SMCC WG 1,2 – Factory Cybersecurity Implementation and Compliance
SMCC Cybersecurity Implementation working group’s (WG1) goal is to start with existing SEMI standards related to cybersecurity for equipment (E187 and E188). We will build a list of agreed upon interpretations and identify the actions required.
WG1’s ultimate goal is to achieve a single consensus on how to operationalize cybersecurity protections so that tools (including FAB, sub-FAB, Sort, Assembly, Test, etc.), equipment and sub-systems along with supporting software/analytics engines arriving at any factory are cybersafe by default, and security can be maintained over time. It has been merged with WG2 to cover compliance aspect of E187 including certification.
SMCC WG3 - Supply Chain Cybersecurity
Most cybersecurity impacts originate in our supply chain where many companies are below the cybersecurity poverty line. Our industry has recognized the need to significantly reduce supply chain cybersecurity risks and speed adoption of best practices through a standardized industry framework. This working group’s main goal is to create one universal checklist for companies to evaluate members of their supply chain. Companies can use the universal checklist results to show cybersecurity readiness to all their customers, rather than completing a different assessment for each relationship. This working group also plans to define ecosystem security maturity & measures based on other industries best practices.
SMCC WG4 - International Regulation and Specs
This working group aims to consolidate the current SEMI cybersecurity standards with the ever-growing list of cybersecurity standards, guidelines, and global legislation that apply to semiconductor manufacturing so they can be understood and adhered to. Other industries are ahead of semiconductor in many of these areas, and there is an opportunity to leverage or reference best practices from elsewhere. Efforts of this working group will include a comparative analysis of the SEMI standards against other documents such as the NIST CSF, EU Cybersecurity Act, DFARS, ISA/IEC 62443 and others.
SMCC WG6 - Cybersecurity pre-standards engineering
Existing SEMI standards for cybersecurity provide a good foundation, but more requirements and guidance are needed to ensure the entire semiconductor supply chain is cyber-secure. Other SMCC working groups are working on deliverables that incorporate input from front-line practitioners and real-world experiences. Some of these deliverables will result in new or updates to SEMI Standards. Some of these deliverables will be specific to the SMCC. This working group will develop process guidance documents and examples to streamline the process and result in higher quality documents from all SMCC working groups.
SMCC WG7 – Outreach, Communications, and Events
The primary goal of this working group is to focus on providing educational resources and tools to reduce the cybersecurity impact that can be leveraged by small to large companies in our supply chain.
This working group will also coordinate participation in key SEMI and other industry events.
Ultimately, this group will identify collaboration opportunities ensuring all SMCC efforts are engaged.
SMCC WG8 - EU Regulation and CRA
This workgroup will address topics such as the European Cyber Resilience Act (CRA). The WG plans to interpret and understand the impact of CRA to the semiconductor ecosystem and represent semiconductors in the CRA standardization groups and promote SEMI Standards as a solution after the gap analysis. If you are interested in participating in this WG, please send an email to [email protected]
SMCC WG9 - South Korea Cybersecurity Working Group
WG9 expands SMCC’s reach in South Korea by serving as a regional outreach and implementation forum for SEMI Manufacturing Cybersecurity Standards and artifacts. By reducing language and time‑zone barriers, the group enables Korean semiconductor companies to adopt existing SMCC artifacts while contributing region‑specific cybersecurity perspectives to the broader SMCC ecosystem.
