The National Institute of Standards and Technology is gathering public comments on its draft framework for managing and reducing cybersecurity risks in semiconductor manufacturing.
The 136-page draft, titled “Cybersecurity Framework Version 2.0 Semiconductor Manufacturing Profile,” structures methods for identifying and addressing areas for improvement in current cybersecurity practices within semiconductor manufacturing systems.
It also offers cybersecurity evaluation approaches to ensure that control environments work within acceptable risk levels. In addition, the profile provides a standardized approach for the development and maintenance of cybersecurity plans across the semiconductor manufacturing process.
Roadmap’s Focus Areas
The profile’s roadmap follows the six primary functional areas under NIST’s Cybersecurity Framework 2.0: govern, identify, protect, detect, respond and recover. In addition, it expands to various semiconductor subdomains — fabrication, enterprise IT and equipment, and tooling — for framework flexibility and adaptability.
Sanjay Rekhi, group leader of the security components and mechanisms group at NIST, described the profile as a “comprehensive framework” drawn from industry and government collaboration. “This initiative is part of a broader, multi-year effort to strengthen the security of critical infrastructure, with a particular focus on the security of semiconductors and their supply chain,” he added.
The deadline for submitting comments is on April 16. NIST’s National Cybersecurity Center of Excellence plans to hold a virtual workshop for the profile on March 13 to provide an overview of the draft.
Related Articles
Gregory Barbaccia, federal chief information officer and a 2025 Wash100 awardee, has shared his insights on how the federal government should advance digital transformation. “I notice a lot of the government considers itself to be ‘digital,’ but in reality, we’ve only digitized, not transformed. Sure we went 0-1, but that should have just been the beginning,” Barbaccia wrote in a LinkedIn post. He noted the lack of automation and that workflows remain unchanged despite the replacement of paper ledgers with spreadsheets. “Files are shared over email instead of through real-time collaboration tools,” he added. Advancing Digital Transformation in Federal Government
The Federal Communications Commission has adopted new rules that seek to eliminate unnecessary paperwork and address regulatory barriers to the ground-station-as-a-service, or GSaaS, business model as part of efforts to drive innovation in the U.S. space economy. FCC said Thursday the new rules establish a process for ground station operators to secure a baseline license without first identifying a satellite point of communication. A simple FCC notification will be required for each new point of communication. According to FCC, the change would eliminate nearly half of earth station modification applications. “Making the smallest change to a satellite system or earth
The General Services Administration has announced a OneGov agreement with Amazon Web Services that will provide up to $1 billion in direct incentive credits to federal civilian agencies. According to GSA, the direct incentive credits, aggregated across the agencies, will include savings on core AWS cloud services through AWS credits, infrastructure and application technologies modernization through AWS modernization credits, access to AWS training and certification through training credits and a streamlined engagement model with greater savings for direct contracts through direct partnerships. Advancing America’s AI Leadership The agreement is expected to accelerate large-scale IT transformation and boost AI innovation across