SEMI International Standards
Standards New Activity Report Form (SNARF)
Date Prepared: 11/16/2018Revised (if Applicable): 03/06/2020

Document Number: 6506
SNARF for: New Standard: Specification for Cybersecurity of Fab Equipment

Originating Global Technical Committee: Information & Control
Originating TC Chapter: Taiwan
Task Force (TF) in which work is to be carried out: Fab & Equipment Information Security Task Force
Note: If a new task force is needed, also submit a task force organization form (TFOF)

___________________________________________________________________________
1. Rationale:
a. Describe the need or problem addressed by this activity.
(Indicate the customer, what benefits they will receive, and if possible, quantify the impact on the return on investment [ROI] if the Document is implemented.)
Computer Operating System (OS) of Fab equipment, such as Windows® and Unix-like OSes, usually face challenges from End-of-Service (EOS) or no update-to-date patch to fix vulnerabilities in software library packages. Malwares can use security exploits to attack the equipment, causing system crash, and make operation interruption. Following instances explain the current status corresponding to above challenges of fab/equipment operation system:
(1) In a semiconductor Fab, 20+ versions of OSes have been EOS during 1995~2018. In average, it is expected that 1~2 OS versions will become EOS per year.
(2) Owing to the consideration on compliance issues, such as availability and interruption, making patch adoption is an extremely difficult task for Fab equipment.
(3) Continuously security monitoring and auditing are becoming more and more important, but many equipment are still lack of standard interface to collect security related logs and configurations.

Therefore, we propose to define standards for equipment vendors to follow to properly manage and solve computing systems security challenges to protect the Fab equipment against various threats.



b. Estimate effect on industry.
1: Major effect on entire industry or on multiple important industry sectors - identify the relevant sectors
Sector or Company Information:

c. Estimate technical difficulty of the activity.
III: Difficult - Limited expertise and resources exist and/or achieving consensus is difficult

___________________________________________________________________________
2. Scope:
a: Describe the technical areas to be covered or addressed by this Document development activity. For Subordinate Standards, list common concepts or criteria that the Subordinate Standard inherits from the Primary Standard, as well as differences from the Primary Standard:
We develop the standards for equipment computing systems to improve self-protection mechanism proactively, such as using long-term support OSes, appropriate system configuration, strictly privilege control, security policy enforcement, application whitelisting, event logging and reporting interfaces, which are considered as efficient tools to secure Fab equipment
Five major perspectives are proposed:

1. Computer operation system security (e.g. long term support distribution, maintenance or updating tools for equipment
2. Network security (e.g. restricted TCP/UDP ports, avoid using high-risk vulnerable ports, like TCP/445 )
3. End-point protection (e.g. Anti-virus, Application whitelist)
4. Security monitor (e.g. APIs to Security Information, Configurations, and Event Management)


b: Expected result of activity
New Standard or Safety Guideline (including replacement of an existing Standard or Safety Guideline)

For a new Subordinate Standard, identify the Primary Standard here:




For Standards, identify the Standard Subtype below:
Specification

Miscellaneous (describe below):

___________________________________________________________________________
3. Projected Timetable for Completion:

a: General Milestones
a. Activity Start: 01/01/2019b. 1st Draft by: 10/01/2019
c. (Optional) Informational Ballot by: d. Letter Ballot by: 01/01/2020
e. TC Chapter Approval By:09/15/2020

_____________________________________________________________________________
4. Liaisons with other Global Technical Committees/TC Chapters/Subcommittees/TFs:
a.
List SEMI global technical committees, TC Chapters, subcommittees, or task forces in your or other Regions/Locales that should be kept informed regarding the progress of this activity. (Refer to SEMI Standards organization charts and global technical committee charters and scopes as needed.)
JA Fab & Equipment Information Security TF members; NA Fab & Equipment Computer and Device Security (CDS) TF members

b. List any planned Type I Liaisons with external nonprofit organizations (e.g., SDO) that should receive Draft Documents from Standards staff for feedback during this activity and be notified when the Letter Ballot is issued (refer to Procedure Manual § 7):


c. Intercommittee Ballots:
will not be issued

Identify the recipient global technical committee(s):
Information & Control
___________________________________________________________________________
5. Safety Considerations:
The resulting document is expected:
NOT to be a Safety Guideline

NOTE FOR "to be a Safety Guideline": When all safety-related information is removed from the Document, the Document is NOT technically sound and complete - Refer to Section 15.1 of the Regulations for special procedures to be followed.

NOTE FOR "NOT to be a Safety Guideline": When all safety-related information is removed from the Document, the Document is still technically sound and complete.

___________________________________________________________________________
6. Intellectual Property Considerations:
a. For a new Standard or Safety Guideline and for any part to be modified or added in a Revision of published Standards and Safety Guidelines:
the use of patented technology is NOT required.

If "patented technology is intended to be included in the proposed Standard(s) or Safety Guideline(s) " is selected above, then also check one:


b. For Revision, Reapproval, Reinstatement, or Withdrawal of existing Standard(s) and Safety Guideline(s):


c. The body of the Document and any Appendices, Complementary Files, Related Information sections, or Various Materials that may or may not be a part of the Document by reference:
the incorporation of Copyrighted Item will NOT be required



NOTE FORthe use of patented technology or the incorporation of Copyrighted Item(s) is NOT required’: If in the course of developing the Document, it is determined that the use of patented technology or Copyrighted Item(s) is necessary for the Document, the provisions of Regulations § 16 must be followed.

NOTE FORwill incorporate Copyrighted Item’: A copyright release letter must be obtained from the copyright owner prior to publication.

___________________________________________________________________________
7. Comments, Special Circumstances:
None.

__________________________________________________________________________
8. TC Member Review:
took place between (put dates below ) before approval at the TC Chapter Meeting, or

Member Review Start Date; 12/17/2018.
Member Review End Date: 12/31/2018.

NOTE FOR ‘TC Member Review’ is required by the Regulations for a period of at least two weeks
before approval of a new, or a major revision of an existing, Standard or Safety Guideline. (Refer to Regulations ¶ 8.2.1)
__________________________________________________________________________

9. SNARF Approval Dates:
TC Chapter or GCS03/29/2019
Recorded in TC Minutes03/29/2019

__________________________________________________________________________

10. SNARF Extension Dates:
TC Chapter Extension Granted on
Extension Expires on