Hi All,
The NSA just published DoD Microelectronics: Field Programmable Gate Array Level of Assurance 1 Best Practices.
In support of securing Field Programmable Gate Array (FPGA) based systems from adversary influence during the manufacturing process, this report outlines the categories of relevant threats and the best practices for mitigating them at Level of Assurance 1 (LoA1). LoA1 captures the threats most likely to be exercised against a DoD system based upon their low cost and high value of return. At this level, these threats have the following characteristics:
Access – Exploit a single available point of access,
Technology – Use existing public technology,
Investment – Require minimal investment of resources,
Value of effect – Disable or subvert system capabilities, and
Targetability – Are inherently targetable and controllable.
Organized by threat, this report provides multiple technical mitigations to choose from to mitigate each threat and allow the program the best fit for their program needs.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA
------------------------------