The NIST National Cybersecurity Center of Excellence (NCCoE) along with the SEMI Semiconductor Manufacturing Cybersecurity Consortium has released Draft NIST Internal Report (NIST IR) 8546, Cybersecurity Framework (CSF) 2.0 Semiconductor Manufacturing Community Profile for public comment until 11:59 PM ET on Monday, April 16, 2025.
This draft Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to semiconductor manufacturing systems. The semiconductor manufacturing environment is a complex ecosystem of device makers, equipment OEMs, suppliers and solution providers. This Profile focuses on desired cybersecurity outcomes and can be used as a guideline to improve the current cybersecurity posture of the semiconductor manufacturing ecosystem.
“NIST, in collaboration with industry leaders and government agencies, has developed and is releasing a comprehensive Framework designed to safeguard semiconductor manufacturing from emerging threats and vulnerabilities,” said Sanjay Rekhi, group leader of the Security Components and Mechanisms Group at NIST. “This initiative is part of a broader, multi-year effort to strengthen the security of critical infrastructure, with a particular focus on the security of semiconductors and their supply chain.”
Looking Ahead
The NCCoE is planning a virtual workshop on Thursday, March 13, 2025, to provide an overview of the draft NIST Internal Report (IR) 8546, Cybersecurity Framework (CSF) 2.0 Semiconductor Manufacturing Community Profile , gather feedback on the Profile, identify additional resources to support the adoption of the profile, and share next steps.
To stay informed about this work and receive project updates, join the NCCoE Semiconductor Manufacturing Community of Interest (COI).
Email us at semiconductor-manufacturing-profile@nist.gov.
Questions about SEMI and SMCC should be directed to cybersecurity@semi.org.
