In both the civil and military sectors, the role played by embedded aerospace and defence software is ever more significant. Aircraft control, civil and defence avionics, navigation, and communications systems all depend heavily on embedded software to ensure optimal functionality and performance, and they rely equally on those systems to be safe and secure.
For almost half a century, LDRA has been supporting the aerospace and defence industry through substantial contributions to the standards that establish best practices, and by helping companies adhere to them. Our tools simplify compliance challenges by automating industry best practices, and our consultancy services underpin the efforts of both newcomers to the sector, and those looking to streamline their activities.
The Federal Aviation Administration (FAA) is an agency of the United States Department of Transportation (DOT) responsible for regulating and overseeing civil aviation within the United States. The FAA’s primary mission is to ensure the safety and efficiency of the U.S. aviation system, including commercial and private aviation.
The European Union Aviation Safety Agency (EASA) is an agency of the European Union (EU). It is responsible for aviation safety and regulation within the EU member states. EASA was established in 2002 and is headquartered in Cologne, Germany. Its primary mission is to promote and maintain high levels of safety in civil aviation throughout Europe.
Several international agencies and organizations have responsibilities like those of the FAA in the United States, and EASA in the European Union. These agencies oversee civil aviation, set standards, and regulate aviation safety in their respective regions or at a global level. Some of the key international counterparts include:
Although slightly different in nature to these regional bodies, the activities of the International Civil Aviation Organization (ICAO) are relevant to them. ICAO is a specialized agency of the United Nations responsible for setting global standards and regulations for civil aviation. It develops standards and recommended practices (SARPs) covering areas like airworthiness, air navigation, safety oversight, and aviation security. Member states adopt these standards into their national regulations.
RTCA (formerly Radio Technical Commission for Aeronautics) is a private & public partnership vehicle for developing consensus on civil aviation modernization. RTCA works closely with the Federal Aviation Administration (FAA) and industry experts from the US and around the world to develop recommendations on technical performance standards.
RTCA Special Committees draw upon the knowledge and experience of prominent aviation experts to craft recommendations. RTCA and the Federal Aviation Administration (FAA) collaborate to develop thorough standards, which are then validated and endorsed by the industry. These standards serve as compliant methods in accordance with FAA regulations.
EUROCAE (originally The European Organisation for Civil Aviation Equipment) is generally comparable to RTCA. Likewise, its relationship with EASA is broadly equivalent to the relationship between the FAA and RTCA.
RTCA and EUROCAE have a collaborative relationship, frequently working together on joint committees and actively seeking to harmonize standards. This close cooperation allows the global aviation sector to benefit from the expertise and contributions of both organizations.
The diagram below illustrates the relationship between the primary documents that describe the required design, validation, and certification artefacts relating to airborne embedded software, and bidirectional traceability to show the fulfilment of requirements designed to achieve those ends.
It is deliberately simplistic in the name of clarity, and clearly involves more than just software for aerospace and defence. For example, DO-254 compliance, integrated modular electronics, and multicore processors have implications for airborne electronic hardware, rather than being dedicated to aerospace software standards or aerospace coding!
Although the diagram shows RTCA document nomenclature, it is similarly applicable to EUROCAE equivalent documents.
The close relationship between RTCA and EUROCAE means that there is a direct correlation between their relevant documents. This list shows both naming conventions.
DO-278A/ED-190D is the most pertinent document. It serves a similar purpose for ground-based systems to that served by DO-178C’s software consideration in airborne systems and was developed in parallel to it. As a result, around 75% of it is similar.
There are many nation-specific defence-related certification standards in use across the world. Examples include:
More generally, there are several moves towards international harmonisation of defence standards. For instance , the European Defence Agency is working towards the harmonisation of applied defence standards in the EU, while several NATO STANAG standards will likely impact software considerations – for example, STANAG 4406, STANAG 4586, and STANAG 5525 are concerned with messaging, Unmanned Vehicle Systems (UAVs), and digital imagery, respectively.
In many cases, defence software must comply with both civil and defence standards such as DO178C/ED-12C and DO278A/ED-190D in aerospace, and ISO 26262 for ground vehicles.
In many cases these are similar to, and overlap with, their defence counterparts They may also be adapted to some extent to account for the different requirements of military applications. For example, the military version of DO178C references Mission Success Probability (MSP), harsh operational environments, and “military compliance” rather than “certification”.
The FACE Consortium was initially a US government and industry partnership working to define an open avionics environment for all military airborne platform types. In 2022, the consortium moved to open membership to the countries of Canada, Australia, New Zealand, and the United Kingdom, and the current list of consortium members can be found on the Open Group FACE website.
The Consortium published the first set of documents defining the FACE Approach in 2010 and have refined it on an ongoing basis ever since. The Approach integrates technical and business practices that establish a standard common operating environment to support portable capabilities not only across airborne systems, but also increasingly in other sectors too.
The approach includes a software development standard and business strategy with the aim of:
Under US legislation – Title 10 U.S.C. 2446a.(b), Sec 805 – all major defence acquisition programs (MDAP) are to be designed and developed using a Modular Open Systems Approach (MOSA). For defence systems software, conformance with the FACE Technical Standard satisfies this requirement.
LDRA’s tools help to alleviate the overhead associated with defence and aerospace test standards, and with the traceability of requirements to the design and verification of code.
Requirements traceability. TBmanager supports bidirectional traceability of requirements, development, and verification process and related artefacts throughout the A&D application software development life cycle, facilitating impact analysis and the provision of evidential compliance artefacts.
Traceability to standards. TBmanager also provides for bidirectional traceability to A&D related functional safety and cybersecurity standard objectives.
Coding standards compliance. Applicable to in-house, industry standard, or hybrid rule sets, TBvision’s static analysis simplifies the enforcement of the coding standards applicable to embedded systems for A&D.
Low-level (unit), system, and integration testing. The TBvision and TBrun components of the LDRA tool suite combine to support host, simulator, and target-based testing in accordance with A&D standards.
Structural Coverage Analysis. The LDRA tool suite supports the rigorous coverage analysis requirements demanded by A&D related functional safety and cybersecurity standards.
MC/DC. The structural coverage analysis capabilities of the LDRA tool suite includes Modified Condition/Decision Coverage (MC/DC) analysis.
Source code to object code traceability. The TBobjectBox module provides an automated mechanism to achieve complete Object Code Verification (OCV) by relating code coverage at the source code level to that achieved at the object code level.
Tool Qualification. The LDRA Tool Qualification Support Packs (TQSPs) provide support for the qualification of its tool suite for both structural coverage analysis (SCA) and programming rules checking (PRC).
FACE conformance. The LDRA FACE related product and services portfolio includes solutions to simplify the development of FACE Conformant UoCs and the achievement of FACE Conformance. LDRA Consultancy Services are an approved FACE Verification Authority.
DO-178C
Technical Briefing: DO-178C: Get on a High with your software development
Technical White Paper: Verification of Airborne Software in Compliance with DO-178C
Technical white paper: Developing compliant critical software systems with multicore processors
CAST-32A
Technical briefing: The significance of Object Code Verification in CAST-32A
DO-178C
On Demand DO-178C “First Flight” Self-paced online training course
Ensuring the compliance of avionics software with DO-178C
DO-330
DO-330 Test tool qualification for aerospace applications
CAST-32A
Video: The multicore challenge: A practical approach to CAST-32A compliance
FACE
Video: FACE and DO-178C – a Path and Methodology to Airworthy, Cost-Effective, Aviation Software
Email: info@ldra.com
EMEA: +44 (0)151 649 9300
USA: +1 (855) 855 5372
INDIA: +91 80 4080 8707