You are here

Evidence-based Certification Analysis and Planning in Acquisition



OBJECTIVE: Provide model-based tools and methods to represent aircraft systems, architectures, and behaviors such that the impact of candidate modifications to criterion-driven certifications can be identified and factored in acquisition plans and budgets. Such certifications include but are not limited to Airworthiness Determination, CNS-ATM Compliance, and Cyber-security. 

DESCRIPTION: Project planning and cost estimation models/tools are increasingly reliable but are driven by historical data for product development. They often fall short or ignore completely the variables associated with aircraft certification and credentialing requirements mandated for Air Force and other systems. Failure to correctly identify potential impacts to these criterion-driven assessments leads to increased risk that data, analysis, and reports generated during modification will satisfy outside organizations charged with credentialing the operational readiness of capability improvements and modernization. This lapse is increasingly a source of substantial delays and cost increases at the end of modification programs; and thus have a severe negative impact on fleet capacity. Natural language specifications and change descriptions are not capable of representing the behavioral complexities of modern avionics and flight systems needed to reliably predict and assess the potential impact of planned modifications with respect to the subject assessments. System modeling tools and methods have been demonstrated that successfully capture architectures and interactions, including functional and behavioral representations, in a form suitable for analysis of alternatives and sensitivities. These must be tied with specific military and civil standards in order to fully meet the Objective of this topic. 

PHASE I: Identify evidence-based certification requirements and standards applicable to Mobility aircraft and operations. Identify an exemplar system, modification, and applicable certification criteria. Develop and demonstrate a framework to capture/model a system performance, assert a modification, and identify potential impacts to certification criterion. The selected Challenge Problems should be of sufficient scope to both prove the viability of the concept and framework, and to show scalability to support a Phase II development. 

PHASE II: Prototype and demonstrate the selected aspect of system modification acquisition planning and analysis support for the Challenge Problem selected in Phase I. Expand features to include the capability to recommend compliance approaches based on characteristics of a modification, and to identify artifacts necessary to be generated during modification development and test to satisfy impacted criteria. 

PHASE III: Correctly estimating and resourcing the effort necessary to retain operating credentials in a regulatory environment is a ubiquitous challenge for civil airspace operators and other industries. The results of Phase II will be a technology readiness sufficient to attract bridge funds for full-scale development specific to a System Program Office (such as the C-130); then ultimately investment toward a full-operating-capability product. 


1: "Survey of Model-Based Systems Engineering (MBSE) Methodologies", Jeff A. Estefan, Jet Propulsion Laboratory, California Institute of Technology, 2008.

2:  "Verification of Cyber-Physical Systems", Majumdar, Murray, and Prabhakar, 2014.

3:  "Evidence Based Certification: The Safety Case Approach", Kelly, High Integrity Systems Engineering Group, University of York, 2008.

KEYWORDS: System Modeling, Architecture Modeling, Evidence-based Certification, Formal Methods, Acquisition Analysis, Acquisition Planning, Airworthiness, CNS-ATM Compliance, Cyber-security Compliance, Agile Acquisition, Change Impact Analysis 


Greg Moster (AFRL/RQVI) 

(937) 656-8780 

US Flag An Official Website of the United States Government