DO-254 Intro, Compliance: Free Tools/ Papers / Resources

DO-254 Introduction

Avionics hardware DO-254 and A(M)C 20-152A / AC 20-152A clearly explained

Download Full 10-20 Page DO-254 Whitepaper

DO-254 facts, myths, challenges, and successes are described in this paper. DO-254 can be expensive, sometimes increasing hardware development/documentation costs by 150%. Our DO-254 paper provides facts to hopefully reduce DO-254 costs by 20-50%.

DO-254 facts, myths, challenges, and successes are described in this paper. DO-254 can be expensive, sometimes increasing hardware development/documentation costs by 150%. Our DO-254 paper provides facts to hopefully reduce DO-254 costs by 20-50%.

The new A(M)C 20-152A is the latest of four DO-254 interpretations which increases the avionics hardware certification rigor and clarity while bringing DO-254 closer to software’s corollary Guideline.

DO-254 has been called “DO-178’s Little Sibling.” Like many little brothers and sisters worldwide however, the term “little” is often wrong. The following provides an overview of DO-254 plus relevant differences with DO-178C. DO-254, or more properly, “Design Assurance Guidance for Airborne Electronic Hardware,” was created as an obvious response to two simultaneous and related events:

  1. Firmware was playing a larger role in avionics, with developers rapidly leveraging increased silicon-based complexity, and
  2. The avionics firmware development process was relatively unregulated, with certification performed after-the-fact at a high level

While embedded avionics software engineering made huge strides and inroads in the eighties and nineties, firmware development was considered an informally adjunct art form. But what is “firmware”? When does “soft” become “firm” become “hard”? Time for a review .

Twenty years ago, firmware was relegated to specialized functions within avionics as compared to its highly varied role today. There were multiple reasons early firmware was more limited in aviation:

  1. Firmware development tools provided limited flexibility compared to software
  2. Firmware was difficult to change once burned or loaded in silicon devices
  3. Firmware was considered a less-desirable option than software due to a seemingly more difficult debugging and update process

However, great strides in Field-Programmable Gate Arrays (FPGA’s) brought such firmware to the forefront of aviation. With FPGA’s, all of the aforementioned restrictions on firmware adoption were dramatically reduced. FPGA’s increasingly had very modern development tools, were easy to update, and allowed for potential flexibility and execution speed advantages over software-based logic.

A cover page of the book "DO-254 Compliance Hardware Introduction for Engineers and Managers" by Vance Hilderman and Tony Baghai, with technical review by M.S. Gencel Ero | Afuzion

As a result of this evolution (or almost “revolution”) in silicon based logic, avionics developers increasingly exercised the choice of implementing logic via silicon instead of software. However, DO-178 did not strictly apply to silicon-based logic, and there was no regulatory counterpart. Thus the need for a similar development and certification standard that could act as a counterpart to DO-178.

DO-254 covers Complex Electronic Hardware (CEH), e.g. hardware with embedded logic. DO-254 is:

  • A flexible framework for the development of airborne hardware containing avionics-specific logic.
  • Able to accommodate almost all types of hardware ranging from sensors, multiplexers, and switches to full-featured FPGA’s and ASIC’s.
  • A guideline which tries to cover a nearly infinite spectrum of applications and thus lacks specificity for particular projects.

Learn More About DO-254 Compliance

Design Assurance
Levels in DO-254

DO-254’s Planning

Understanding the DO-254 Ecosystem


DO-254 White Paper Excerpt Continued

Understanding Design Assurance Levels in

The Design Assurance Level (DAL) greatly affects process rigor applied to hardware certification via DO-254. The following graphic summarizes key differences between the DALS for DO-254.

Key DAL Aspect Differences for DO-254: from AFuzion DO-254 Training

A table outlining various system design requirements across different levels of independence levels (level a to level d) for DO-254 compliance. | Afuzion

Again, in DO-254 especially, the DAL of the hardware is usually, but not always, the same as the system DAL.  Why? The system contains hardware which is necessary to perform its functionality, and that hardware is expected to directly correlate to the system’s contribution toward flight safety.

Process Assurance is like Quality Assurance but with a larger scope including auditing of hardware suppliers and manufacturing transition processes. Process Assurance has five primary activities as depicted in the following diagram:

Process Assurance in DO-254 differs from software’s DO-178C quality assurance because hardware’s Process Assurance must involve auditing hardware suppliers and ensuring subsequent system manufacturing processes are documented, repeatable, and conform to plans.  Since DO-254’s hardware’s Process Assurance has these two additional roles versus software’s Quality Assurance, it has the different name “Process Assurance.”

A pyramid diagram illustrating the "DO-254 process compliance: five key roles per afuzion," with each level detailing a specific role ranging from keeping records of audits/metrics at the top to ensuring | Afuzion
A cover page of the book "DO-254 Compliance Hardware Introduction for Engineers and Managers" by Vance Hilderman and Tony Baghai, with technical review by M.S. Gencel Ero | Afuzion

Download our free technical DO-254 Intro White Paper for a complete overview

AFuzion provides more than 25 technical white papers on avionics safety and compliance. Download your free DO-254 white paper, or you can select up to two of our safety-critical avionics white papers for free and receive a detailed overview of concepts like DO-278A best practices, DO-178C top mistakes, military compliance for DO-178 and DO-254, and more.

Download DO-254 Intro White Paper

DO-254's Planning Process

Wise people know “What gets planned, gets done.”  In the same way, wiser avionics authorities know “What gets planned thoroughly can be assessed more thoroughly.” Accordingly, DO-254 requires a detailed planning process consisting of five Plans and four Standards:

An informational graphic outlining five key hardware-related plans for DO-254 compliance, including phac, hpap, hcmp, hdp, and hv&vp, with their full meanings listed below. | Afuzion

The DO-254 Plan for Hardware Aspects of Certification (PHAC) is the foundational planning document of an avionics hardware system. 

The DO-254 PHAC provides an overview of the avionics system’s hardware, safety criteria with respect to DAL, and planned certification activities as noted in the following figure from AFuzion’s DO-254 training classes:

Flowchart outlining steps for system description, hardware overview, compliance to DO-254, addressing project plans and standards, considering free tools for special tool qualifications, and including top-level schedule information. | Afuzion

A good way to understand the application of DO-254’s four standards is to consider that DO-254 itself covers the more objective (measurable) aspects of the hardware development lifecycle, whereas certain aspects are more subjective yet equally important. Those subjective areas are hardware requirements, hardware design, hardware archival, and hardware verification and validation (V&V). Since each avionics project must have its own processes and assessment criteria for these subjective areas, such are specified within the four project-specific standards thus making these “subjective” aspects “objective” for each project.

While most of the aviation guidelines are self-contained, DO-254 is unique:  because it was originally intended to address all non-software aspects of a system, and there was very little complex hardware logic, numerous adjunct documents were continually added to address the evolving hardware landscape.  This historical DO-254 evolution is summarized in the following graphic excerpted from AFuzion’s DO-254 training:

Table summarizing the evolution of various documents by year, with a focus on their basis and themes related to processes, testing, integration, hardware application, and compliance in a technical or engineering context. | Afuzion

Compliance Templates for DO-254, DO-178C, and More

AFuzion offers plans, checklists, and requirements management for DO-178C, DO-254, ARP4754A, and DO-278A CNS/ATM compliance. Our templates are preferred by 17,000 engineers from 200+ aviation companies and certification agencies.

Understanding the DO-254 Ecosystem

To summarize the DO-254 ecosystem:

  • DO-254 is a flexible framework for the development of airborne hardware containing avionics-specific functionality.
  • DO-254 is able to accommodate almost all types of hardware ranging from sensors, multiplexers, switches, and aggregated simple silicon devices, in addition to full-featured FPGA’s and ASIC’s.
  • DO-254 is a guideline which tries to cover a nearly infinite spectrum of hardware varieties thus lacks specificity for particular projects.

Like software, the term “airborne electronic hardware” from DO-254’s title is wide-ranging.  At the beginning and end of the day, hardware is part of a system or more specifically an aviation eco-system.  Therefore, for civil aviation DO-254 is preceded by a safety assessment per ARP4761/A and an avionics system development process per ARP4754A; military aviation is gradually adopting a similar (in some cases identical) safety/systems process for DO-254 military adoption.  And DO-254 applicable hardware itself will typically be required to undergo environmental testing via DO-160.

Therefore, DO-254 is merely one link within the avionics certification ecosystem.  Avionics hardware cannot be provably safe nor compliant without this ARP4761/A and ARP4754A safety/systems foundation which precedes DO-254.

The DO-254 process employs detailed project-specific planning followed by continual assessments and process feedback loops to ensure defined hardware development processes specified in those Plans and Standards are followed.  For an overly simplistic view of the DO-254 lifecycle process (without depicting requisite feedback loops, changes, reviews, etc.), this author’s opinion is that the following comprises an optimal DO-254 engineering development lifecycle:

Figure: Optimal DO-254 Hardware Engineering Path per AFuzion

Discover why AFuzion's DO-254 training is the world’s most popular, X10: 42,000 avionics engineers trained in DO-254/XXX: more than all competitors combined.

Only AFuzion’s DO-254 training provides the latest A(M)C 20-152A, IP Core, MCP, Complex COTS, FPGA & VHDL hands-on real-world workshops with real-world hardware examples. In-class walkthrough of sample  DO-254 PHACs, Hardware  DO-254 Requirements, DO-254 Checklists, Process Assurance, plus 10 proprietary technical whitepapers. Only from AFuzion. 

Documenting DO-254 Compliance

The regulatory agencies require that most airborne commercial systems operating within commercial airspace comply with DO-178C and DO-254 (details can be found in the regulatory website). The planning and processes for systems lifecycle are required for any DO-178C and DO-254 project and those processes must be defined before initiating that phase and followed during that phase.

Once acquired from AFuzion and customized on the first project, you will be able to create, customize, and reuse your DO-254 project documents as appropriate on future DO-254 projects. Note that the DO-254 Planning documents (five documents) can be purchased in either Template form or “Initial Draft” form.

The Template form option provides the basic templates which you then modify to create an initial draft. The Initial Draft option provides for AFuzion to first create initial drafts of all five planning documents using the same template, but adding the customer’s basic product information to create an initial draft; the customer then must finalize this initial draft to create the first versions of these five planning documents.

AFuzion’s DO-254 Plans and Checklist Templates cover all phases of the system’s Hardware project lifecycle, and are developed with DO-254 in mind.  The users of these templates would need to have some basic understanding of DO-254, such as attendance at AFuzion DO-254 training or reading the Avionics Certification book principally written by AFuzion’s founder, Vance Hilderman.

These templates and checklists also help in getting organizations to the goal of higher SEI CMM/CMMI ratings (preferably Level 3 – 4+).  Usage of AFuzion process templates and checklists are intended to maximize the probability of project success and quality.

Further, AFuzion can customize and tailor these processes by the appropriate amount as an outflow of the gap analysis process, upon request as part of the optional first draft delivery. If there are items in the checklists that are not applicable to your program, they could simply be answered with “N/A.” It is also recommended that the checklists be placed under your project’s configuration management (CM) system to ensure checklist integrity.

Independent reviews are always preferable to reviews done by the developer. It should be noted that the checklists should be widely distributed to all personnel developing any avionics lifecycle item, prior to that person beginning such initiation. Thus, the checklist serves as a “report card” whereby the originator’s success is measured. When the originator understands what the independent verification reviewer will be evaluating the related hardware artifact for, the originator will more productively attain checklist compliance during development of that artifact.  This applies to requirements, design, implementation, test, etc. The level of “independence for verification” required by DO-178C and DO-254 varies according to Design Assurance level (Level A through E).

Documenting DO-254 Compliance
• Plan for Hardware Aspects of Certification Template
• Hardware Process Assurance Plan Template
• Hardware Configuration Management Plan Template
• Hardware Development Plan Template
• Hardware Verification & Validation Plan Template
• Hardware Requirements Standards Template
• Hardware Design Standards Template
• Hardware VHDL Coding Standards Template
• Hardware Verification & Validation Standards Template
• Hardware Archive Standards Template
• Hardware Configuration Index Environment Configuration Index
• Hardware Electronic Component Management Plan Template
• Hardware Accomplishment Summary Template
AFuzion's DO-254 Checklist Templates
• Plan for Hardware Aspects of Certification Checklist
• Hardware Process Assurance Plan Checklist
• Hardware Configuration Management Plan Checklist
• Hardware Development Plan Checklist
• Hardware Verification & Validation Plan Checklist
• Hardware Development Standards Checklist
• Computer Installation & Assembly Checklist
• Hardware Configuration Index Checklist
• Hardware Requirements Document Checklist
• Hardware Design Document Checklist
• Hardware Interface Control Data Checklist
• Hardware Implementation Checklist
• Hardware Test Cases & Procedures Checklist
• Hardware Test Results Checklist
• Hardware Verification Analysis Checklist
• Hardware Traceability Checklist
• Hardware Accomplishment Summary Checklist
Previous slide
Next slide

DO-254 Training for Engineers

AFuzion provides public, private, and video training to engineers in over 30 countries. See our upcoming training schedule and discover why we're #1 for avionics compliance training in the world.

DO-254 Whitepaper Excerpt Continued

Like software, the term “airborne electronic hardware” from DO-254’s title is wide-ranging. At the beginning and end of the day, hardware is part of a system or more specifically an aviation eco-system. Therefore, DO-254 is normally preceded by a safety assessment per ARP4761 and an avionics system development process per ARP4754A. And the hardware itself will typically be required to undergo environmental testing via DO-160. Therefore, DO-254 is merely one link within the avionics certification chain. Avionics will be neither safe nor compliant without this safe foundation which precedes DO-254.

DO-254 Objectives

DO-254 has specific objectives based upon that hardware’s DAL. There are five DALs associated with airborne avionics systems, noted as level A through E, with level A being the most stringent. For software, under DO-178C, the differences between levels are greater than they are under DO-254 and each software DAL has distinctly discrete Objectives ranging from 26 objectives for DAL D to 71 objectives for DAL A.

Overly simplified, DO-254 levels A and B are nearly identical with strict criteria applied to the engineering processes associated with each line of hardware logic; levels C and D are less rigorous and focus upon hardware black-box requirements/testing and lack consideration of hardware logic development and test. Level E requires no additional hardware design certification under DO-254.

The rigor applied to planning, development, and correctness of the hardware is directly associated with its DAL, often referred to as “criticality level.” These five levels with increasing rigor from Level E to the most stringent Level A, are depicted below:

Figure of DO-254 Engineering per Development Assurance Level

Scope of DO-254

DO-254 applies to most all avionics hardware, however more recent interpretations and application of DO-254 focus upon Complex electronic hardware as noted previously.  Why?  Because the Simple hardware is definable via black-box requirements and those requirements (and thus all the Simple functionality) can be tested at a black-box system level for example as already required under ARP4754A.

For Simple hardware, the significant additional cost of detailed planning, detailed design, and low-level verification activities prescribed by DO-254 provide little added-value hence are normally not required unless a specific certification authority deems them necessary in a particular instance, for example because ARP4754A was not otherwise applied.  Therefore, the most common application of DO-254 is depicted in the figure below which also elucidates the scope of DO-178C:

figure of avionics LRU

Common DO-254 Mistakes (excerpt from AFuzion’s “DO-254 Top Mistakes” paper Here)

DO-254A is not expected until at least 2025. However, DO-254 has been modified by AC 20-152, CAST-27, EASA SWCEH CM-001, and AMC 20-152. 

Most DO-254 practitioners find their first DO-254 project incurs a 50-60% cost and schedule increase. However, the following DO-254 Mistakes are responsible for most DO-254 cost increases (download the entire free AFuzion DO-254 Paper to read further)

DO-254 is often called “DO-178C’s Little Brother” and unfortunately it bears too much resemblance to software. And you all know hardware development is virtually identical to software, surely?  Not at all, and therein lies the source of the most significant mistakes with DO-254:  thinking DO-178 processes fully and equally apply.

DO-254 is truly subjective, vague, and software-centric; yet avionics certification typically requires conformance combined with proven high quality and reliability. DO-254’s success is elusive and complaints abound from both sides of the certification aisle from suppliers and certifying agencies.  This implies for the applicant a very tight monitoring and depth control on the procurement process, in particular when procuring commercial-off-the–shelf avionics.

In truth, DO-254 is rarely cost-effective in its first usage. However, the competitive landscape of avionics, both commercial and military, is just that:  competitive and focused upon long-term cost effectiveness, long equipment lifetime, and continual safety. Therefore, the goal is to achieve DO-254 compliance while meeting (and hopefully surpassing) the competition.  Such success requires achieving certification via the most expedient and productive path possible, while avoiding any major mistakes.

Remember, bad luck is not the cause of mistakes, just as those same mistakes are not prevented through good luck.  Mistakes are the result of a lack of understanding, planning, and neglecting to apply DO-254’s true intent.  As a famous golfer (not quite as famous as Mr. Carson Mandic) once said after a particularly spectacular tournament win, “Me, Lucky? Hmmm … Luck is interesting: I’ve found that the more I practice, the luckier I become!”   With this white paper, it is hoped that your own “luck” increases with your successful DO-254 practice.

Mistake #12: Failure to Understand and Apply CAST-27

DO-254 seemingly requires mandatory application to circuit cards, Line Replaceable Units (LRU’s), and DAL D systems.  However, DO-254 was informally “revised” by the cross-Atlantic North American / European coordination group known as “Certification Authorities Software Team” “(CAST).  (Note:  while seemingly a software-only group, there is not a similar hardware group, so CAST also delves into hardware).

The CAST group authored an official memo named CAST-27 which clarifies numerous aspects of DO-254.  If you are working with DO-254, (and why wouldn’t you be if you’re reading this now), then it is incumbent upon yourself to review and apply CAST-27; this important memo reduces the work of DO-254 certification in numerous areas and thus is mandatory to save time and reduce costs.

Safety Critical Engineering Services

Safety-Critical projects require provable requirements management and traceability. Our engineering experts work onsite or offsite to perform  safety assessments and develop project-specific certification plans (PSCPs) for DO-254 compliance in 30+ countries worldwide.


Read More


Read More


Read More


Read More


Read More

Mistake #11: Insufficient PHAC

The PHAC (Plan for Hardware Aspects of Certification) is the cornerstone document for every avionics certification.  Each system requires its own PHAC and there may be additional PHACs for various hardware components within the system.  The PHAC is one of the few DO-254 required hardware documents (there are over two dozen required for each project) that must be submitted to and approved by the certification authorities (FAA for civil aircraft, military authorities for defense-related aircraft).

The PHAC should clearly state all certification rationale, tools and tool qualification strategies, COTS hardware, high level system architecture, scope of DO-254 per that architecture, criticality level justification, responsibilities, and schedule aspects.  In addition, the producer should obtain approval prior to meaningful additional hardware development work or be willing to stomach substantial certification risk in the absence thereof. (For additional mistakes to avoid, download the full white paper.) 

Mistake #6: Excessive Logic Iterations

It is normal for a new project to evolve hardware logic via multiple iterations.  However, most projects greatly exceed any reasonable number of iterations because the hardware development is viewed as an iterative process instead of an engineering process.  Hardware creation does not necessarily imply hardware engineering; however it should.

Excessive logic iterations result from one or more of the following deficiencies:  insufficient requirement detail, insufficient hardware development standards, and insufficient checklists.  DO-254 standards and checklists are available from a variety of sources.  Perform a Google search on “DO-254” for more information.

A common gap in DO-254 for Complex Electronic Hardware (CEH) with embedded logic is weak logic reviews; a proper review must be shown to meet DO-254’s transition criteria, meaning the six required inputs to, for example, a logic review are all fully utilized for all logic reviews.  Engineers (the “Reviewer”) must use all these review inputs which must be specified in the HVVP and then Process Assurance audits affirm that this process is followed by the verification engineer. 

Remember, DO-254 traceability should be as shown in the following DO-254 Traceability Figure:

Aviation Aircraft/System/SW/HW Traceability Matrix

(For the remaining Top 5 Mistakes of DO-254 PDF, please download the remaining DO-254 PDF whitepaper).

AMC 20-152A is mandatory for DO-254 beginning 2021, which replaces AC 20-152, CAST-27 and EASA CM SWCEH-001.  The following figure summarizes key deltas for A(M)C 20-152A as excerpted from AFuzion’s DO-254 Training and detailed in the complete whitepaper.

Figure:  DO-254’s AMC 20-152A Synopsis:

Presentation slide summarizing the harmonization of ESA and FAA standards for electronic systems and circuit card assemblies in aerospace, highlighting key requirements, compliance strategies, and free tools for 2021-2022. | Afuzion

DO-254 also requires reviews, audits and proof thereof. The best “proof” is detailed and complete checklists covering the primary hardware lifecycle activities and artifacts.  Using AFuzion’s DO-178C and DO-254 provided checklists ensures that you have an appropriate framework for successfully developing and certifying your system. For more mistakes, download the full white paper.

AFuzion Gap Analysis

Our engineers identify gaps in your DO-254, DO-178C, DO-278A, DO-200B, DO-326A, and ARP4754A engineering processes and help you close those gaps. Reduce costs, streamline certification processes, and analyze your system, safety, software, hardware, and tools environment with input from AFuzion’s experts.

Final Considerations

DO-254 was recently modified yet again by AMC 20-152A (also known as A(M)C 20-152A; this interim DO-254 update postpones the update to DO-254A for several more years.  AMC 20-152A is the joint FAA / EASA harmonization to replace AC 20-152A, CAST-27, and the EASA SWCEH Certification Memos.  AMC 20-152 clarifies numerous aspects of DO-254 as shown in the following figure extracted from AFuzion’s DO-254 / AMC 20-152A Training, titled “Understanding AMC 20-152A”:

Presentation slide summarizing the harmonization of ESA and FAA standards for electronic systems and circuit card assemblies in aerospace, highlighting key requirements, compliance strategies, and free tools for 2021-2022. | Afuzion

Figure Understanding AMC 20-152A (new for DO-254 in 2021-2022)

For a copy of AMC 20-152A pdf, simply contact us with “AMC 20-152A PDF” in the subject line. For AMC 20-152A training, see AFuzion’s DO-254 Training where AMC 20-152A is more fully discussed in detail.

Via AMC 20-152A, there are new DO-254 related rules for SEH:  Simple Electronics Hardware classification.  (Download the full DO-254  Introduction paper for the full details). These new DO-254 SEH rules per AMC 20-152A are summarized in the following Figure:

AMC 20-152A:  Assessing whether a device should be classified as simple:

  • Simplicity of the functions and their number,
  • Number of interfaces,
  • Simplicity of data/signal processing or transfer functions,
  • Independence of functions/blocks/stages.

Additional criteria specific to digital designs include:

  • Whether the design is synchronous or asynchronous,
  • The number of independent clocks,
  • The number of state machines, number of states, and state transitions per state machine,
  • The independence between the state machines.

The advantages of Simple hardware per AMC 20-152A are numerous as summarized in the following slide extracted from AFuzion’s AMC 20-152A training:

PowerPoint slide outlining what is necessary for simple devices according to AMC 20-152A, including points on documentation, testing, configuration management, and DO-254 compliance. | Afuzion

Figure:  Synopsis of Simple Devices per AMC 20-152A and DO-254

Informational chart explaining the terminology: certified, certifiable, compliant, and qualified, within the context of special DO-254 guidelines for aviation software and hardware development standards. | Afuzion

Avionics hardware assessment to DO-254 has numerous potential flavors as depicted in the DO-254 Terminology figure above.

Figure:  DO-254 Terminology – DO-254 Certification, Certifiability, Compliance & Qualification

To download the remaining 11+ pages of this technical DO

Download Full 10-20 Page DO-254 White Paper


  • Free 30-minute tech telecon to answer any of your tech Q’s
  • Free Sample Certification Checklist
  • Free AFuzion Training Video Sample
  • Request invitations to future AFuzion tech webinars, fee waived (free)
Click Here For Other Free Resources

CNS/ATM & DO-278A: Are you up to speed? (Communication, Navigation, Surveillance, & Air Traffic Management) systems are increasingly being deployed throughout the world and beyond. On the ground, in the air, and in space: AFuzion's CEO, Vance Hilderman and an AFuzion Senior DER Jon Lynch will present.