Verification and Validation (V&V) Capabilities and Standards for Trust

Abstract

Starting in FY 2017, this program funded a dedicated technical government subject matter expert (SME) at several JFAC laboratories and provided support for identified JFAC acquisition program pilots and non-program-related assessments, e.g., suspicious parts acquired by law enforcement or that failed in the field. In addition, utilizing the 2015 JFAC hardware assurance capability survey, developed a plan of action based on incremental technical improvement and capacity across participating JFAC laboratories in the following areas: • Equipment re-capitalization and new equipment • Data and imaging processing • Enhanced automation • Technology and IP licensing • Training and SME development • Maintenance support • Feasibility studies • Reimbursable (test fixtures, boards, parts, and supplies) • Direct program support in related areas beyond the acquisition programs’ technical capability or capacity to address. The JFAC will: (1) improve its microelectronics test and verification methodologies in support of verifying trust and assurance of parts and (2) develop standards/practices to foster commercial development of secure, trusted and assured parts. Cost sharing of direct program support prioritized for FY 2017 focused on addressing technical gaps and assurance-related findings. This project also supported the following efforts that continue in FY 2018 under BA 4 PE 0604294D8Z, P645: • Improvements to the core JFAC’s (1) technical capability, i.e., laboratory equipment, IP, analysis tools, such as imaging software (SW), and highly skilled tradecraft, and (2) the capacity to perform assessments. Out-year demands will continue to require an increase in capacity, which will take the form of additional personnel and/or equipment to permit scaling of assessment capabilities. • Enhancement of automation needed to increase the throughput of information produced by individual JFAC laboratory tools as well as to facilitate information sharing across the families of tools used for analysis and testing. • Development of common SME training and protocols based on the existing tool base, to include both commercial and government-developed tools. • Funding of an additional SME per core laboratory in support of the microelectronics trust verification and other JFAC-related work. • Investment in the above technical areas based on priority and monitor and report increased technical capability from the baseline 2016 level. Standards and Practices. Initiate the: • Development of standards and best practices, and relationships with industry, to foster commercial development of secure and trusted parts. • Establishment of formal relationships with FPGA vendors and other key commercial suppliers to improve device and IP security. • Acquisition of government access to proprietary designs, software, development, and quality assurance processes and test procedures to develop design practices that minimize security flaws and facilitate verification. • Establishment of government and industry working groups to develop test procedures to validate the trust of designs. • Documentation and promulgation of security-enhancing design practices across government, industry, and academia. • Development of industry-wide standards and practices to establish a common understanding of what constitutes verified and trusted hardware/software/firmware at both the component and systems level. • Development of a common lexicon for secure hardware/software/firmware in collaboration with the Committee for National Security Systems, National Institute of Standards and Technology, and the broader United States Government, industry, and academia. • Definition of supply chain controls for assured chain of custody for critical and other microelectronics devices and IP. • Development of security training and educate government and industry system security engineers and material managers on supply chain and life-cycle management best practices using agreed-upon language, standards, and practices. • Alignment of DoD Instruction 5200.44 (Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN)), related policies, and NIST 800-161 (Supply Chain Risk Management Practices for Federal Information Systems and Organizations) with industry standards identifying and addressing gaps in definition and criteria and establishing accepted levels of supplier and part trustworthiness.

Document Details

Document Type
Accomplishment
Publication Date
Oct 01, 2019
Source ID
601da90033094cd39349d1a7146f6541

Tags

Readers

  • Cybersecurity.
  • Defense Technology Research and Development.
  • Software Engineering.

Technology Areas

  • Microelectronics

Related Documents