The article "Understanding the Relationship Between SEMI E187 and ISA/IEC 62443 in Equipment Security Implementation" explores how these two cybersecurity standards intersect and differ, particularly in the context of semiconductor manufacturing equipment.

‍

Overview of the Standards

SEMI E187 is a prescriptive standard developed specifically for semiconductor manufacturing equipment. It outlines explicit cybersecurity requirements across four domains:
gca.isa.org

Operating system security

Network security

Endpoint protection

Security monitoring

This standard applies to computing devices on fab equipment running Windows or Linux but excludes PLCs, SCADA systems, and factory IT systems like MES.

ISA/IEC 62443 is a globally recognized series of standards addressing cybersecurity for industrial automation and control systems (IACS). Key components include:

62443-3-3: System security requirements and security levels

62443-4-2: Technical security requirements for IACS components

62443-4-1: Secure product development lifecycle requirements

These standards offer a flexible, risk-based approach, focusing on both technical requirements and secure development processes.

‍
Alignment and Differences

While there is significant overlap between SEMI E187 and ISA/IEC 62443, notable differences exist:

Operating System Support: SEMI E187 explicitly prohibits the use of unsupported operating systems, whereas ISA/IEC 62443-4-1 emphasizes documenting compatibility and providing mitigation strategies without outright prohibition.

Malware Scanning: SEMI E187 mandates malware scanning before equipment shipment, including detailed documentation. In contrast, ISA/IEC 62443-4-1 requires comprehensive security validation but does not specifically mandate malware scanning.

These distinctions highlight SEMI E187's prescriptive nature compared to the more flexible, process-oriented approach of ISA/IEC 62443.

‍

Practical Implications

For equipment suppliers, understanding the relationship between these standards can:

Streamline compliance and audit preparations

Avoid redundant efforts in implementation and documentation

Facilitate alignment with evolving cybersecurity requirements

Enhance communication with customers and certification bodies

By recognizing the complementary aspects of SEMI E187 and ISA/IEC 62443, suppliers can adopt a more unified and efficient approach to cybersecurity implementation.

‍

Source: https://gca.isa.org/blog/understanding-the-relationship-between-semi-e187-and-isa/iec-62443-in-equipment-security-implementation