Military Embedded Systems

Safety-certifiable COTS modules speed and ease DO-254 safety certification


April 14, 2016

Gregory Sikkens


Safety-certifiable COTS modules speed and ease DO-254 safety certification

The first step in the process is to determine the system's intended DAL level.

Increasingly, Federal Aviation Administration (FAA) and European Aviation Safety Agency (EASA) regulations are requiring that airborne electronics used in military applications meet the DO-254 safety certification standard. The good news is that there are safety-certifiable commercial off-the-shelf (COTS) modules able to meet the demanding FAA/EASA criteria. What’s more, compared to standard COTS boards, modules designed to a DO-254 design process may also deliver significant reliability benefits for many aerospace and defense applications that do not require DO-254 compliance.

Traditionally, prime contractors serving the defense market have required COTS system software to be DO-178 certified; in recent years, however, the field has seen a growing requirement for COTS suppliers to also provide DO-254 hardware certification. This trend is being driven by a number of market factors, including cockpit digitization, multicore processing (enabling a reduction in the number of separate systems), the growing use of common avionics subsystems, the increasing number of unmanned aerial vehicles (UAVs) and other military aircraft flying over civil population centers, and the use of synthetic vision systems (SVS) for landing (which affects the Design Assurance Level [DAL] required of mission computers).

Until recently, DO-254 safety-certifiable systems were built with expensive custom systems. The cost of ensuring that these systems can meet FAA standards – including the hardware, software, and required artifacts – is typically in the millions of dollars. Using safety-certifiable COTS modules can greatly reduce these costs, while also reducing the customer’s risk and accelerating their time to market.

The first step in the process is to determine the system’s intended DAL level. After the DAL level is determined, the system integrator can design the system for certifiability: This procedure entails the production of a variety of artifacts that can be later submitted to certification authorities such as the FAA and EASA for verification.

COTS vendors who have developed safety-certifiable modules are able to provide users with the necessary document package of artifacts to support system safety assessments and the customer’s certification efforts. These artifacts document the system’s planning, requirements, design, integration, configuration, and low-level testing. While this process may appear time-consuming and expensive, the end result – DO-254 and DO-178C certification – has been proven to increase safety, improve quality and maintainability, and reduce long-term costs. Today, COTS vendors offer single-board computers (SBCs), graphics modules, and I/O cards designed to comply with DO-254 DAL C through A. Many more safety-certifiable modules are in development, which will greatly expand the configuration options available to system engineers.

Using these safety-certifiable COTS modules can also help reduce a user’s design risk and cut development schedules. When used in a new system design that does not yet, but will later need, to undergo DO-178 or DO-254 certification, a standard safety-certifiable COTS module ensures that the user’s system can be successfully integrated into the next higher level of assembly.

The reason: these modules are already designed, available, and known to work, whereas new designs inherently have the potential for greater risk, which can cause extensive delays and unforeseen costs. Safety-certifiable COTS modules can also greatly reduce a system development schedule because they enable application development to begin immediately. In contrast, with a custom-built system, the certification process must start from scratch. The COTS safety certification evidence provided by the board vendor, along with service history collected for a given program, enables the customer to accrue significant benefits for their next program when using similar hardware and board support packages, which will ultimately speed future integration and certification processes.

An example of a safety-certifiable standard COTS module is the Curtiss-Wright VPX3-611 avionics I/O module (Figure 1), which is designed to work with previously introduced safety-certifiable SBCs and graphics cards. The I/O module’s field-programmable gate array (FPGA) I/O blocks can be factory-configured to DO-254 DAL C and DO-178C DAL C. Because DO-254 certification artifacts are available for the module’s I/O interfaces at the FPGA block macro level, I/O configuration variants can be created quickly and less expensively than a custom solution. Safety-certifiable I/O interfaces supported by the VPX3-611 include MIL-STD-1553B, ARINC 429, CANbus, asynchronous UARTS, discretes, analog in, analog out, and Serial Peripheral Interface (SPI).


Figure 1: The VPX3-611 avionics I/O module is de-signed to work with previously introduced safety-certifiable SBCs and graphics cards.

(Click graphic to zoom by 1.9x)




Gregory Sikkens, Senior Product Manager



Featured Companies


20130 Lakeview Center Plaza
Ashburn, Virginia 20147