SNARF for Doc 6926

SEMI International Standards
Standards New Activity Report Form (SNARF)

Date Prepared: 03/30/2022

Revised (if Applicable):

Document Number: 6926
SNARF for: New Standard: Specification for Equipment Operator Access Management and Monitoring

Originating Global Technical Committee: Information & Control

Originating TC Chapter: North America

Task Force (TF) in which work is to be carried out: Fab & Equipment Computer and Device Security (CDS) Task Force

Note: If a new task force is needed, also submit a task force organization form (TFOF)

___________________________________________________________________________
1. Rationale:
a. Describe the need or problem addressed by this activity.
(Indicate the customer, what benefits they will receive, and if possible, quantify the impact on the return on investment [ROI] if the Document is implemented.)
Operator interactions with manufacturing equipment typically do not identify the specific operator acting on the equipment. This makes operator access difficult to manage and limits the visibility of specific operator activity on the manufacturing equipment. Also, equipment users want to take advantage of externalized role management at the factory level through role based access control. Enabling industry best practices for access management and user activity monitoring will improve overall equipment security by mitigating possible threat vectors due to unauthorized access.

b. Estimate effect on industry.
2: Major effect on an industry sector - identify the relevant sector
Sector or Company Information: Device Manufacturers & Original Equipment Manufacturers

c. Estimate technical difficulty of the activity.
III: Difficult - Limited expertise and resources exist and/or achieving consensus is difficult

___________________________________________________________________________
2. Scope:
a: Describe the technical areas to be covered or addressed by this Document development activity. For Subordinate Standards, list common concepts or criteria that the Subordinate Standard inherits from the Primary Standard, as well as differences from the Primary Standard:
This standard will address requirements to track and log interactions within the equipment
•Investigate requirements concerning log content, mandatory vs. optional interactions with theequipment, etc.
oDefine the level of interactions which should be tracked – (considerations: field valuechange on the UI or button click? Or ‘committed’ actions like saving configurationchanges, acknowledging alarms, etc.)
oDiscuss if ‘automated’ interactions related to operator interaction be tracked? Forexample, a session timeout occurs and the current user is logged out
oDiscuss requirements around how long logging related to interactions are tracked? i.e.Locally on the equipment for a period of <X> days?
oConsiderations of applicability towards both local and remote sessions
•Define requirements for externalized role management at the factory level
oFor example, integrating the equipment’s role based access system with an equipmentuser’s IT systems
•Define equipment usage reports or log metadata requirements for any/all changes made on themanufacturing equipment [for example, format and data type]

Define security requirements related to user access management on the equipment. This investigation will include, but is not limited to:
•Best practices will be defined in Related Information and other areas•Session idle time out functionality•Defining operator authentication requirements for the equipment and how multiple methods can be supported.oFor example, username/password, badge scan, RFID token, etc.•Define role based access control requirements

This standard would apply to OEMs, IDMs, and other stakeholders
This standard would define which computing devices are subject to access control and reporting requirements
The term operator will be formally defined within the proposed standard

b: Expected result of activity
New Standard or Safety Guideline (including replacement of an existing Standard or Safety Guideline)

For a new Subordinate Standard, identify the Primary Standard here:

For Standards, identify the Standard Subtype below:
Specification

Miscellaneous (describe below):

___________________________________________________________________________
3. Projected Timetable for Completion:

a: General Milestones

a. Activity Start: 03/01/2022	b. 1st Draft by: 04/01/2022
c. (Optional) Informational Ballot by:	d. Letter Ballot by: 06/30/2022
e. TC Chapter Approval By:12/01/2022

_____________________________________________________________________________
4. Liaisons with other Global Technical Committees/TC Chapters/Subcommittees/TFs:
a. List SEMI global technical committees, TC Chapters, subcommittees, or task forces in your or other Regions/Locales that should be kept informed regarding the progress of this activity. (Refer to SEMI Standards organization charts and global technical committee charters and scopes as needed.)
I&C NA GUI Task Force

b. List any planned Type I Liaisons with external nonprofit organizations (e.g., SDO) that should receive Draft Documents from Standards staff for feedback during this activity and be notified when the Letter Ballot is issued (refer to Procedure Manual § 7):
TW Fab & Equipment Information Security TF members
JA Fab & Equipment Information Security TF members
I&C NA GUI Task Force

c. Intercommittee Ballots:
will not be issued

Identify the recipient global technical committee(s):

___________________________________________________________________________
5. Safety Considerations:
The resulting document is expected:

NOT to be a Safety Guideline

NOTE FOR "to be a Safety Guideline": When all safety-related information is removed from the Document, the Document is NOT technically sound and complete - Refer to Section 15.1 of the Regulations for special procedures to be followed.

NOTE FOR "NOT to be a Safety Guideline": When all safety-related information is removed from the Document, the Document is still technically sound and complete.

___________________________________________________________________________
6. Intellectual Property Considerations:
Note: Both a: and b: below should be checked for Revision of existing Standard(s) and Safety Guideline(s).

a. For a new Standard or Safety Guideline and for any part to be modified or added in a Revision of published Standards and Safety Guidelines:
the use of patented technology is NOT required.

If "patented technology is intended to be included in the proposed Standard(s) or Safety Guideline(s) " is selected above, then also check one:

b. For Revision, Reapproval, Reinstatement, or Withdrawal of existing Standard(s) and Safety Guideline(s):

c. The body of the Document and any Appendices, Complementary Files, Related Information sections, or Various Materials that may or may not be a part of the Document by reference:

the incorporation of Copyrighted Item will NOT be required

NOTE FOR ‘the use of patented technology or the incorporation of Copyrighted Item(s) is NOT required’: If in the course of developing the Document, it is determined that the use of patented technology or Copyrighted Item(s) is necessary for the Document, the provisions of Regulations § 16 must be followed.

NOTE FOR ’will incorporate Copyrighted Item’: A copyright release letter must be obtained from the copyright owner prior to publication.

___________________________________________________________________________
7. Comments, Special Circumstances:
None.

__________________________________________________________________________
8. TC Member Review:
took place between (put dates below ) before approval at the TC Chapter Meeting, or

Member Review Start Date; 2/23/2022
Member Review End Date: 3/8/2022

NOTE FOR ‘TC Member Review’ is required by the Regulations for a period of at least two weeks
before approval of a new, or a major revision of an existing, Standard or Safety Guideline. (Refer to Regulations ¶ 8.2.1)
__________________________________________________________________________

9. SNARF Approval Dates:

TC Chapter or GCS	03/30/2022
Recorded in TC Minutes

__________________________________________________________________________

10. SNARF Extension Dates:

TC Chapter Extension Granted on

Extension Expires on