regulations
✔ Network Security Protocols
✔ Endpoint Protection Measures
✔ Information Security Monitoring
以 SEMI E187 為基礎之半導體設備資安查核規範
Supply Chain Cybersecurity
The SEMI Cybersecurity Self-Assessment Questionnaire reflects efforts led by TSMC’s Deputy Director, Chi-Huang Chang, and Cisco's Senior IT Partner, Zhi-Ren Hong, along with the SEMI Semiconductor Cybersecurity Committee.
Derived from the NIST framework, this self-assessment tool was co-developed by industry leaders including TSMC, ASE, Winbond, PCL, UMC, and Macronix. It aims to unify evaluations of semiconductor suppliers' cybersecurity status, enhance efficiency, establish industry benchmarks, and foster continuous improvement. By creating a comprehensive cybersecurity profile across the supply chain, this initiative helps identify industry vulnerabilities and shapes long-term enhancement strategies.
Cybersecurity Strategy and Guidelines
This guide was developed in collaboration with SEMI, SEMI Taiwan Semiconductor Cybersecurity Committee Chair and TSMC Corporate Information Security Director, James Tu, and the co-leads of the Committee's Fourth Working Group, Professor Xie Xuping, Professor Emeritus at National Yang Ming Chiao Tung University, and Liu Rongtai, CEO of RuiKong Network Security. The committee focused on key security functions for participants in the semiconductor wafer manufacturing environment, including wafer manufacturers, equipment suppliers, and service providers. The reference architecture demonstrates an integrated strategy and tactics for cybersecurity measures based on these standards. It covers comprehensive security strategies to protect the semiconductor manufacturing environment, typical components in the environment, key cybersecurity functions, and their interconnections.
SEMI and SEMI Taiwan Semiconductor Cybersecurity Committee Launch "Building A Robust Cybersecurity Program". The initiative, led by SEMI Taiwan Cybersecurity Committee Chair and TSMC Global Security Management Senior Director James Tu, Professor Xie Xuping, Professor Emeritus at National Yang Ming Chiao Tung University, and Liu Rongtai, CEO of RuiKong Network Security, aims to assist enterprises by:
✔ Enhancing Cybersecurity Decision-Making: Engaging boards of directors and executives in cybersecurity strategy development, achieving a comprehensive upgrade from management to decision-making.
✔ Investing in Cybersecurity to Boost Business Value: Prioritizing resource allocation, transforming cybersecurity into a core asset, and linking business success with clear standards.
✔ Accelerating Cybersecurity Integration: Closely aligning cybersecurity with business objectives to drive innovation and growth.