SNARF for Doc 7317

SEMI International Standards
Standards New Activity Report Form (SNARF)

Date Prepared: 09/30/2024

Revised (if Applicable):

Document Number: 7317
SNARF for: Revision to E187-0122 Specification for Cybersecurity of Fab Equipment

Originating Global Technical Committee: Information & Control

Originating TC Chapter: Taiwan

Task Force (TF) in which work is to be carried out: Fab & Equipment Information Security Task Force

Note: If a new task force is needed, also submit a task force organization form (TFOF)

___________________________________________________________________________
1. Rationale:
a. Describe the need or problem addressed by this activity.
(Indicate the customer, what benefits they will receive, and if possible, quantify the impact on the return on investment [ROI] if the Document is implemented.)

SEMI E187 - Specification for Cybersecurity of Fab Equipment defines cybersecurity specifications and requirement for equipment vendors to design security measures at phase of new equipment development and delivery. The E187 initial version provides fundamental requirements about operation system vulnerability management, network security, endpoint protection and security monitoring. It applies to computing devices which are installed with Microsoft Windows and Linux operation system.

There are many equipment suppliers and customers around the world, each with different risk management policy and strategies. To globally promote the security specifications, following concept and practice of IEC 62443, the E187 major revision is proposed to include more security requirements and define the security level for each requirement. It is expected the enhancement of revision provide comprehensive security specifications with adoption flexibility by security level definition.

b. Estimate effect on industry.
2: Major effect on an industry sector - identify the relevant sector
Sector or Company Information: Semiconductor equipment security design

c. Estimate technical difficulty of the activity.
II: Some Difficulty - Disagreements on known requirements exist but developing consensus is possible

___________________________________________________________________________
2. Scope:
a: Describe the technical areas to be covered or addressed by this Document development activity. For Subordinate Standards, list common concepts or criteria that the Subordinate Standard inherits from the Primary Standard, as well as differences from the Primary Standard:
1. Risk and impact analysis will be conducted to identify major focus and counter measures. The rationale and supplemental guidance will be enhanced to improve the communication efficiency and speed up consensus alignment as well.
2. Based on risk and impact analysis, the E187 major revision focus are summarized as below:

• Key Development Priorities and Enhancement Framework
 Extended Coverage:
 Broader equipment range and OS type inclusion
 Comprehensive internal component coverage (network devices, hosts, etc.)
 E187 Requirement Enhancement:
 a) Expanded Focus Areas:
o System architecture
o System integration
o Application security
 b) Implementation Requirements:
o Application vulnerability management
o Application change management
 c) Network Security:
o Enhanced gateway design for secure access
o Advanced malware protection
 d) Advanced Security Requirements:
o Cross-equipment controller solutions
o Wi-Fi and 5G embedded network security
• Integration and alignment with IEC 62443 series of standards
• Introduce of Security Level concepts:
 Basic Requirements (BR) for general cases (SL-1)
 Requirement Enhancements (RE) for higher risk scenarios (SL-2, SL-3)

3. The revision will develop a table of check list to explain the implementation details for all the requirements in SEMI E187. And attached to SEMI E187 as a reference tool for implementing the requirements.

b: Expected result of activity
Major revision to an existing Standard or Safety Guideline

For a new Subordinate Standard, identify the Primary Standard here:

For Standards, identify the Standard Subtype below:
Specification

Miscellaneous (describe below):

___________________________________________________________________________
3. Projected Timetable for Completion:

a: General Milestones

a. Activity Start: 03/01/2024	b. 1st Draft by: 12/31/2024
c. (Optional) Informational Ballot by: 06/30/2025	d. Letter Ballot by: 10/30/2025
e. TC Chapter Approval By:12/31/2025

_____________________________________________________________________________
4. Liaisons with other Global Technical Committees/TC Chapters/Subcommittees/TFs:
a. List SEMI global technical committees, TC Chapters, subcommittees, or task forces in your or other Regions/Locales that should be kept informed regarding the progress of this activity. (Refer to SEMI Standards organization charts and global technical committee charters and scopes as needed.)

b. List any planned Type I Liaisons with external nonprofit organizations (e.g., SDO) that should receive Draft Documents from Standards staff for feedback during this activity and be notified when the Letter Ballot is issued (refer to Procedure Manual § 7):

c. Intercommittee Ballots:
will not be issued

Identify the recipient global technical committee(s):

___________________________________________________________________________
5. Safety Considerations:
The resulting document is expected:

NOT to be a Safety Guideline

NOTE FOR "to be a Safety Guideline": When all safety-related information is removed from the Document, the Document is NOT technically sound and complete - Refer to Section 15.1 of the Regulations for special procedures to be followed.

NOTE FOR "NOT to be a Safety Guideline": When all safety-related information is removed from the Document, the Document is still technically sound and complete.

___________________________________________________________________________
6. Intellectual Property Considerations:
Note: Both a: and b: below should be checked for Revision of existing Standard(s) and Safety Guideline(s).

a. For a new Standard or Safety Guideline and for any part to be modified or added in a Revision of published Standards and Safety Guidelines:
the use of patented technology is NOT required.

If "patented technology is intended to be included in the proposed Standard(s) or Safety Guideline(s) " is selected above, then also check one:

b. For Revision, Reapproval, Reinstatement, or Withdrawal of existing Standard(s) and Safety Guideline(s):
there is no known material patented technology necessary to use or implement the Standard(s) and Safety Guideline(s)

c. The body of the Document and any Appendices, Complementary Files, Related Information sections, or Various Materials that may or may not be a part of the Document by reference:

the incorporation of Copyrighted Item will NOT be required

NOTE FOR ‘the use of patented technology or the incorporation of Copyrighted Item(s) is NOT required’: If in the course of developing the Document, it is determined that the use of patented technology or Copyrighted Item(s) is necessary for the Document, the provisions of Regulations § 16 must be followed.

NOTE FOR ’will incorporate Copyrighted Item’: A copyright release letter must be obtained from the copyright owner prior to publication.

___________________________________________________________________________
7. Comments, Special Circumstances:
None.

__________________________________________________________________________
8. TC Member Review:
took place between (put dates below ) before approval at the TC Chapter Meeting, or

Member Review Start Date; 10/23/2024.
Member Review End Date: 11/06/2024

NOTE FOR ‘TC Member Review’ is required by the Regulations for a period of at least two weeks
before approval of a new, or a major revision of an existing, Standard or Safety Guideline. (Refer to Regulations ¶ 8.2.1)
__________________________________________________________________________

9. SNARF Approval Dates:

TC Chapter or GCS	11/29/2024
Recorded in TC Minutes	11/29/2024

__________________________________________________________________________

10. SNARF Extension Dates:

TC Chapter Extension Granted on

Extension Expires on