Hardware assurance
NSA Posts Cybersecurity Technical Report on DOD’s Customizable Microelectronics
The National Security Agency has published a cybersecurity technical report characterizing the Department of Defense’s approach to protecting its custom microelectronics components.
Authored by the NSA’s Joint Federated Assurance Center, the document discusses three levels of protection for configurable devices, including application-specific integrated circuits and field-programmable gate arrays.
A device’s level of hardware assurance is based on the national impact that would be caused by its failure or subversion, the NSA said Thursday.
The agency defines hardware assurance as the level of confidence that a device does not contain unexpected characteristics nor will it exhibit unintended behaviors—such as degraded reliability, denial of service and functional changes—due to manipulation by an adversary.
The highest level of assurance, LoA3, is reserved for systems whose failure can cause “exceptionally grave harm” or result in an existential threat to the U.S. government, read the report titled “DoD Microelectronics: Levels of Assurance Definitions and Applications.”
According to the NSA, the guidance will help programs better understand their systems and more effectively address threats.
The report also includes standards and best practices for each level of assurance. Some of the mitigations are described in separate documents due to their complexity.
In the document, the agency said that JFAC is available for DOD programs seeking support in implementing the guidance as well as in responding to compromises.
Category: Cybersecurity