SEMI International Standards
Standards New Activity Report Form (SNARF)
Date Prepared: 05/30/2019Revised (if Applicable):

Document Number: 6566
SNARF for: New Standard: Specification for Malware Free Equipment Integration

Originating Global Technical Committee: Information & Control
Originating TC Chapter: North America
Task Force (TF) in which work is to be carried out: Fab & Equipment Computer and Device Security (CDS) Task Force
Note: If a new task force is needed, also submit a task force organization form (TFOF)

___________________________________________________________________________
1. Rationale:
a. Describe the need or problem addressed by this activity.
(Indicate the customer, what benefits they will receive, and if possible, quantify the impact on the return on investment [ROI] if the Document is implemented.)

In recent years cyberattacks on manufacturing facilities have increased rapidly. The nature of semiconductor manufacturing supply chains, require standards for eliminating potential threat vectors. Device manufacturers and equipment suppliers would benefit from clear mutual expectations and improved equipment reliability. This standard would mitigate the propagation of malware to manufacturing facilities during capital equipment delivery and support activities.



b. Estimate effect on industry.
2: Major effect on an industry sector - identify the relevant sector
Sector or Company Information: Device Manufacturers & Original Equipment Manufacturers

c. Estimate technical difficulty of the activity.
II: Some Difficulty - Disagreements on known requirements exist but developing consensus is possible

___________________________________________________________________________
2. Scope:
a: Describe the technical areas to be covered or addressed by this Document development activity. For Subordinate Standards, list common concepts or criteria that the Subordinate Standard inherits from the Primary Standard, as well as differences from the Primary Standard:

This standard addresses required measures for information security in the primary equipment delivery, installation, and support activities at semiconductor manufacturing facilities

1) Define protection system and processes to ensure integrity of equipment information assets
- Define requirements regarding external connectivity, file transfers, removable media, etc.
2) Define requirements during factory equipment installation
- Additional considerations for datacenter installations
3) Additional considerations for factory equipment installations
- Define requirements during equipment upgrade/maintenance tasks
4) To include field service repairs, patching, other maintenance activities over the course of equipment life cycle
- Define requirements for equipment restoration such as HDD or computer component replacement

This standard will apply to OEMs, IDMs, Suppliers, and other stakeholders.
This standard will apply to any computing device, for example: computers, controllers, PLCs, etc.
Equipment information assets include, but are not limited to: companies IT infrastructures, servers, and digital assets.


b: Expected result of activity
New Standard or Safety Guideline (including replacement of an existing Standard or Safety Guideline)

For a new Subordinate Standard, identify the Primary Standard here:




For Standards, identify the Standard Subtype below:
Specification

Miscellaneous (describe below):

___________________________________________________________________________
3. Projected Timetable for Completion:

a: General Milestones
a. Activity Start: 07/01/2019b. 1st Draft by: 11/15/2019
c. (Optional) Informational Ballot by: d. Letter Ballot by: 02/15/2020
e. TC Chapter Approval By:04/03/2020

_____________________________________________________________________________
4. Liaisons with other Global Technical Committees/TC Chapters/Subcommittees/TFs:
a.
List SEMI global technical committees, TC Chapters, subcommittees, or task forces in your or other Regions/Locales that should be kept informed regarding the progress of this activity. (Refer to SEMI Standards organization charts and global technical committee charters and scopes as needed.)
b. List any planned Type I Liaisons with external nonprofit organizations (e.g., SDO) that should receive Draft Documents from Standards staff for feedback during this activity and be notified when the Letter Ballot is issued (refer to Procedure Manual 7):


c. Intercommittee Ballots:
will not be issued

Identify the recipient global technical committee(s):

___________________________________________________________________________
5. Safety Considerations:
The resulting document is expected:
NOT to be a Safety Guideline

NOTE FOR "to be a Safety Guideline": When all safety-related information is removed from the Document, the Document is NOT technically sound and complete - Refer to Section 15.1 of the Regulations for special procedures to be followed.

NOTE FOR "NOT to be a Safety Guideline": When all safety-related information is removed from the Document, the Document is still technically sound and complete.

___________________________________________________________________________
6. Intellectual Property Considerations:
a. For a new Standard or Safety Guideline and for any part to be modified or added in a Revision of published Standards and Safety Guidelines:
the use of patented technology is NOT required.

If "patented technology is intended to be included in the proposed Standard(s) or Safety Guideline(s) " is selected above, then also check one:


b. For Revision, Reapproval, Reinstatement, or Withdrawal of existing Standard(s) and Safety Guideline(s):


c. The body of the Document and any Appendices, Complementary Files, Related Information sections, or Various Materials that may or may not be a part of the Document by reference:
the incorporation of Copyrighted Item will NOT be required



NOTE FORthe use of patented technology or the incorporation of Copyrighted Item(s) is NOT required’: If in the course of developing the Document, it is determined that the use of patented technology or Copyrighted Item(s) is necessary for the Document, the provisions of Regulations 16 must be followed.

NOTE FORwill incorporate Copyrighted Item’: A copyright release letter must be obtained from the copyright owner prior to publication.

___________________________________________________________________________
7. Comments, Special Circumstances:

__________________________________________________________________________
8. TC Member Review:
took place between (put dates below ) before approval at the TC Chapter Meeting, or

Member Review Start Date; 06/21/2019.
Member Review End Date: 07/05/2019.

NOTE FOR ‘TC Member Review’ is required by the Regulations for a period of at least two weeks
before approval of a new, or a major revision of an existing, Standard or Safety Guideline. (Refer to Regulations 8.2.1)
__________________________________________________________________________

9. SNARF Approval Dates:
TC Chapter or GCS07/10/2019
Recorded in TC Minutes07/10/2019

__________________________________________________________________________

10. SNARF Extension Dates:
TC Chapter Extension Granted on
Extension Expires on

Attach Pictures and Files here: