The NSA just published DoD Microelectronics: Field Programmable Gate Array Level of Assurance 2 Best Practices
In support of securing Field Programmable Gate Array (FPGA) based systems from adversary influence during the manufacturing process, this report outlines the categories of relevant threats and the best practices for mitigating them at Level of Assurance 2 (LoA2). LoA2 captures the threats most likely to be exercised against a DoD system based upon their cost and high value of return. This level is defined as causing serious harm to U.S. personnel, property, or interests if the systems fails.
Organized by threat, this report provides multiple technical mitigations to choose from to address each threat and to allow the user the best fit for their program needs. The following table identifies the ten threat descriptions (TD) addressed by this guidance.