SEMI E187 Cybersecurity Certification Scheme
Building Global Trust in the Semiconductor Supply Chain
The Administration for Digital Industries (ADI), Ministry of Digital Affairs (MODA), in collaboration with SEMI, is jointly promoting the “SEMI E187 Semiconductor Equipment Cybersecurity Certification Scheme.”
This Scheme aims to establish a certification framework aligned with international ISO standards, ensuring third-party impartiality and long-term sustainability, and enabling global equipment suppliers and cybersecurity providers to meet the cybersecurity compliance requirements of leading semiconductor manufacturers.
History of the SEMI E187 Standard
Over the past decade, driven by digital transformation, the semiconductor manufacturing industry has leveraged production data to enhance smart manufacturing capabilities. However, the industry is increasingly facing challenges such as end-of-support (EoS) for automation systems and equipment, along with the presence of legacy software and outdated hardware. These conditions hinder the ability to perform updates and vulnerability patching, making systems highly susceptible to malware and cyberattacks. The large-scale cybersecurity incident at TSMC in 2018 served as a critical wake-up call for the high-tech manufacturing sector. Cybersecurity has since become an urgent and strategic issue, closely tied to both global industrial development and national security. Although international standards and security guidelines for manufacturing have been released in recent years, there remains a lack of comprehensive solutions that adequately address the current cybersecurity management challenges faced by Taiwan’s manufacturing production environments. Therefore, it is necessary to promote international cybersecurity standards for smart manufacturing, guiding the industry to standardize cybersecurity practices across the entire supply chain.
Through the SEMI international standards platform, TSMC and ITRI jointly established the Fab & Equipment Information Security Task Force in September 2018. The task force aims to connect stakeholders across the smart manufacturing supply chain, build industry consensus on cybersecurity, and lead the development and promotion of international standards for risk management and cybersecurity protection in semiconductor manufacturing equipment and systems. Since its establishment, the task force has held monthly working meetings co-chaired by TSMC and ITRI. Participating members include UMC, ASE, Powerchip, Nanya Technology, Applied Materials Taiwan, Delta Electronics, and various cybersecurity and industrial solution providers. These members actively contribute domain expertise and participate in the development of international cybersecurity standards, facilitating the formation of the draft standard.
The first semiconductor equipment cybersecurity standard led by Taiwan, SEMI E187, was officially published on the SEMI website in January 2022.
The standard defines four key areas:
- Operating system support (e.g., long-term support)
- Network security (e.g., secure communication and network configuration management)
- Endpoint protection (e.g., vulnerability scanning, malware detection, endpoint defense mechanisms, and access control)
- Cybersecurity monitoring (e.g., logging and audit trails).
Introduction to the SEMI E187 Cybersecurity Certification Scheme
The SEMI E187 Semiconductor Equipment Cybersecurity Certification Scheme is jointly promoted by the Administration for Digital Industries (ADI), Ministry of Digital Affairs, and SEMI. Based on the international standards ISO/IEC 17025 and ISO/IEC 17065, the scheme establishes a third-party certification framework and management mechanism with impartiality and credibility. It aims to build a consistent, trustworthy, and internationally aligned cybersecurity certification scheme for semiconductor equipment, serving as an important foundation for cybersecurity governance across the global semiconductor supply chain.
The scheme adopts equipment models as the unit of certification. Its certification scope focuses on four key areas: operating system support, network security, endpoint protection, and security monitoring, ensuring that smart manufacturing equipment possesses fundamental cybersecurity protection capabilities at the time of shipment (“Secure by Design”).
Through this standardized and verifiable common language, equipment manufacturers, semiconductor fabs, and supply chain partners can effectively reduce cybersecurity risks, enhance the security and operational resilience of smart manufacturing environments, and strengthen the trust foundation of the global semiconductor supply chain.
Scheme Governance Principles
🔷 Impartiality
The certification process shall ensure impartiality and objectivity, free from any commercial or other undue influences.
🔷 Non-discrimination
Applicants shall not be subject to discrimination based on size, financial status, or other non-technical factors.
🔷 Consistency
All certification activities shall be conducted in a consistent manner in accordance with established requirements.
🔷 Based on International Standards
This Scheme is established in accordance with international standards, including ISO/IEC 17065 and ISO/IEC 17025.
Scheme Operational Framework and Certification Process
This Scheme is built upon a robust conformity assessment framework to ensure independence and traceability at every stage:
- Scheme Governance and Oversight: ADI (MODA) and SEMI serve as the Scheme Owners, ensuring alignment with industry standards.
- Accreditation Body (AB): Accredits Certification Bodies (CBs) and Testing Laboratories (TLs) to ensure compliance with internationally recognized conformity assessment practices. In Taiwan, this role is performed by the Taiwan Accreditation Foundation (TAF).
- Certification Body (CB): Operates in accordance with ISO/IEC 17065 and is responsible for final certification decisions. The Taipei Computer Association (TCA) serves as the pilot certification body.
- Testing Laboratory (TL): Operates in accordance with ISO/IEC 17025 and performs cybersecurity testing. Pilot laboratories include the ITRI Measurement Center and the Institute for Information Industry (III) Institute for Cybersecurity.
Through a standardized certification process, the Scheme enables equipment manufacturers to demonstrate the cybersecurity resilience of their products:
Approved Certification Bodies
Announced in Q4 2026
Approved Testing Laboratories
Announced in Q3 2026
SEMI E187 Cybersecurity Certification Scheme Related Documents
| NO |
File Name |
Key points of the standard |
File Status and Downloads |
| 1 |
SEMI E187 Cybersecurity Specification for Fab Equipment Certification Scheme |
Scheme structure, roles and responsibilities, core certification requirements, and post-market surveillance principles |
Published |
| 2 |
Cybersecurity Validation Criteria based on SEMI E187 |
Test methods, validation criteria, and decision principles |
Published |
| 3 |
Operational Management Regulations for the SEMI E187 Cybersecurity Certification Scheme |
Supporting documents of the Certification Scheme, defining certification processes, certification body management, and other operational details |
To be Published |
| 4 |
Certificate and Mark Management Regulations for the SEMI E187 Cybersecurity Certification Scheme |
Requirements for the use and control of certification marks and certificates
(the certification mark is designed by SEMI) |
To be Published |
| 5 |
Terms of Reference for the Scheme Management Committee of the SEMI E187 Cybersecurity Certification Scheme |
Requirements governing the management of the Scheme by the Scheme Owners (SEMI and ADI) |
To be Published |
Contact Information
※If you would like to learn more about the SEMI E187 Cybersecurity Certification Scheme, please feel free to contact us.
Max Lee 02-77542616#106 / MaxYCLee@itri.org.tw
*Want to learn more about SEMI E187 solutions in Taiwan? Please visit SECPAAS for more information.