The National Security Agency’s (NSA) Joint Federation Assurance Center (JFAC) Hardware Assurance Lab published a report on “DoD Microelectronics: Levels of Assurance Definitions and Applications” today to characterize the threats and risks to custom microelectronic components used in Department of Defense (DoD) systems. The Cybersecurity Technical Report includes definitions and guidance on applying three levels of hardware assurance to protect applicable DoD systems.
NSA is part of a federation of DoD organizations that promote and enable software and hardware assurance through the Joint Federated Assurance Center. NSA JFAC, which strengthens and supports microelectronics hardware assurance for DoD programs by providing vulnerability detection, analysis and remediation capabilities, drafted the report and established the three levels of hardware assurance.
The introductory report in a DoD microelectronics series outlines the process for determining levels of hardware assurance for systems and custom microelectronic components, which include application-specific integrated circuits (ASICs), field programmable gate arrays (FPGAs) and other devices containing reprogrammable digital logic.
The levels of hardware assurance are determined by the national impact caused by failure or subversion of the top-level system and the criticality of the component to that top-level system. The guidance helps programs acquire a better understanding of their system and components so that they can effectively mitigate against threats.
The JFAC is available to assist DoD programs throughout this process and can be contacted at https://jfac.navy.mil (CAC-enabled website).