FAA Order 8110.105

Last updated
Airborne Electronic Hardware Approval Guidelines
US-FederalAviationAdmin-Seal.svg
FAA Publication
AbbreviationFAA Order 8110.105
Year started2008 [1]
Latest versionB
2024 (2024)
Organization Federal Aviation Administration
Domain Avionics, type certification
Website faa.gov

FAA Order 8110.105B, Airborne Electronic Hardware Approval Guidelines is an explanation of how Federal Aviation Administration (FAA) personnel can use and apply the publication

Contents

and the additional guidance and clarifications in advisory circular

The order additionally identifies

This revision cancels 8110.105A and 8110.105, Simple and Complex Electronic Hardware Approval Guidance, which had remarkably different intent and content. These cancelled revisions supplemented RTCA DO-254() by explaining to private users of that standard how FAA aircraft certification staff could use that document "when working on type certification projects". [1] They covered "specific topics of interest to the FAA that may go above and beyond content specific to DO-254." [1] As such, these revisions were recommended for reference by developers applying under DO-254() for certification of electronic hardware designs, [2] including those implemented in "custom micro-coded components" (ie., ASICs, PLDs, or FPGAs).

The order now only gives limited instructions on the Airborne Electronic Hardware Review Process to FAA staff and designees. The previous content was removed "to eliminate duplication or conflict with AC 20-152A or AC 00-72," which were released in 2022.

Revision History

RevisionYearTitle
Basic2008Simple And Complex Electronic Hardware Approval Guidance
A2017Simple and Complex Electronic Hardware Approval Guidance
B2024Airborne Electronic Hardware Approval Guidelines

Clarification of application of DO-254 to simple electronic hardware

Custom micro-coded devices are typically presumed to be complex components that cannot be verified through testing alone and must be assured through formal design assurance processes such as those defined in DO-254. However, some applicants have proposed their specific applications as simple components, that is, those that can be verified through testing alone, thereby requiring much less effort to certify. [3] DO-254 had been considered too ambiguous on its application to simple hardware. This concern was the topic of the Certification Authorities Software Team's 2007 CAST-30 position paper, Simple Electronic Hardware and DO-254 and ED-80.

In particular, Order 8110.105 originally provided clarification of DO-254 guidance for "simple" electronic hardware. Such simple hardware does not require as rigorous design assurance as complex functions installed in custom micro-coded components. This definition and related recommendations were removed by Revision B, as this is now covered in less detail by the greatly expanded Revision A of AC 20-152 and the new AC 00-72, both released in 2022.

General clarification of application of DO-254

Additionally, Order 8110.105 originally addressed some of the omissions and clarification needs identified by the Certification Authorities Software Team in their position paper, CAST-31, and as such informs electronic hardware developers of interests beyond those presently expressed in DO-254. [1] This content was removed in Revision B. The order is now only instructions for FAA Aircraft Certification Service personnel to use and apply on the Airborne Electronic Hardware Review Process.

Background

Functioning electronic hardware systems and products certified through DO-254() processes range from replaceable electronic boxes, circuit boards within such enclosures, and any ASICs, PLDs, or FPGAs placed on such boards. These sorts of electronic hardware can be classified as simple or complex. [4] With respect to DO-254(), a device is classified as simple if comprehensive inspection or testing alone can demonstrate that it is reasonably free of design defects or errors and has deterministic behavior. A complex device, then, is one that cannot be assessed by comprehensive inspection or testing alone. [5] [6] [7]

For the purposes of aircraft type certification efforts, aircraft system components are designated as software or hardware. Software components are computer programs installed and operating on computers or microcontrollers and are usually subjected to the design assurance processes of RTCA DO-178() when installed in aircraft. DO-254() is applied to the certification of both simple and complex hardware components, particularly inclusive of both simple and complex custom micro-coded components. "A hardware item is considered simple if a comprehensive combination of deterministic tests and analyses can ensure correct functional performance under all foreseeable operating conditions with no anomalous behavior." All other hardware items are considered complex and, since complex hardware items cannot be completely validated by inspection and testing alone, design assurance methodology is required. [8] Advisory Circular 20-152 recognizes the guidance in DO-254 as a suitable means for demonstrating compliance for the use of complex custom micro-coded components within aircraft systems. [9] However, application of DO-254 to simple micro-coded components was not explicitly addressed by that circular. [10]

Initially, applicants and developers were concerned with the apparent ambiguity of DO-254's guidance on simple electronic hardware. That document is largely concerned with the objectives and activities of developing complex electronic hardware. However, it provides only one short paragraph suggesting that a simple hardware item should be configuration controlled and verified, but "extensive documentation is not needed". In response to the concern, CAST-30Simple Electronic Hardware and RTCA Document DO-254 and EUROCAE Document ED-80 was completed in 2007 to provide clarification to the guidance in DO-254/ED-80 specifically for simple electronic hardware. [11] [12] Following this, FAA Order 8110.105 was released in 2008 to supplement the guidance for both simple and complex electronic hardware, [1] and updated to Revision A in 2017. Three primary chapters are clarification of

The particular interest in topics applicable to simple electronic hardware alone was the reduction of documentation submitted to support certification. Applicants for simple hardware were advised to submit the following:

This selection reflects that only testing, rather than rigorous design assurance, is needed to verify simple hardware.

This advice was removed in Revision B. Rather than providing any list of expected submissions, AC 00-72 now only advises simple hardware applicants that "Due to the simplicity of the device, the life cycle data is reduced.", and provides only the broadest suggestions on how the limited documentation may be covered (Section 3.1.3).

Related Research Articles

DO-178B, Software Considerations in Airborne Systems and Equipment Certification is a guideline dealing with the safety of safety-critical software used in certain airborne systems. It was jointly developed by the safety-critical working group RTCA SC-167 of the Radio Technical Commission for Aeronautics (RTCA) and WG-12 of the European Organisation for Civil Aviation Equipment (EUROCAE). RTCA published the document as RTCA/DO-178B, while EUROCAE published the document as ED-12B. Although technically a guideline, it was a de facto standard for developing avionics software systems until it was replaced in 2012 by DO-178C.

A hazard analysis is used as the first step in a process used to assess risk. The result of a hazard analysis is the identification of different types of hazards. A hazard is a potential condition and exists or not. It may, in single existence or in combination with other hazards and conditions, become an actual Functional Failure or Accident (Mishap). The way this exactly happens in one particular sequence is called a scenario. This scenario has a probability of occurrence. Often a system has many potential failure scenarios. It also is assigned a classification, based on the worst case severity of the end condition. Risk is the combination of probability and severity. Preliminary risk levels can be provided in the hazard analysis. The validation, more precise prediction (verification) and acceptance of risk is determined in the risk assessment (analysis). The main goal of both is to provide the best selection of means of controlling or eliminating the risk. The term is used in several engineering specialties, including avionics, food safety, occupational safety and health, process safety, reliability engineering.

<span class="mw-page-title-main">ARP4754</span>

ARP4754, Aerospace Recommended Practice (ARP) ARP4754B, is a guideline from SAE International, dealing with the development processes which support certification of Aircraft systems, addressing "the complete aircraft development cycle, from systems requirements through systems verification." Revision A was released in December 2010. It was recognized by the FAA in AC 20-174 published November 2011. EUROCAE jointly issues the document as ED–79.

RTCA DO-254 / EUROCAE ED-80, Design Assurance Guidance for Airborne Electronic Hardware is a document providing guidance for the development of airborne electronic hardware, published by RTCA, Incorporated and EUROCAE. The DO-254/ED-80 standard was formally recognized by the FAA in 2005 via AC 20-152 as a means of compliance for the design assurance of electronic hardware in airborne systems. The guidance in this document is applicable, but not limited, to such electronic hardware items as

Integrated modular avionics (IMA) are real-time computer network airborne systems. This network consists of a number of computing modules capable of supporting numerous applications of differing criticality levels.

<span class="mw-page-title-main">DO-160</span>

DO-160, Environmental Conditions and Test Procedures for Airborne Equipment is a standard for the environmental testing of avionics hardware. It is published by the Radio Technical Commission for Aeronautics (RTCA) and supersedes DO-138.

Functional safety is the part of the overall safety of a system or piece of equipment that depends on automatic protection operating correctly in response to its inputs or failure in a predictable manner (fail-safe). The automatic protection system should be designed to properly handle likely systematic errors, hardware failures and operational/environmental stress.

DO-178C, Software Considerations in Airborne Systems and Equipment Certification is the primary document by which the certification authorities such as FAA, EASA and Transport Canada approve all commercial software-based aerospace systems. The document is published by RTCA, Incorporated, in a joint effort with EUROC and replaces DO-178B. The new document is called DO-178C/ED-12C and was completed in November 2011 and approved by the RTCA in December 2011. It became available for sale and use in January 2012.

Advisory circular (AC) refers to a type of publication offered by the Federal Aviation Administration (FAA) to provide guidance for compliance with airworthiness regulations, pilot certification, operational standards, training standards, and any other rules within the 14 CFR Aeronautics and Space Title. They define acceptable means, but not the only means, of accomplishing or showing compliance with airworthiness regulations. Generally informative in nature, Advisory Circulars are neither binding nor regulatory; yet some have the effect of de facto standards or regulations.

<span class="mw-page-title-main">AC 25.1309-1</span> American aviation regulatory document

AC 25.1309–1 is an FAA Advisory Circular (AC) that identifies acceptable means for showing compliance with the airworthiness requirements of § 25.1309 of the Federal Aviation Regulations. Revision A was released in 1988. In 2002, work was done on Revision B, but it was not formally released; the result is the Rulemaking Advisory Committee-recommended revision B-Arsenal Draft (2002). The Arsenal Draft is "considered to exist as a relatively mature draft". The FAA and EASA have subsequently accepted proposals by type certificate applicants to use the Arsenal Draft on development programs.

<span class="mw-page-title-main">AC 20-115</span>

The Advisory Circular AC 20-115( ), Airborne Software Development Assurance Using EUROCAE ED-12( ) and RTCA DO-178( ), identifies the RTCA published standard DO-178 as defining a suitable means for demonstrating compliance for the use of software within aircraft systems. The present revision D of the circular identifies ED-12/DO-178 Revision C as the active revision of that standard and particularly acknowledges the synchronization of ED-12 and DO-178 at that revision.

<span class="mw-page-title-main">AC 20-152</span>

The Advisory Circular AC 20-152A, Development Assurance for Airborne Electronic Hardware, identifies the RTCA-published standard DO-254 as defining "an acceptable means, but not the only means" to secure FAA approval of complex custom micro-coded components within aircraft systems with Item Design Assurance Levels (IDAL) of A, B, or C. Specifically excluding COTS microcontrollers, complex custom micro-coded components include field programmable gate arrays (FPGA), programmable logic devices (PLD), and application-specific integrated circuits (ASIC), particularly in cases where correctness and safety can not be verified with testing alone, necessitating methodical design assurance.

DO-248C, Supporting Information for DO-178C and DO-278A, published by RTCA, Incorporated, is a collection of Frequently Asked Questions and Discussion Papers addressing applications of DO-178C and DO-278A in the safety assurance of software for aircraft and software for CNS/ATM systems, respectively. Like DO-178C and DO-278A, it is a joint RTCA undertaking with EUROCAE and the document is also published as ED-94C, Supporting Information for ED-12C and ED-109A. The publication does not provide any guidance additional to DO-178C or DO-278A; rather, it only provides clarification for the guidance established in those standards. The present revision is also expanded to include the "Rationale for DO-178C/DO-278A" section to document items that were considered when developing DO-178B and then DO-178C, DO-278A, and DO-330, as well as the supplements that accompany those publications.

CAST-32A, Multi-core Processors is a position paper, by the Certification Authorities Software Team (CAST). It is not official guidance, but is considered informational by certification authorities such as the FAA and EASA. A key point is that Multi-core processor "interference can affect execution timing behavior, including worst case execution time (WCET)."

DO-297, Integrated Modular Avionics (IMA) Development Guidance and Certification Considerations is one of the primary document by which certification authorities such as the FAA and EASA approve Integrated Modular Avionics (IMA) systems for flight. The FAA Advisory Circular (AC) 20-170 refers to DO-297.

The Advisory Circular AC 00-69, Best Practices for Airborne Software Development Assurance Using EUROCAE ED-12( ) and RTCA DO-178( ), initially issued in 2017, supports application of the active revisions of ED-12C/DO-178C and AC 20-115. The AC does not state FAA guidance, but rather provides information in the form of "best practices" complementary to the objectives of ED-12C/DO-178C.

<span class="mw-page-title-main">CAST-31</span> Certified Authorities Software Team position paper

CAST-31, Technical Clarifications Identified for RTCA DO-254 / EUROCAE ED-80 is a Certification Authorities Software Team (CAST) Position Paper. It is an FAA publication that "does not constitute official policy or guidance from any of the authorities", but is provided for educational and informational purposes only for applicants for software and hardware certification.

The Certification Authorities Software Team (CAST) is an international group of aviation certification and regulatory authority representatives. The organization of has been a means of coordination among representatives from certification authorities in North and South America, Europe, and Asia, in particular, the FAA and EASA. The focus of the organization has been harmonization of Certification Authorities activities in part though clarification and improvement of the guidance provided by DO-178 and DO-254.

<span class="mw-page-title-main">CAST-15</span>

CAST-15, Merging High-Level and Low-Level Requirements is a Certification Authorities Software Team (CAST) Position Paper. It is an FAA publication that "does not constitute official policy or guidance from any of the authorities", but is provided to applicants for software and hardware certification for educational and informational purposes only.

<span class="mw-page-title-main">FAA Order 8110.37</span> FAA Order 8110.37 defines the FAAs system of DERs. DERs issue signed FAA Form 8110-3 approvals.

FAA Order 8110.37 , Designated Engineering Representative (DER) Handbook, is a handbook of procedures, technical guidelines, limitations of authority, tools, and resources for Designated Engineering Representatives (DERs), who are appointees of the Federal Aviation Administration. Both DERs and the FAA offices managing them have individual and mutual roles and responsibilities in the certifications of safety of aircraft and aviation systems. This handbook provides a better understanding of these roles. Although intended for the roles of DERs, this order may be useful to ODA engineering Unit Members, who are effectively DERs managed by aviation manufacturers rather than by the FAA.

References

  1. 1 2 3 4 5 Cary Spitzer; Uma Ferrell; Thomas Ferrell, eds. (2015). Digital Avionics Handbook, Avionics, Development and Implementation (3rd ed.). Boca Raton, FL: CRC Press. p. 14-17 to 14-18. ISBN   978-1138076983. The FAA published Order 8110.105 originally in 2008. ... The Order explains FAA interpretation and application of DO-254 to simple and complex electronic approval. [emphasis added]
  2. Spitzer, Ferrell, and Ferrell, p. 14-17 " ... it behooves applicants and PLD developers to be familiar with the content and intent of the Order ...."
  3. Spitzer, Ferrell, and Ferrell, p. 14-2 "Classifying hardware as simple allows for a reduction in the hardware design assurance activities and documentation described within DO-254."
  4. Digital Avionics Handbook, Avionics. p. 14-1. The hardware items encompass line-replaceable units (LRUs), circuit card assemblies, and custom microcoded devices such as fieldprogrammable gate arrays (FPGAs) and ...
  5. Digital Avionics Handbook, p. 14-2, Hardware that is fully testable, through comprehensive and deterministic verification tests that address all foreseeable operating conditions, is classified as simple. The verification of simple hardware needs to demonstrate that the hardware has deterministic behavior and is free of anomalies.
  6. Acquisition Management : A Guide for Program Management. Systems Command, United States. 1976. Retrieved 2022-06-16. Complex equipments and subsystems cannot be evaluated by inspection and testing alone. [emphasis added]
  7. Challenges and Approaches for Selecting, Assessing and Qualifying Commercial Industrial Digital Instrumentation and Control Equipment for Use in Nuclear Power Plant Applications. IAEA. 2020. ISBN   9789201100207 . Retrieved 2022-06-16. This is particularly important for ... complex hardware (such as FPGAs), where inspection or testing alone cannot confirm the behavior of the device. [emphasis added]
  8. RTCA/DO-254 "Design Assurance Guidance For Airborne Electronic Hardware", Appendix C
  9. AC 20-152, FAA, Office AIR-100, 2005. "This AC recognizes the guidance in RTCA/DO-254 applies specifically to complex custom micro-coded components with hardware design assurance levels of A, B, and C, such as ASICs, PLDs, and FPGAs", Page 1.
  10. "8110.105 Simple And Complex Electronic Hardware Approval Guidance" (PDF). FAA Order. FAA: 1–2. 2008-07-13. Retrieved 2019-09-04. "[AC 20-152] doesn't recognize RTCA/DO-254 as a way to demonstrate compliance to regulations for simple micro-coded components.
  11. "CAST-30 Simple Electronic Hardware and RTCA Document DO-254 and EUROCAE Document ED-80, Design Assurance Guidance for Airborne Electronic Hardware" (PDF). Position Paper. FAA: 1. Retrieved 2019-09-04. This CAST paper provides clarification to the guidance in RTCA document DO-254 and EUROCAE document ED-80 for simple electronic hardware, ...
  12. Digital Avionics Handbook, pp. 14–18CAST-30 is listed as relevant to 8110.105
  13. "8110.105 Simple And Complex Electronic Hardware Approval Guidance" (PDF). FAA Order. FAA. 2008-07-13. Retrieved 2019-09-04.
  14. Digital Avionics Handbook, pp. 14–18The table list these three subjects.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.