downloadGroupGroupnoun_press release_995423_000000 copyGroupnoun_Feed_96767_000000Group 19noun_pictures_1817522_000000Member company iconResource item iconStore item iconGroup 19Group 19noun_Photo_2085192_000000 Copynoun_presentation_2096081_000000Group 19Group Copy 7noun_webinar_692730_000000Path
2200x860_SMCC WG3

STANDARDIZED SEMICONDUCTOR CYBER ASSESSMENT (SSCA)

Download Now

WHAT IS SSCA?

Standardized Semiconductor Cyber Assessment (SSCA) is a tailored cybersecurity assessment framework designed specifically for the semiconductor industry. Developed to address the unique challenges faced across the supply chain—from Device Manufacturers (DMs) to OEMs and beyond—SSCA provides a standardized way to evaluate cyber readiness and risk.

Its main goals are to:

  • Reduce cybersecurity risks in the global semiconductor supply chain
  • Accelerate the adoption of best practices across industry segments
  • Establish a common assessment language for evaluating suppliers and products
  • Enhance collaboration and information sharing

Available in English and Korean (Mandarin and Japanese coming soon)

ssca

Benefits

  • Communicates the unique semiconductor cybersecurity requirements
  • Enables suppliers to only answer one questionnaire and share results with multiple clients
  • Improves efficiency and reduces compliance costs
  • Accelerates adoption of industry best practices through a standardized framework
  • Covers three critical focus areas: Cyber Resilience, Intellectual Property (IP) Protection, and Product Security
ssca

SSCA vs others

  • While conventional standards such as ISO 27001 provide a framework for information security management which aim for broad coverage; our approach is focused on addressing the real cyber risks facing the semiconductor industry.
  • Drawing from TISAX and modified to meet the unique needs of the semiconductor industry
  • Based on questionnaires developed by the SEMI Taiwan Cybersecurity Committee and SMCC member companies
  • In accordance and aligned with NIST CSF 2.0 Framework
  • The maturity question for each section is based on CMMI (Capability Maturity Model Integration)
  • Includes questions around product security and secure software development life cycle
ssca

Purpose-built. Industry-tested.

Purpose-built. Industry-tested.

Resources

SSCA is developed by the SEMI Semiconductor Manufacturing Cybersecurity Consortium (SMCC) Working Group (WG) 3- Supply Chain Cybersecurity.

The WG is comprised of subject matter experts across the supply chain that are focused on activities including cybersecurity, assessment questionnaires and audits.

SSCA logos 20

The questionnaire has 21 categories. The structure of each category includes the following:

The structure of each section includes the following:

  1. Objective:  This tells the responder why the control is important as well as intended business outcomes.                                   
  2. Profile of a Mature Organization: This section provides the respondent with a list of attributes associated with the control that is indicative of a fully mature organization.                 
  3. Maturity Question:  The introductory question is designed to assess the organization's maturity level. The responder will select the option that best represents their organization's security posture.                                  
  4. Supplemental Questions:  Each category may have additional questions that are either “Yes/No” or multiple choice.  This gives the assessor some additional detail around the cyber controls in place at the responder’s organization.
+
Cybersecurity-Service
Download Now