Green UAS Frameworks
The Green UAS frameworks focus on threats and risks in the following assessment areas: corporate cyber hygiene, product and device security, remote operations and connectivity, and supply chain management. Each framework includes a set of security controls against which organizations and products are assessed and validated.
Passing certification and becoming Green UAS cleared indicates compliance to the frameworks.
Green UAS Certification applicants have the opportunity to remediate any of the issues found during the process to continue onto the cleared list. Those products that make it onto the cleared list are then entered into a continuous monitoring process.
 |
 |
 |
 |
| |
|
| |
|
Corporate Cyber Hygiene
Assessment of an organization's enterprise cyber security strategy, enterprise program and defined controls. A review of whether the strategy and program are in alignment with leading practice Standards Frameworks, such as the ISO (International Organization for Standardization) and National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) and similarly recognized controls guidance.
Product and Device Security
Assessment of the drone or component to ensure it has been designed, developed, and manufactured to assure the safety and security of data used to support UxS Systems and mission operations. Security controls to be tested will be based on specific operational context, application and criticality of the system.
Remote Operations & Connectivity
Assessment of the UxS systems' connectivity for remote operations and management to assure that command and control (C2) of UxS systems can only be conducted by authorized operators, that telemetry and mission data transmitted by UxS systems is protected and secure to ensure confidentiality, integrity, and availability. Currently not available for drones that wish to go from Green to Blue.
Supply Chain Risk Management
Physical vulnerability assessment of the drone and any payloads, control stations, controllers, etc. Including a component and subcomponent review to ensure NDAA compliance for those seeking to transition to Blue UAS/DoD use. For those not selling to DoD, the Green UAS framework offers flexibility based on criticality and use-case as well as transparency to better inform acquisition decisions. Manufacturers will need to provide the assessor a software bill of materials (SBOM), hardware bill of materials (HBOM), and ship a drone and all of its components to the assessor for a teardown evaluation.
Green UAS vs Blue UAS
Green UAS certification program builds and expands upon the Defense Innovation Unit (DIU)’s Blue UAS certification program. It is designed for commercial and non-DoD customers who do not require a DoD authority to operate (ATO).
Green compliant drones that have a DoD customer/sponsor willing to provide and fund a DIU Authority to Operate (ATO) will have an opportunity to transition from the Green UAS cleared list to Blue UAS cleared list. Green UAS compliant components have the opportunity to opt-in to data sharing with the DIU through AUVSI for a seamless review and consideration for addition to the Blue UAS Framework list.