For free training info, enter your contact info below and also receive the corresponding technical whitepaper; proprietary and only from AFuzion.
DO-278A Training: CNS/ATM Ground-Based Systems Class
SYNOPSIS:
Where DO-278 was often informally applied, DO-278A is increasingly required worldwide for aviation ground based systems: Communication Navigation Systems and Air Traffic Management (CNS/ATM). While DO-278A shares similarities with DO-178, there are important differences including Assurance Levels and classification, mitigation, commercial off-the-shelf (COTS) technology incorporation and many more. But system/software development has rapidly evolved along with aviation airspace complexities: many new technologies must be considered, and certified: C++, Model-Based Development, Formal Methods, COTS software/hardware, and advanced tools. New techniques for specifying aviation requirements and design must also be understood. But what are detailed and derived DO-278A requirements? How can C++ and OOT be safely used and certified per DO-278A and DO-332? What are DO-278A Model-Based Development best practices in applying DO-331? How can legacy software/systems be certified to DO-278A? What were the DO-278 weaknesses and how is DO-278A really different from DO-278? How can DO-278A cost and schedule be reduced by 20-30%? The developer/teacher is the principal founder of two of the world’s largest aviation consulting companies and the principal author of several of the world’s most popular publications on aviation software/hardware development: Vance Hilderman has taught over 11,000 aviation engineers and managers worldwide, including FAA and EASA officials, and engineers from 95 of the world’s largest 100 aviation companies: more than all the competitor’s current trainers in the world, combined.
DO-278A: Introduction.
DO-278A is often referred to as “DO-178’s little brother, for ground systems.” However, is DO-278A a little brother or more of a big sister? Let’s see …
DO-278A is properly titled “GUIDELINES FOR COMMUNICATION, NAVIGATION, SURVEILLANCE, AND AIR TRAFFIC MANAGEMENT (CNS/ATM) SYSTEMS SOFTWARE INTEGRITY ASSURANCE.”The operative term here is “CNS/ATM, which again means ground-based aviation software involved with “Communications, Navigation, Surveillance and Air Traffic Management.” With such a long title, it’s a sure bet that DO-278A is NOT merely a little brother to DO-178C. In fact, DO-278 was updated to DO-278A via the RTCA SC-205 committee and released in December of 2011. As any true student of history knows, it is not the absolute date of events which is important, but rather the context of what was occurring simultaneously elsewhere in the world which matters. In the case of RTCA SC-205, it is imperative to understand that DO-178B was being updated simultaneously which yielded DO-178C released late, but soon thereafter.
As with airborne software (software which either executes onboard an aircraft, or directly influences the execution of such software), CNS/ATM can obviously affect aviation safety. In fact, many facets of Communication, Navigation, Surveillance, and Air Traffic Management impact safety because a single error could have dire repercussions. As a result, it is imperative that CNS/ATM be subjected to a process which has the following provable attributes:
Voilà: DO-278A is here.
What exactly is DO-278A then? DO-278A is the second version of the baseline DO-278 document. It’s a corollary to DO-178C, which is a similar standard for airborne software safety, e.g. software that typically executes onboard aircraft which contributes to flight safety. If you already understand DO-178C, then you have the benefit of implicitly knowing 70% – 80% of DO-278A because they are similar; numerous aspects are identical including tool qualification for which the corresponding tool qualification guidance, DO-330, applies to both the latest versions: DO-178C and DO-278A. Also, understanding that DO-278A and DO-178C are similar means you can readily tap into the much larger literature base of DO-178C, as there is relatively little published literature on DO-278A. However, there is a disadvantage in being familiar with DO-178C and wanting to understand DO-278A: human nature “glosses over” subtle differences between them which results in significant misunderstandings and mistakes when applying DO-278A. The information herein will both describe DO-278A for beginners and also illuminate differences with DO-178C.
DO-278A is a strong guideline comprising both recommendations and assessable objectives. It is intended for use in developing ground-based systems (containing software) which are involved with aircraft operations. These ground-based systems almost always make heavy use of Commercial Off The Shelf (COTS) technologies including hardware and software. The ground-based systems governed by DO-278A often have much larger, and more diverse, software components than their airborne avionic counterparts. Thus the size, diversity, and increased reliance upon COTS technology all play a key role in the need for DO-278A and the difference between DO-278A and DO-178C. Many DO-278A practitioners need detailed DO-278A CNS/ATM training information and that is available from AFuzion here: https://afuzion.com/private-training/do-278a-training-cnsatm-ground-based-systems-training-class/
It must be remembered that DO-278A is part of an Ecosystem inclusive of additional Guidelines for Safety and System development as depicted in AFuzion’s DO-278A training graphic below:
From DO-278A’s title, it’s easy to discern its primary focus as systems involved with communications, navigation, surveillance, and air traffic management. But is that all? No, and that’s why DO-278A is informally referred to as the aviation standard for ground-based systems. What additional application domains might be subjected to DO-278A guidance?
- UAS ground controllers/stations (e.g. pilot stations)
- GPS equipment on the ground when in the airplane control realm
- Ground-based transceivers, including ADS-B functionality
Just because a system is ground-based, does that mean it must adhere to DO-278A? Not necessarily. Many ground-based systems are “involved” with aircraft or aviation, but need not adhere to DO-278A. Examples of such systems include: flight simulators, aircraft inventory management, runway lighting, and tools which assess CNS/ATM systems. The key to be considered for DO-278A application is to ask the following two questions:
- “Does the ground-based system directly affect safety of flying aircraft without directly controlling that aircraft?”
- “Are there outputs of the system which have not been verified by other means?”
If the answer to both of the above questions is “Yes,” then the system probably falls under the DO-278A realm. Note the first question’s caveat: “Without directly controlling that aircraft.” What’s the intention there? Consider a ground-based, Unmanned Aerial System which controls a UAV. That system has elements which directly control that aircraft by sending real-time commands; in that sense it behaves like a pilot, only the “pilot” is on the ground. But the commands to the aircraft are just as important as if the pilot were on board the aircraft—in that case those elements may fall under DO-178C. Hence it is important to discuss the scope of the system with certification authorities early in the project’s planning stage. Remember, there has never yet been a CNS/ATM system fully compliant with DO-278A, and AFuzion has worked on over ten different CNS/ATM systems in 8 countries on four continents. There are always gaps, but most of these can be closed by doing a DO-278A gap Analysis such as that found here: https://afuzion.com/gap-analysis/
Remember, DO-278A has involved from DO-278, DO-178C, and DO-178B as shown in AFuzion’s DO-278A training image below:
Consider the following statements concerning ground-based aeronautical systems and DO-278A and assess whether they are true or false; answers and explanations are provided within this paper:
- T / F: All ground-based aviation systems must apply DO-278A
- T / F: DO-278A is approximately 80% similar to DO-178, but important differences exist.
- T / F: AL-4 requires low-level requirements and AL-5 requires a defined architecture
- T / F: AL-3 requires low-level requirements and AL-4 requires a defined architecture
- T / F: Only AL-1 and AL-2 have independence requirements
Again, if you know all the answers to the above, congratulate yourself on your above-average DO278A knowledge as you reinforce that knowledge by affirming the answers which follow. However, if you don’t immediately know the answers, consider Mr. Mark Twain, the great American writer from 120 years ago …
Mark Twain once said (paraphrased), “Pardon the length of this letter; I didn’t have time to make it short.” It would be simple to increase the page-count of this DO-278A write-up by simply rehashing the 80% of DO-278A which is similar to DO-178C. For example, pages and pages could be spent explaining that DO-278A, like DO-178C, has provisions for ensuring the following:
- Plans, Standards, and Checklists
- High and low level requirements
- Design and architecture
- Traceability
- Requirements & structural coverage testing
- Independence of reviews at the higher criticality levels
- Strong configuration management including problem reporting
- Technical reviews and Quality Assurance audits of the above
- Strong quality assurance to assess transition criteria
- Certification liaison
AFuzion DO-278A training class attendees often ask “What is the optimal DO-278A engineering path”? While FAA and EASA are somewhat flexible because DO-278A allows such flexibility, AFuzion’s DO-278A training shows the following optimal DO-278A engineering path:
AFuzion’s training has been provided to over 23,000 aviation engineers from 1,000 companies in 30 countries; more than all other trainers in the world combined. Brief summary below; contact us for more free information.
KEY FEATURES:
- Understanding DO-278A’s basic principles: DO-278A explained for the “real world”: yours
- Understanding DO-278A’s true intent by understanding the original authors’ goals
- Understanding the avionics development ecosystem of Safety, Software, Hardware and Certification
- Understanding DO-278A’s Planning Process, including Requirements, Design, Code, Integration, Reverse-engineering (legacy systems) Verification, Quality Assurance, and Configuration Management
- Think like a DO-278A auditor and pass audits the first time
- Real-world training in DO-278A project management and cost/schedule reduction.
- Common DO-278A initiation mistakes: how to prevent and mitigate
- Applying CAST-1 Service History for DO-278A
- Top 20 Alternate Means of Compliance for CNS/ATM DO-278A
WHO:
Attendees may include engineers, managers, quality assurance or certification personnel; no prior expertise required.
To download the remaining 10+ pages of this technical DO-278A whitepaper, please download below: