The Basics of

DO-178C,
DO-254, &
AMC 20-152A
Your guide to meeting airborne software and
hardware development requirements
 THE BASICS OF DO-178C, DO-254, & AMC 20-152A

Introduction

Aviation systems development is one of the most heavily regulated activities in the world.
The aerospace industry has mandated safety, security, and efficiency of flight as key
priorities for airborne vehicles.

Since aircraft systems are comprised of mission-critical hardware and software, their development is also closely
regulated. Aviation engineers must demonstrate that the systems they design and build will make it safely from
point A to point B without putting passenger, crew, or operator lives at risk.

Why comply?

Staying on top of compliance for airborne software and hardware is critical for the following reasons:

• Simply put, compliance is a requirement for participating in the aerospace industry.

• Compliance prioritizes the safety and efficiency of flight, as mandated by industry.
• Development and testing become more expensive and take up more resources as product complexity increases
over time—implementing controlled processes helps reduce costs and manage complexity.

Read on for our introductory guide to airborne software and hardware compliance to learn about key standards,
what they apply to, and our top tips for making compliance a smooth journey for you and your team.

Key Standards
Airborne software and hardware standards are drafted and published by
RTCA*, an independent, non-profit Standards Development Organization
(SDO) that works closely with its European sister organization, EUROCAE
(European Organisation for Civil Aviation Equipment). These standards
become formally recognized via documents published by regional
regulatory authorities:
• In the U.S, the FAA (Federal Aviation Agency) issues Advisory Circular
(AC) documents.
• In the EU, EASA (European Aviation Safety Agency) publishes
Acceptable Means of Compliance (AMC) documents.
Although avionic systems are subject to a multitude of regulatory
requirements, foundational guidance for airborne software and hardware
is described in the following sets of documents:
Airborne Software Development Assurance
• Issued by EASA as AMC 20-115D and by the FAA as AC 20-115D.
• Fully recognizes the EUROCAE/ED-12C or RTCA/DO-178C standard,
entitled Software Considerations in Airborne Systems and Equipment
Certification, as an acceptable means of compliance with regard to
the software aspects of product certification.
THE BASICS OF DO-178C, DO-254, & AMC 20-152A
Airborne Electronic Hardware Development
Assurance
• Issued by EASA as AMC 20-152A and by the FAA as AC 20-152A.
• Provides initial acceptable means of compliance with regard to
the hardware aspects of product certification.
• Classifies hardware and its components into four categories,
with defined objectives for each category. Where applicable,
refers further into relevant sections and objectives defined in
the EUROCAE/ED-80 or RTCA/DO-254 standard, named as
Design Assurance Guidance for Airborne Electronic Hardware.
Compliance with standards represents a significant investment
in establishing controlled development processes. Over time,
this investment will pay off through reduced costs, improved
productivity, and better quality.
*formerly known as the Radio Technical Commission for Aeronautics
 THE BASICS OF DO-178C, DO-254, & AMC 20-152A

DO-178C (Software Considerations in

Airborne Systems and Equipment Certification)

What is it? Background

DO-178C (Software Considerations in Airborne Systems and Equipment Certification) is the de facto and The origins of this standard
international standard for demonstrating that software integrated into military or commercial avionics began in the late 1970s, when
or aerospace systems is airworthy. In other words, it is the main document that certification authorities the aviation industry felt the
use to approve software-based aerospace systems. The latest (“C”) version of this has been available need for a prescriptive set of
since January 2012. design assurance processes for
airborne software. This was due
The purpose of DO-178C is to provide minimum technical requirements for developing airborne to the increased use of integrated
software systems. Ultimately these requirements seek to mitigate as much risk as is possible and software and hardware, which
ensure that the system performs to the highest level of confidence that the standard requires. required an approach with more
of a focus on documentation and
The standard identifies minimum operating performance requirements (MOPS), which means that testing than ever before.
companies can use different methods to achieve compliance as long as the objectives laid out by
the MOPS are met. All companies looking to comply with DO-178C need to provide a collection of As software engineering
supporting documents and artifacts to demonstrate that development processes and technologies and methodologies
controls are in place. have evolved, so has the standard
to make it less descriptive and
more objective-based, in order to
emphasize the design assurance
process but provide a level of
flexibility for the companies
involved.

DO-178C
 THE BASICS OF DO-178C, DO-254, & AMC 20-152A

DO-254 (Design Assurance Guidance for

Airborne Electronic Hardware)

What is it? Background

DO-254 (Design Assurance Guidance for Airborne Electronic Hardware) is a standard that provides DO-254 was developed by RTCA
requirements for those developing airborne electronic hardware. in the 1990s. Initially, engineers
and development companies had
The standard starts by outlining the classification of electronic hardware items into simple or complex little familiarity with DO-254, since
categories, and then provides objectives and processes to ensure the systematic design of both. aerospace companies preferred
to rely on proven and trusted
While sometimes seen as the ‘Little Sibling’ standard of DO-178C, DO-254 is equally important. designs using existing hardware
Certification authorities acknowledge the importance of both hardware and software safety in avionics, components.
so both standards are considered critical to ensuring the safe and efficient operation of aircraft.
Over time, as aerospace
While DO-254 was recognized by both EASA and the FAA, until recently the agencies differed in companies sought out new and
their interpretation of the guidance. This created a challenge for aerospace suppliers selling in differentiating capabilities, these
global markets. Thankfully, this issue has been resolved with the publication of AMC 20-152A, which newer components have brought
references and harmonizes DO-254 across regulatory agencies. about widespread industry
adoption of DO-254.

DO-254
 THE BASICS OF DO-178C, DO-254, & AMC 20-152A

AMC 20-152A (Development Assurance for Airborne

Electronic Hardware)

What is it?

Custom devices, Commercial Off-the-Shelf (COTS) components and

Circuit Board Assemblies (CBAs) are increasingly part of safety-critical
engine, electrical, and navigation systems. AMC 20-152A seeks to apply
the same development oversight and rigor to this hardware as would
apply to any other aviation system deemed airworthy.

AMC 20-152A clarifies and supplements DO-254 for state-of-the-art

avionics hardware. Developed jointly by the FAA and EASA, this standard
refines guidance for three types of avionics hardware: Custom Devices,
COTS components and CBAs.

AMC 20-152A

AMC 20-152A recognizes the evolution of modern avionics. Today’s aviation
engineers combine custom logic and IP with commercially available components in
a myriad of ways:
• They buy commercially available Programmable Logic Devices (PLDs) or Field
Programmable Gate Arrays (FPGAs) and program them with custom digital
system, IP, or System on a Chip (SoC) solutions.
• Using proven digital designs, they develop optimized Application Specific
Integrated Circuits (ASICs) as custom silicon chips.
• They interconnect programmable devices with single/multi-core processors
where airborne software is executed.
• They combine custom, semi-custom and COTS components in CBAs to deliver
functionality in a variety of onboard avionics systems.
AMC 20-152A
THE BASICS OF DO-178C, DO-254, & AMC 20-152A
Background
COTS devices continue to increase in complexity and
configurability, providing a wide range of off-the-shelf
functionality. Incorporating COTS devices into aerospace
systems delivers higher performance—at lower cost—
than was possible in the past. However, these advantages
come with a caveat: in general, these devices were not
developed for use in airborne systems. As a result, they
typically lack the assurance that they were developed
using a rigorous development process commensurate
with aviation safety risks.
AMC 20-152A clarifies expectations for CBA
development—technology that pre-dated the original
hardware standard. It provides explicit guidance for
documenting CBA requirements and validation flows from
the overall system to supporting hardware. This helps
ensure the consistency and quality of airborne hardware.
 THE BASICS OF DO-178C, DO-254, & AMC 20-152A

Key Stakeholders

While DO-178C focuses on ensuring

software safety via appropriate
development processes, DO-254 and
AMC 20-152A do the same but for DO-178C DO-254 & AMC 20-152A
hardware.

• Guidelines for airborne • Guidelines for design

All of these standards are designed to ensure software developers assurance of airborne
the airworthiness of airborne vehicles and apply electronic hardware
to all companies involved in their development. • Example of applications:
safety- critical flight • Applies to electronic
A variety of designers and developers within control functions, on- board hardware items like:
these organizations will need to concern entertainment, etc. Line Replaceable Units,
themselves with DO-178C, DO-254 and circuit board assemblies,
AMC 20-152A compliance: from engineers • Military users and programmable logic
to software developers, manufacturers, and autonomous systems also devices, application-
electronic component providers. rely on DO-178C specific integrated circuits,
integrated technology
components, etc.
 THE BASICS OF DO-178C, DO-254, & AMC 20-152A

Objectives of DO-178C

DO-178B introduced a fundamental framework

for defining Development Assurance Levels
Failure Condition Software Level Number of Objectives
(DALs) which DO-178C, the most recent version
of the standard, continues to use. DO-178C
also outlines the necessary software life cycle
processes and deliverables for ensuring avionic
Catastrophic A 71 software safety.

DO-178C Software Levels

Hazardous /
B 69
Severe – Major
DALs define how much effort software life cycle
processes require depending on the associated
danger level. The higher the DAL is, the more
Major C 62 effort must be put into ensuring aircraft safety
because the consequences of software failure
or malfunctioning are more severe.

Minor D 26

No Effect E 0

DO-178C
 THE BASICS OF DO-178C, DO-254, & AMC 20-152A

Software Life Cycle Processes DO-178 Deliverables

1. Planning The software life cycle data required by DO-178C includes the following:
Planning comes first, i.e. documenting how you aim to meet the DO-178C
objectives and documenting all your proof and evidence to demonstrate • Plan for Software Aspects of Certification
it. This is also when integral processes should be laid out. • Software Quality Assurance Plan
• Software Configuration Management Plan
2. Development • Software Development Plan
This includes everything related to the development of DO-178C • Software Requirements Standard, Software Design Standard,
compliant software, including requirement definition, software Software Coding Standard
architecture development, software coding, and integration. • Software Verification Plan
• Software Requirements Data
3. Integral • Tool Requirements Document
These are integral processes which need to be adhered to throughout • Software Design Description
a project, namely: Verification, Configuration Management, Quality • Source Code, Libraries
Assurance and Certification Liaison. The result of following these • Executable Object Code, Parameter Data Item File
processes should be evidence which demonstrates that you followed • Software Verification Cases and Procedures
the processes planned – evidence that can be provided to certification • Software Verification Results
authorities. • Software Configuration Index
• Software Life Cycle Environment Configuration Index
• Traceability Data
• Software Accomplishment Summary
• Tool Qualification Plan
• Tool Qualification Data
• Software Quality Assurance Records
• Software Configuration Management Records, Problem Reports

DO-178C
 THE BASICS OF DO-178C, DO-254, & AMC 20-152A

Objectives of DO-254

DO-254 requirements are similar to that

of its software-related counterpart, DO- Design Assurance Target System
Consequences Example
178C. DO-254 also leverages a Design Level (DAL) Failure Rate
Assurance Level framework to designate
different levels for different parts of an
aircraft based on their safety criticality. Catastrophic Crashes, deaths <1 x 10-9 chance of Flight controls
Then it describes a series of processes (Level A) failure/flight/hr
and deliverables to ensure hardware
elements are up to standard.
Hazardous Possible crashes, <1 x 10-7 chance of Braking systems
(Level B) deaths failure/flight/hr
DO-254 Design Assurance Levels

The more critical a system is considered, Major Possible stress, <1 x 10-5 chance of Backup systems
the higher DAL it will receive, meaning (Level C) injuries failure/flight/hr
that DAL A designates the most critical
systems. The criticality of a system is
assessed by examining the aircraft and Minor Inconvenience None Ground navigation
interacting systems. (Level D) systems, In-flight
entertainment

No Effect No effect None In-flight entertainment

(Level E)

DO-254

Required Processes
• Planning
• Requirements capturing
• Conceptual design
• Detailed design
• Implementation
• Product transition, Acceptance
testing, Series production
• Validation & Verification
• Process assurance
• Configuration management
• Certification liaison
DO-254
DO-254 Deliverables
In order to demonstrate compliance with
DO-254 requirements, your team needs to
prepare the following:
• Plan for Hardware Aspects of
Certification
• Hardware Process Assurance Plan
• Hardware Configuration Management
Plan
• Hardware Development Plan
• Hardware Verification & Validation
Plan
• Hardware Requirements Standards
• Hardware Design Standards
• Hardware Verification & Validation
Standards
• Hardware Archive Standards
THE BASICS OF DO-178C, DO-254, & AMC 20-152A
• Hardware Requirements
• Conceptual Design Data
• Detailed Design Data
• Top-Level, Assembly and Installation
Control Drawings
• Hardware/Software Interface Data
• HardwareTraceability Data
• HardwareReview and Analysis
Procedures
• HardwareReview and Analysis Results
• HardwareTest Procedures
• HardwareTest Results
• Hardware Accomplishment Summary
• Hardware Process Assurance Records
• Hardware Configuration Management
Records, Problem Reports
 THE BASICS OF DO-178C, DO-254, & AMC 20-152A

Objectives of AMC 20-152A

AMC 20-152A pertains to the electronic hardware aspects of airborne systems and equipment. This AMC document:

• Describes when to apply DO-254 and supplements the DO-254 standard with additional guidance and clarification for the development of
Custom devices, use of COTS devices, and development of Circuit Board Assemblies (CBAs).
• Assigns a unique identifier for each electronics hardware objective.

Number of
Identifier Topic Comment
Objectives

Development of Programmable logic devices (PLDs), field-programmable gate arrays (FPGAs), and application-
CD-i 12
custom devices specific integrated circuits (ASICs), are collectively referred to as ‘custom devices’*

IP refers to design functions used to design and implement a part of or a complete custom
Use of COTS IP in
IP-i 7 device. It is considered to be COTS intellectual property when it is a commercially available
custom devices function used by multiple users in a variety of applications.

Demands COTS devices complexity assessment and applies to those that are consider
COTS-i Use of COTS devices 8
complex and contribute to DAL A, B or C functions.

Applicable to CBAs that contribute to hardware DAL A, B or C functions and compromise

CBA-i Development of CBAs 1
complex COTS component(s).

AMC 20-152A *These custom devices are referred to as “custom micro-coded components“ in DO-254.
 THE BASICS OF DO-178C, DO-254, & AMC 20-152A

Required Processes and Deliverables

Custom Devices
20-152A provides guidance on how to classify custom devices. Devices classified
as complex require a well-defined development process as described in DO-254.
Devices classified as simple may be subject to a less rigorous process; however, at
a minimum, vendors must assure that the devices perform their intended functions
and are under configuration management control.

Use of COTS IP in custom devices

AMC 20-152A provides guidance for incorporating COTS IP in custom devices.
This starts with defining the requirements allocated to the COTS IP – the specific
functions(s) that the custom IP is intended to perform. From this starting point,
development assurance objectives include documentation of the selection process;
assessment of the IP provider; and documentation of lifecycle activities used to
integrate, implement, and verify the usage of the COTS IP in the custom device.

Use of COTS devices

AMC 20-152A addresses a broad range of digital, hybrid, and mixed-signal COTS
devices, including FPGA and PLD devices that embed hard-coded IP in their
produced/manufactures silicone. It provides guidance on how to assess COTS
device complexity and defines objectives accordingly. It also requires use of an
Electronic Component Management Process (ECMP) for controlling complex COTS
devices.

Development of CBAs
AMC 20-152A addresses the development of CBAs that contain complex custom or
COTS devices. In order to ensure the CBA performs as intended, it recommends that
the CBA development process include requirements capture, validation, verification,
and configuration management activities.

AMC 20-152A

Practical tips for achieving DO-178C,
DO-254, & AMC 20-152A compliance
Now that you’re familiar with DO-178C, DO-254 and AMC 20-152A and their contents, it’s time to tackle best practices for
optimizing your compliance efforts. Here are PTC’s top tips for ensuring your aviation products are fit for flight:
1. Use clear definitions and terminology.
Make sure that everyone on your team, as well as stakeholders and
contractors, are on the same page. Your airborne software and hardware
will only be as good as the requirements that define it. Ambiguity and
inconsistency up front causes additional iterations during development
and testing, increasing overall development cost. All technical terms
and measurement units need to be used consistently throughout
planning and requirements development. Creating a glossary that you
keep updated can be helpful to make sure everyone has the same
understanding throughout the project.
THE BASICS OF DO-178C, DO-254, & AMC 20-152A
2. Ensure full traceability from the start.
You need to be able to show the connection between software source
code and low-level requirements, low-level requirements and high-level
requirements, and high-level requirements and system requirements,
as well as how everything links to test cases, test procedures, and test
results. Similarly, you need to show the allocation of requirements to
hardware conceptual design and detailed design, with associated test
cases and test results.
This provides transparency to your team and allows everyone to see
the progress and results made. It also facilitates change management
and demonstrates your commitment to compliance from the beginning.
Finally, it makes it possible for any accreditation and certification
authorities to establish whether or not you have fulfilled compliance
requirements, which speeds up the auditing process.

3. Use precise requirements.
When it comes to planning and requirements, you want to be crystal-
clear about what is needed. Use specific figures which correlate with
quantitative system requirements for the actual systems you are
developing. Make sure to take system reaction times into consideration
as well as input and output figures. Make sure that the emphasis remains
on the quality of requirements rather than an exhaustive quantity.
4. Organize meticulous documentation.
At the end of the day, DO-178C, DO-254 and AMC 20-152A compliance
comes down to the precision and quality of your documentation. You
need to be able to display every plan you made, steps you have taken
to follow those plans, as well as processes, reports, and relevant data.
These are the things certification authorities are going to want to see in
order to assess your compliance efforts.
THE BASICS OF DO-178C, DO-254, & AMC 20-152A
The right tooling reduces costs, delays, and time to market
Managing avionics systems development with paper-based or legacy
documentation systems can be tedious, will slow you down, and can
make it extremely difficult to demonstrate compliance. That’s why the
right tooling makes all the difference.
Successful product developers in safety-critical industries—including
aviation & defense, automotive, and medical technology—use fully
integrated Application Lifecycle Management platforms to create the
digital thread that connects all processes of product delivery.
Using a mature, compliance-ready platform like PTC’s Codebeamer or
Codebeamer X allows you to:
• Leverage automated workflows to streamline development
• Automate documentation to simplify regulatory compliance
• Cut development and compliance costs
• Reduce your products’ time to market
• Achieve and demonstrate compliance with DO-178C, DO-254, and
other aviation standards
 THE BASICS OF DO-178C, DO-254, & AMC 20-152A

PTC®’s Codebeamer technology is an

Application Lifecycle Management (ALM)
platform for advanced product and
software development.

The open platform extends ALM functionalities

with product line configuration capabilities and
provides unique configurability for complex
processes. Start your free 30-day trial!
121 Seaport Blvd, Boston, MA 02210 : ptc.com

© 2023, PTC Inc. All rights reserved. Information described herein is furnished for informational use only, is subject to change without notice, and should not

be taken as a guarantee, commitment, condition or offer by PTC. PTC, the PTC logo, and all other PTC product names and logos are trademarks or registered

trademarks of PTC and/or its subsidiaries in the United States and other countries. All other product or company names are property of their respective owners.

025-the-basics-of-DO-178C-DO-254-AMC-20-152A-02-20