Infrastructure Briefing — August 20, 2025
CISA and the CHIPS Program Office issued a joint supply chain resilience framework, outlining detection, reporting, and remediation expectations for semiconductor manufacturers receiving federal incentives.
Executive briefing: The Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Commerce’s CHIPS Program Office published the Semiconductor Supply Chain Resilience Framework, a joint guide for CHIPS incentive recipients. The framework codifies threat detection, incident reporting, and recovery expectations spanning wafer fabrication, advanced packaging, and specialty material suppliers, with compliance tied to upcoming funding disbursements.
Key infrastructure signals
- Unified reporting cadence. Recipients must submit quarterly supply chain risk assessments covering cyber, physical, and geopolitical disruptions.
- Incident notification. The framework establishes a 24-hour notification requirement to both Commerce and CISA for events affecting production capacity or critical tooling.
- Resilience benchmarks. CISA defined baseline controls for supplier segmentation, redundant tooling, and logistics diversification that Commerce will audit prior to each incentive tranche.
Control alignment
- NIST SP 800-161 Rev. 2. Map supplier risk management controls to the framework’s tiered expectations, including bill-of-material traceability for semiconductor tooling.
- CHIPS incentive agreements. Incorporate the new reporting cadence into grant compliance plans and board oversight dashboards.
- CISA Cyber Performance Goals. Align manufacturing OT security baselines with the framework’s detection and segmentation requirements.
Detection and response priorities
- Instrument OT and IT telemetry across fabs and suppliers, feeding anomaly detection that flags production-impacting events within the 24-hour notification window.
- Establish joint incident command procedures between CISA regional staff and manufacturer crisis teams to accelerate recovery timelines.
Enablement moves
- Run supplier workshops explaining reporting templates, evidence expectations, and response drill frequency tied to CHIPS funding.
- Update enterprise resilience scorecards so executives can track readiness across infrastructure, workforce, and supply chain layers required by the framework.
Sources
- CISA press release: CISA and Commerce release Semiconductor Supply Chain Resilience Framework (August 20, 2025)
- U.S. Department of Commerce fact sheet: Semiconductor Supply Chain Resilience Framework (August 20, 2025)
Zeph Tech operationalises the CISA/Commerce framework with supplier assurance programmes, incident readiness drills, and governance dashboards that keep CHIPS award recipients compliant.