Hardware Assurance Interactions with DMSMS and Parts Management

February, 2022
IDA document: D-32930
FFRDC: Systems and Analyses Center
Type: Documents
Division: Strategy, Forces and Resources Division
Jay Mandelbaum, Christina M. Patterson See more authors
Hardware assurance (HwA) encompasses the processes, practices or methodologies employed to achieve a level of confidence that microelectronics function as intended and are free of exploitable weaknesses and known vulnerabilities, either intentionally or unintentionally designed or inserted, throughout the life cycle. To achieve an acceptable level of risk, HwA must be addressed in areas such as physical security, electronic security, supply chain risk management, anti-counterfeit, anti-tamper, etc. Resolutions to diminishing manufacturing sources and material shortages (DMSMS) issues nearly always result in part changes and consequently could introduce HwA risks because: — The need for protection may not have been communicated to the DMSMS management community. — Existing protections may not be effective for the new resolution or may be out-of-date. — Risks may have changed. — Weaknesses and vulnerabilities may have changed. This briefing recounts experiences garnered from discussions with multiple program offices to capture how HwA is being taken into account when resolving DMSMS issues. Tentative conclusions will be drawn about the seriousness of the problem and the need to take action. Finally, hypotheses concerning approaches to address the risks will be suggested.