This document provides a quick start guide for applying the National Security Agency's Field Programmable Gate Array (FPGA) Levels of Assurance (LoA) guidance. It outlines a 4-step process: 1) Determine the appropriate LoA for the top-level system based on its potential national impact; 2) Determine the appropriate LoA for the FPGA(s) based on their criticality; 3) Select the relevant best practice guidance document; 4) Apply the guidance. The guide helps users identify which of the 9 LoA documents are necessary based on the determined LoAs for ensuring the appropriate level of security for FPGA-based systems.
This document provides a quick start guide for applying the National Security Agency's Field Programmable Gate Array (FPGA) Levels of Assurance (LoA) guidance. It outlines a 4-step process: 1) Determine the appropriate LoA for the top-level system based on its potential national impact; 2) Determine the appropriate LoA for the FPGA(s) based on their criticality; 3) Select the relevant best practice guidance document; 4) Apply the guidance. The guide helps users identify which of the 9 LoA documents are necessary based on the determined LoAs for ensuring the appropriate level of security for FPGA-based systems.
This document provides a quick start guide for applying the National Security Agency's Field Programmable Gate Array (FPGA) Levels of Assurance (LoA) guidance. It outlines a 4-step process: 1) Determine the appropriate LoA for the top-level system based on its potential national impact; 2) Determine the appropriate LoA for the FPGA(s) based on their criticality; 3) Select the relevant best practice guidance document; 4) Apply the guidance. The guide helps users identify which of the 9 LoA documents are necessary based on the determined LoAs for ensuring the appropriate level of security for FPGA-based systems.
This document provides a quick start guide for applying the National Security Agency's Field Programmable Gate Array (FPGA) Levels of Assurance (LoA) guidance. It outlines a 4-step process: 1) Determine the appropriate LoA for the top-level system based on its potential national impact; 2) Determine the appropriate LoA for the FPGA(s) based on their criticality; 3) Select the relevant best practice guidance document; 4) Apply the guidance. The guide helps users identify which of the 9 LoA documents are necessary based on the determined LoAs for ensuring the appropriate level of security for FPGA-based systems.
DoD Microelectronics: Field Programmable Gate Array Level of Assurance Quick Start Guide
October 2023
U/OO/208512-23 PP-23-3453 Version 1.0 National Security Agency | Cybersecurity Technical Report FPGA Level of Assurance Quick Start Guide
This cybersecurity technical report (CTR) was created in
collaboration with the JFAC Hardware Assurance labs:
National Security Agency
Air Force Research Lab (AFRL) RYDT Naval Surface Warface Center (NSWC) Crane Army Development Command (DEVCOM)/AVMC
For additional information, guidance, or assistance with this
document, please contact the Joint Federated Assurance Center (JFAC) at JFAC_HWA@radium.nscs.mil.
U/OO/208512-23 | PP-23-3453 | OCT 2023 Ver. 1.0 ii
National Security Agency | Cybersecurity Technical Report FPGA Level of Assurance Quick Start Guide
Notices and history
Document change history Date Version Description October 2023 1.0 Initial Publication
Disclaimer of warranties and endorsement
The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Publication information Author(s) National Security Agency Cybersecurity Directorate Joint Federated Assurance Center
Contact information Joint Federated Assurance Center: JFAC_HWA@radium.ncsc.mil Cybersecurity Report Feedback / General Cybersecurity Inquiries: CybersecurityReports@nsa.gov Defense Industrial Base Inquiries and Cybersecurity Services: DIB_Defense@cyber.nsa.gov Media inquiries / Press Desk: Media Relations, 443-634-0721: MediaRelations@nsa.gov
Purpose This document was developed in furtherance of NSA’s cybersecurity missions. This includes its responsibilities to identify and disseminate threats to National Security Systems, Department of Defense information systems, and the Defense Industrial Base, and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
U/OO/208512-23 | PP-23-3453 | OCT 2023 Ver. 1.0 iii
National Security Agency | Cybersecurity Technical Report FPGA Level of Assurance Quick Start Guide
Contents DoD Microelectronics: Field Programmable Gate Array Level of Assurance Quick Start Guide................................................................................. i Quick start guide purpose ............................................................................................ 2 Quick start steps ........................................................................................................... 3 Overview ...................................................................................................................... 3 1. Determine the appropriate LoA for the top-level system .......................................... 3 2. Determine the appropriate LoA for the FPGA device(s) ........................................... 4 3. Select the appropriate best practice guide ............................................................... 5 4. Apply the guidance................................................................................................... 6
Tables Table 1: Level of Assurance best practice guidance Documents .................................... 2 Table 2: Top-level system LoA criteria as determined by national impact ....................... 3 Table 3: TSN criticality and corresponding Levels of Assurance ..................................... 4 Table 4: Mapping critical components to Levels of Assurance ........................................ 5
U/OO/208512-23 | PP-23-3453 | OCT 2023 Ver. 1.0 iv
National Security Agency | Cybersecurity Technical Report FPGA Level of Assurance Quick Start Guide
Quick start guide purpose
This quick start guide for the NSA Field Programmable Gate Array (FPGA) Levels of Assurance (LoA) guidance provides users with an outline of how to apply the LoA Best Practice Guides to their programs. While comprised of nine documents in total, the LoA series does not require all the volumes for its application. Users need only read and apply the guidance found in, at most, two documents. Other documents in the series address the methods used to develop the guidance, advice on how to replicate this process for other types of microelectronic devices, and include definitions. Users only need to concern themselves with:
The appropriate level best practice guide
The accompanying third-party intellectual property (IP) review guide
The following table lists the nine LoA documents and their purposes: Table 1: Level of Assurance best practice guidance Documents Document Purpose DoD Microelectronics: Field Programmable Gate Array Background Overall Assurance Process DoD Microelectronics: Levels of Assurance Definitions and Background Applications DoD Microelectronics: Field Programmable Gate Array Background Best Practices – Threat Catalog DoD Microelectronics: Field Programmable Gate Array Guidance LoA1 Level of Assurance 1 Best Practices DoD Microelectronics: Third-Party IP Review Process for Guidance LoA1 Level of Assurance 1 DoD Microelectronics: Field Programmable Gate Array Guidance LoA2 Level of Assurance 2 Best Practices DoD Microelectronics: Third-Party IP Review Process for Guidance LoA2 Level of Assurance 2 DoD Microelectronics: Field Programmable Gate Array Guidance LoA3 Level of Assurance 3 Best Practices DoD Microelectronics: Third-Party IP Review Process for Guidance LoA3 Level of Assurance 3
U/OO/208512-23 | PP-23-3453 | OCT 2023 Ver. 1.0 2
National Security Agency | Cybersecurity Technical Report FPGA Level of Assurance Quick Start Guide
Quick start steps
Overview The application of the LoA guidance consists of the following four simple steps: 1. Determine the appropriate level of assurance for the top-level system. 2. Determine the appropriate level of assurance for the FPGA device(s). 3. Select the appropriate best practice guide. 4. Apply the guidance.
1. Determine the appropriate LoA for the top-level system
The first step in applying the LoA guidance identifies the appropriate LoA for the top- level system in which the FPGA will operate, a determination made by the program based on the potential national-level impact caused by the failure or subversion of the top-level system. This determines the highest possible level of assurance for the FPGA device.
The FPGA device should not be protected at a level higher than the system in which it operates. A U.S. Government (USG) person with authority over the program should select the appropriate LoA for the overall program using the criteria in the following table:
Table 2: Top-level system LoA criteria as determined by national impact
Level of Assurance Typical Criteria
If the system fails, USG capability will be reduced in a
meaningful way. If the system is subverted, it can cause harm LoA 1 to U.S. personnel, property, or interests. However: Essential operational capabilities for the DoD will remain available even during a system failure.
If the system fails, the consequences will be grave. If the
system is subverted, it can cause serious harm to U.S. LoA 2 personnel, property, or interests. However: Essential operational capabilities for the DoD may be degraded during a system failure, and
U/OO/208512-23 | PP-23-3453 | OCT 2023 Ver. 1.0 3
National Security Agency | Cybersecurity Technical Report FPGA Level of Assurance Quick Start Guide
Level of Assurance Typical Criteria
Redundant capabilities can be brought online as part of
a continuity of operations plan, and The failure of the system will not cause cascade effects across many DoD or allied systems.
If the system fails, the consequences will be extremely grave.
If the system is subverted, it can cause exceptionally grave harm to U.S. personnel, property, or interests. A failure or subversion of this system: May represent an existential risk to the USG, and LoA 3 May cascade across many DoD systems in a way that impacts total operational readiness in an immediate way, and Will interrupt essential operational capabilities of the DoD.
Select the top-level LoA. This now represents the highest level at which the FPGA device can be protected.
2. Determine the appropriate LoA for the FPGA device(s)
The second step determines the appropriate LoA for each FPGA device in the sub- system. The device LoA is based upon the device’s criticality to the system in which it operates. This criticality is determined during the program’s Trusted Systems and Networks (TSN) analysis required by the Program Protection Plan. The program’s TSN analysis determines the assignment of a level of criticality commensurate with the consequence to the sub-system of the component’s failure. The following table lists the TSN levels of criticality and the corresponding LoAs:
Table 3: TSN criticality and corresponding Levels of Assurance
TSN Criticality Description LoA Mapping
Level I: Failure that results in total LoA3 Total Mission Failure compromise of mission capability
U/OO/208512-23 | PP-23-3453 | OCT 2023 Ver. 1.0 4
National Security Agency | Cybersecurity Technical Report FPGA Level of Assurance Quick Start Guide
TSN Criticality Description LoA Mapping
Level II: Failure that results in unacceptable Significant / compromise of mission capability or LoA2 Unacceptable significant mission degradation Degradation Failure that results in partial Level III: compromise of a mission capability LoA1 Partial / Acceptable or partial mission degradation N/A; Although LoA1 Failure that results in little or no Level IV: Negligible mitigations are compromise of mission capability recommended
Although components can receive a lower LoA than the system, a component cannot receive a higher LoA than the system. For example, an LoA1 system cannot require LoA3 components.
Program analysts can refer to the following table to determine the appropriate LoA for a given component having determined the TSN criticality level.
Table 4: Mapping critical components to Levels of Assurance
TSN Criticality of Component to the System
System LoA Partial / Significant / Total Mission Negligible Acceptable Unacceptable Failure LoA 1 N/A LoA 1 LoA 1 LoA 1 LoA 2 LoA 1 LoA 1 LoA 2 LoA 2 LoA 3 LoA 1 LoA 2 LoA 3 LoA 3
Determine the LoA for each FPGA device in the sub-system.
3. Select the appropriate best practice guide
After identifying the device LoA, the user can download the appropriate best practice guide and its accompanying IP review guide from the NSA website, https://www.nsa.gov/Press-Room/DoD-Microelectronics-Guidance/. Each best practice guide is complete and does not require information or support of the lower-level guides. That is, for LoA3, the user does not also need LoA2 and LoA1 documents.
U/OO/208512-23 | PP-23-3453 | OCT 2023 Ver. 1.0 5
National Security Agency | Cybersecurity Technical Report FPGA Level of Assurance Quick Start Guide
4. Apply the guidance
Each best practice guide contains all the guidance necessary to mitigate threats at the intended level. In addition to the mitigation details, the documents include a checklist that users can use to track the chosen options, a glossary, and contact information for help or questions.
