DOT/FAA/TC-16/57 Commercial Off-The-Shelf Federal Aviation Administration Airborne Electronic Hardware William J. Hughes Technical Center Aviation Research Division Issues and Emerging Solutions: Atlantic City International Airport New Jersey 08405 Authority for Expenditure No. 75 Report September 2017 Final Report This document is available to the U.S. public through the National Technical Information Services (NTIS), Springfield, Virginia 22161. This document is also available from the Federal Aviation Administration William J. Hughes Technical Center at actlibrary.tc.faa.gov. U.S. Department of Transportation Federal Aviation Administration NOTICE This document is disseminated under the sponsorship of the U.S. Department of Transportation in the interest of information exchange. The U.S. Government assumes no liability for the contents or use thereof. The U.S. Government does not endorse products or manufacturers. Trade or manufacturers’ names appear herein solely because they are considered essential to the objective of this report. The findings and conclusions in this report are those of the author(s) and do not necessarily represent the views of the funding agency. This document does not constitute FAA policy. Consult the FAA sponsoring organization listed on the Technical Documentation page as to its use. This report is available at the Federal Aviation Administration William J. Hughes Technical Center’s Full-Text Technical Reports page: actlibrary.tc.faa.gov in Adobe Acrobat portable document format (PDF). Technical Report Documentation Page 1. Report No. 2. Government Accession No. 3. Recipient's Catalog No. DOT/FAA/TC-16/57 4. Title and Subtitle 5. Report Date COMMERCIAL OFF-THE-SHELF AIRBORNE ELECTRONIC HARDWARE ISSUES AND September 2017 EMERGING SOLUTIONS: AUTHORIZATION FOR EXPENDITURE NO. 75 6. Performing Organization Code 7. Author(s) 8. Performing Organization Report No. Condra, Lloyd1, Horan, Gary2, Forsberg, Håkan3, Matthews, Dave4, Peterson, James5, Martin, Avelino6, Barbagelata, Serge6, Lillestolen, Kirk7, Redman, Dave8, Petre, Brian9, Kilgore, Charles10, Strasburger, John11, Manners, Robert12, and Gregory, Bob13 9. Performing Organization Name and Address 10. Work Unit No. (TRAIS) 1Boeing 2Federal Aviation Administration 3Saab PO Box 3707 E&PD Standards Staff, Engine SE-58188 Linkoping Seattle, WA 98124-2207 Controls Sweden 11. Contract or Grant No. Burlington, MA 01803 4Rockwell Collins 5Honeywell Aerospace 6Airbus Group 400 Collins Road NE 9201 San Mateo Blvd, NE, 12 Rue Pasteur, BP76 Cedar Rapids, IA 52498 MS C01 92150 Suresnes Albuquerque, NM 87113 France 7UTC Aerospace Systems 8Texas A&M Engineering 9GE Aviation Systems 1 Hamilton Road Experiment Station 3290 Patterson Ave, SE Windsor Locks, CT 06096 3126 TAMU Grand Rapids, MI 49512 College Station, TX 77843-3126 10Federal Aviation Administration 11Federal Aviation Administration 12Hi-Tec Systems, Inc. Software and Electronics Section Systems Integration Section (FAA contractor) Atlantic City Int’l. Airport, NJ 08405 Fort Worth, TX 76137 6727 Delilah Road Egg Harbor Township, NJ 08234 13Rolls-Royce plc P.O. Box 2000, Raynesway, Derby, DE21 7XX England 12. Sponsoring Agency Name and Address 13. Type of Report and Period Covered U.S. Department of Transportation, Federal Aviation Administration Aircraft Certification Service—Design, Manufacturing, and Airworthiness Final Report FAA National Headquarters 14. Sponsoring Agency Code 950 L’Enfant Plaza, S.W., Washington, D.C. 20024 AIR-134 15. Supplementary Notes The FAA William J. Hughes Technical Center Aviation Research Division COR was Charles Kilgore. 16. Abstract This report, based on global industry and regulatory expert experience and knowledge, illustrates only the top level of elemental aspects regarding commercial off-the-shelf (COTS) components embedded in airborne electronic hardware (AEH) issues and provides possibilities for COTS AEH solutions development including: 1) the use of existing standards and guidance documents as a structure for future evolution of COTS standards, 2) possible future COTS standards to implement this structure, 3) the need for combined industry/regulatory/manufacturing research to develop COTS AEH issues mitigations, including the development of COTS standards and guidance, 4) mechanisms to shorten the slow evolution of standards, 5) a candidate structure for relevant and emerging COTS standards linked to evolving development assurance standards, and 6) the identification of standard bodies responsible for the implementation of the ongoing COTS solution(s). This report provides a COTS AEH assurance framework, including a common structured approach to evaluate COTS AEH issues. This approach is applied to the 22 issues addressed in the report and is recommended for application to future issues not addressed herein. The approach is presented in a manner that supports development of project-level COTS AEH mitigations that can be rolled into development, design assurance, and a practical compliance solution for FAA engineers, delegates, and standards administrators. There is a stand-alone treatment of each issue and a five-step suggested evolution of COTS and development assurance standards and guidelines. The research (1) includes detailed technical information about the issues, (2) introduces research required to provide new knowledge needed to implement solutions for the COTS AEH issues, (3) explores required tools, standards, and guidance needed for COTS-based systems development assurance, certification, and maintenance, and (4) considers certification-process and assessment criteria as well as methods for the given issues. The approach may be used to evaluate and develop emerging COTS AEH issues. This report also addresses design, component selection, development assurance, and certification-process issues for AEH COTS electronics product items, such as hybrids, multichip modules, microprocessors, field-programmable gate arrays, application-specific integrated circuits, and small assemblies including printed wiring assemblies and disk drives. All organizations and individuals who work with COTS AEH in avionics are encouraged to read and understand this report — and those who address these COTS AEH issues should use the AFE 75 research approach and results described. 17. Key Words 18. Distribution Statement Commercial off-the-shelf, COTS, Airborne electronic hardware, Avionics, Aircraft certification, This document is available to the U.S. public Regulatory standards and guidance, System qualification, Avionics safety, Hybrids, Multichip through the National Technical Information modules, Microprocessors, Field programmable gate arrays, Application-specific integrated Service (NTIS), Springfield, Virginia 22161. circuits, COTS assemblies, Derating, Uprating, Sparing reliability, Complementary metal-oxide This document is also available from the FAA semiconductor, Single event effects, Atmospheric radiation, Limited-life semiconductors, William J. Hughes Technical Center at Reliability, Lead-free electronics, Errata, Counterfeit parts, Undocumented features, Usage, actlibrary.tc.faa.gov. Production, Unknown changes, Embedded controllers, Packaging and mounting, Obsolescence management, Compliance, Design assurance, System on chip 19. Security Classif. (of this report) 20. Security Classif. (of this page) 21. No. of Pages 22. Price Unclassified Unclassified 152 Form DOT F 1700.7 (8-72) Reproduction of completed page authorized ACKNOWLEDGEMENTS The project management committee (PMC) chairman for this commercial off-the-shelf airborne electronic hardware assurance project, Brian Petre, would like to thank the following people for their direct contributions to the research detailed in this report and persistent efforts throughout the course of this project: Serge Barbagelata, Airbus Group Andrew Berner, BAE Systems Lloyd Condra, The Boeing Company Chris Eckert, GE Aviation Håkan Forsberg, SAAB Bob Gregory, Rolls Royce Dan Higgins, BF Goodrich Gary Horan, FAA Charles Kilgore, FAA Kirk Lillestolen, UTC Bob Manners, Hi-Tec Systems, FAA contractor Avelino Martin, Airbus Group Dave Mathews, Rockwell Collins James Peterson, Honeywell William Scofield, Boeing Ingemar Söderquist, SAAB John Strasburger, FAA The PMC chairman would also like to acknowledge the following individuals and organizations for providing support to the project: Bob Chobot, BAE Systems Chantel Gil, Airbus Group/Eurocopter Barbara Lingberg, FAA Dave Redman, AVSI Director Jordan Smith, Texas A&M University iii TABLE OF CONTENTS EXECUTIVE SUMMARY xvii 1. INTRODUCTION 1 1.1 Principles 1 1.2 Scope 2 1.3 AFE 75 Project Structure 2 1.4 Document Structure 3 1.5 COTS AEH Assurance Objective 4 1.6 COTS AEH Issues 4 2. ISSUE DEFINITIONS AND RECOMMENDATIONS 5 2.1 COTS Assemblies 6 2.1.1 Description of the Issue 6 2.1.2 Relationship to Safety and Certification 7 2.1.3 Existing Activity 7 2.1.4 Technology Weakness/Deficiency 8 2.1.5 Process Weakness/Deficiency 8 2.1.6 Recommendations/Desired Outcome 8 2.1.7 References 9 2.1.8 Acronyms 10 2.2 Derating 10 2.2.1 Description of the Issue 10 2.2.2 Relationship to Safety and Certification 10 2.2.3 Existing Activity 11 2.2.4 Technology Weakness/Deficiency 11 2.2.5 Process Weakness/Deficiency 12 2.2.6 Recommendation/Desired Outcome 12 2.2.7 References 14 2.2.8 Abbreviations and Acronyms 14 2.3 Sparing Reliability 16 2.3.1 Description of the Issue 16 2.3.2 Relationship to Safety and Certification 16 2.3.3 Existing Activity 17 2.3.4 Technology Weakness/Deficiency 18 2.3.5 Process Weakness/Deficiency 18 2.3.6 Recommendation/Desired Outcome 18 2.3.7 References 19 2.3.8 Acronyms 19 iv 2.4 Commodity Memory 20 2.4.1 Description of the Issue 20 2.4.2 Relationship to Safety and Certification 20 2.4.3 Existing Activity 20 2.4.4 Technology Weakness/Deficiency 21 2.4.5 Process Weakness/Deficiency 21 2.4.6 Recommendation/Desired Outcome 21 2.4.7 References 22 2.4.8 Acronyms 22 2.5 Increased Susceptibility to Atmospheric Radiation 23 2.5.1 Description of the Issue 23 2.5.2 Relationship to Safety and Certification 23 2.5.3 Existing Activity 23 2.5.4 Technology Weakness/Deficiency 24 2.5.5 Process Weakness/Deficiency 26 2.5.6 Recommendation/Desired Outcome 29 2.5.7 References 31 2.5.8 Acronyms and Abbreviations 32 2.6 Limited-life Semiconductors Issue Overview 34 2.6.1 Limited-Life Semiconductors Issue Details 34 2.6.2 Relationship to Safety and Certification 35 2.6.3 Existing Activity 36 2.6.4 Technology Weakness/Deficiency 36 2.6.5 Process Weakness/Deficiency 37 2.6.6 Recommendations/Desired Outcome 37 2.6.7 References 37 2.6.8 Acronyms and Abbreviations 38 2.7 Outdated Reliability Assessment Methods 39 2.7.1 Description of the Issue 39 2.7.2 Relationship to Safety and Certification 40 2.7.3 Existing Activity 40 2.7.4 Technology Weakness/Deficiency 40 2.7.5 Process Weakness/Deficiency 41 2.7.6 Recommendations /Desired Outcome 41 2.7.7 References 42 2.7.8 Acronyms 43 2.8 Transition to Lead-free Electronics 44 v 2.8.1 Description of the Issue 44 2.8.2 Relationship to Safety and Certification 45 2.8.3 Existing Activity 46 2.8.4 Technology Weakness/Deficiency 47 2.8.5 Process Weakness/Deficiency 48 2.8.6 Recommendations/Desired Outcome 48 2.8.7 References 48 2.8.8 Acronyms and Abbreviations 49 2.9 Availability and Updates of Errata 50 2.9.1 Description of the Issue 50 2.9.2 Relationship to Safety and Certification 50 2.9.3 Existing Activity 51 2.9.4 Technology Weakness/Deficiency 51 2.9.5 Process Weakness/Deficiency 51 2.9.6 Recommendations/Desired Outcome 51 2.9.7 References 52 2.9.8 Acronyms and Abbreviations 53 2.10 Counterfeit Electronic Parts 53 2.10.1 Counterfeit Parts Issue Details 53 2.10.2 Relationship to Safety and Certification 54 2.10.3 Existing Activity 54 2.10.4 Technology Weakness/Deficiency 55 2.10.5 Process Weakness/Deficiency 55 2.10.6 Recommendation/Desired Outcome 55 2.10.7 References 56 2.10.8 Abbreviations and Acronyms 56 2.11 Undocumented Features 57 2.11.1 Description of the issue 57 2.11.2 Relationship to Safety and Certification 57 2.11.3 Existing activity 57 2.11.4 Technology Weakness/Deficiency 58 2.11.5 Process Weakness/Deficiency 58 2.11.6 Recommendation/Desired Outcome 58 2.11.7 References 59 2.11.8 Acronyms 59 2.12 Multiple AND Global Electronic Supply Chains 60 2.12.1 Description of the Issue 60 2.12.2 Relationship to Safety and Certification 60 vi 2.12.3 Existing Activity 61 2.12.4 Technology Weakness/Deficiency 61 2.12.5 Process Weakness/Deficiency 61 2.12.6 Recommendation/Desired Outcome 61 2.12.7 References 62 2.12.8 Acronyms 62 2.13 Usage Domain Analysis 62 2.13.1 Description of the Issue 62 2.13.2 Relationship to Safety and Certification 62 2.13.3 Existing Activity 62 2.13.4 Technology Weakness/Deficiency 63 2.13.5 Process Weakness/Deficiency 63 2.13.6 Recommendation/Desired Outcome 64 2.13.7 References 66 2.13.8 Acronyms 66 2.14 Production Follow-up 67 2.14.1 Description of the Issue 67 2.14.2 Relationship to Safety and Certification 68 2.14.3 Existing Activity 68 2.14.4 Technology Weakness/Deficiency 68 2.14.5 Process Weakness/Deficiency 69 2.14.6 Recommendations/Desired Outcome 69 2.14.7 References 69 2.14.8 Abbreviations and Acronyms 70 2.15 Intellectual Property 71 2.15.1 Description of the Issue 71 2.15.2 Relationship to Safety and Certification 71 2.15.3 Existing Activity 71 2.15.4 Technology Weakness/Deficiency 72 2.15.5 Process Weakness/Deficiency 72 2.15.6 Recommendation/Desired Outcome 73 2.15.7 References 73 2.15.8 Acronyms 73 2.16 Unknown Changes 74 2.16.1 Description of the Issue 74 2.16.2 Relationship to Safety and Certification 74 2.16.3 Existing Activity 74 2.16.4 Technology Weakness/Deficiency 75 vii 2.16.5 Process Weakness/Deficiency 75 2.16.6 Recommendations/Desired Outcome 75 2.16.7 References 75 2.16.8 Acronyms 76 2.17 Embedded Controllers 76 2.17.1 Description of the Issue 76 2.17.2 Relationship to Safety and Certification 77 2.17.3 Existing Activity 78 2.17.4 Technology Weakness/Deficiency 78 2.17.5 Process Weakness/Deficiency 78 2.17.6 Recommendation/Desired Outcome 78 2.17.7 References 79 2.17.8 Acronyms 79 2.18 Technology and Component Maturity 80 2.19 Component Packaging and Mounting Reliability 80 2.19.1 Description of the Issue 80 2.19.2 Relationship to Safety and Certification 80 2.19.3 Existing Activity 80 2.19.4 Technology Weakness/Deficiency 81 2.19.5 Process Weakness/Deficiency 81 2.19.6 Recommendation/Desired Outcome 81 2.19.7 References 82 2.19.8 Abbreviations and Acronyms 82 2.20 Device Uprating 83 2.20.1 Description of the Issue 83 2.20.2 Relationship to Safety and Certification 83 2.20.3 Existing Activity 84 2.20.4 Technology Weakness/Deficiency 84 2.20.5 Process Weakness/Deficiency 84 2.20.6 Recommendation/Desired Outcome 85 2.20.7 References 86 2.20.8 Acronyms and Abbreviations 86 2.21 Additional FAA Handbook Considerations 87 2.21.1 Description of the Issue 87 2.21.2 Relationship to Safety and Certification 89 2.21.3 Existing Activity 89 2.21.4 Technology Weakness/Deficiency 89 2.21.5 Process Weakness/Deficiency 90 viii 2.21.6 Recommendation/Desired Outcome 90 2.21.7 References 92 2.21.8 The following acronyms were used in section 2.21. 93 2.22 Obsolescence Management 93 2.22.1 Description of the Issue 93 2.22.2 Relationship to Safety and Certification 94 2.22.3 Existing Activity 94 2.22.4 Technology Weakness/Deficiency 95 2.22.5 Process Weakness/Deficiency 95 2.22.6 Recommendations/Desired Outcome 96 2.22.7 References 96 2.22.8 Acronyms 96 2.23 Acceptable Level of Compliance Evidence 97 2.24 Multiple Supply Chains 97 2.25 Demonstration Methods for Safe Use of Complex Commercial off-the-Shelf Equipment in Airborne Electronics Hardware 97 2.26 System On Chip Devices 98 2.26.1 Description of the Issue 98 2.26.2 Relationship to Safety and Certification 99 2.26.3 Existing Activity 99 2.26.4 Technology Weakness/Deficiency 100 2.26.5 Process Weakness/Deficiency 100 2.26.6 Recommendation/Desired Outcome 100 2.26.7 References 100 2.26.8 Acronyms 101 3. AFE 75 RESULTS AND CONCLUSIONS 101 APPENDICES A—COMPOSITE AFE 75 FINAL REPORT REFERENCES B—CANDIDATE COMPREHENSIVE GUIDANCE DOCUMENT STRUCTURE C—COTS ISSUES, PROBLEMS, SOLUTIONS OVERVIEW D—ISSUES SIMILARITY CHART BY GROUPINGS ix