SEMI E191

This standard describes the required information on the cybersecurity status that must be reported for each IT device provided by the OEM (e.g. computers/IPCs, PLC systems, plant control systems (ECS)) if it is connected to the factory network. 

With an unique assignment to the individual device (ComputingDeviceIdentifier), the information includes the manufacturer of the operating system (OSManufacturer), the name of the operating system (OSName), its version (OSVersion) and the corresponding build information (OSBuild). These information help factories to assess the cyber security risk posed by the device in question. For example, a component with an OS that is no longer supported poses a higher security risk as it is more susceptible to malware incidents due to the lack of security updates from the OS manufacturer.

IT components that are not connected to the fab network and are only connected to the internal network of the production plant, for example, are not affected by this standard. This also applies to IT components that are provided by the fab itself (e.g. Manufacturing Execution System (MES), Material Control System (MCS) and other host systems)

The subordinate standards in this series outline the methods for reporting cybersecurity status information through different technologies (e.g., the SECS-II interface).