系统安全军用标准MIL-STD-882E(中文全文)

MIL–STD–883推力标准MIL-STD-883推力标准（Military Standard Test Method for Microcircuits）是美国军用标准，用于测试微电路元件在受到环境影响时可能经历的推力变化。

MIL-STD-883标准所定义的所有推力值都是以g（即重力加速度）为单位，该标准涵盖了“持续抖动”，“瞬时抖动”和“冲击抖动”等多个因素的测试。

MIL-STD-883推力标准规定推力测试的时间段分为三个阶段：准备，测试和恢复。

在准备阶段，待测试产品应配备正确的设备来测试微电路元件，同时，在推力测试之前，还需要检查各种安全标准是否都符合，并由QA部门签字确认。

期间，还需要安排员工来控制测试的整个过程和进行安全管理。

在测试阶段，不同的推力值会在不同的温度环境下应用于待测定的元件上，包括低温（-196°C至+85°C）和高温（-55°C至+125°C）。

MIL-STD-883规定，低温部分应用的推力值为25 g（0.25 ms），峰峰值和保持时间分别为50 g（1 ms）和11 ms；高温部分应用的推力值为15 g（0.15 ms），峰峰值和保持时间分别为30 g（0.3 ms）和6 ms。

此外，MIL-STD-883规定，在完成推力测试前，还必须记录和存档测试要求，以确保能够进行正确分析和结果报告。

在恢复阶段，完成推力测试之后，用于测试的微电路元件应当严格按照建立的标准进行复原活动，以保证受到的损伤达到最小值。

通过MIL-STD-883推力标准的测试，可以溯源检测微电路元件的可靠性，同时确保微电路元件的性能，减少设备出现故障的风险，提高设备的可用性。

因此，现代微电路制造厂纷纷采用MIL-STD-883推力标准来保证其产品的可靠性和可用性。

常用的军用电磁兼容测试标准
随着军事技术的不断进步和发展，军用电子设备在现代战争中扮演着至关重要的角色。

为了确保军用电子设备能够在电磁环境下正常运作，军用电磁兼容测试成为了必不可少的一环。

以下是常用的军用电磁兼容测试标准：
1. MIL-STD-461：该标准旨在规定军用电子设备在电磁环境下的要求和测试方法，包括辐射和传导两种测试方法。

2. MIL-STD-464：该标准是一项指导性文件，旨在确保不同系统和设备在电磁环境下协同工作。

它规定了电磁环境的分类、行动和计划、电磁干扰源和敏感性评估等方面的要求。

3. RTCA DO-160：该标准是一项航空工业标准，规定了航空电子设备在电磁环境下的要求和测试方法。

4. CISPR 22：该标准规定了电子设备在射频辐射的限制和测量方法。

5. IEC 61000：该标准规定了电子设备在电磁环境下的要求和测试方法，包括辐射和传导两种测试方法。

以上是常用的军用电磁兼容测试标准，其中MIL-STD-461和MIL-STD-464是美国军方颁布的标准，而RTCA DO-160则是航空工业标准。

这些标准的制定旨在确保军用电子设备在电磁环境下能够正常工作，为现代战争的胜利提供坚实的支持。

- 1 -。

美军标883的对应国内标准-概述说明以及解释1.引言1.1 概述概述部分的内容可以包括以下几个方面：引言部分主要是对该篇文章的背景和意义进行简要介绍，可以提及以下内容：- 美军标883，也即美国军方的标准MIL-STD-883，是一份关于电子元器件可靠性测试方法的标准。

这份标准对于确保电子元器件的可靠性和性能至关重要，不仅在军事领域具有重要意义，也在民用领域有广泛应用。

- 近年来，我国的电子元器件产业迅速发展，国内对于电子元器件的测试与认证标准也日益重要。

为了满足国内市场对高质量电子元器件的需求，有必要对照美军标883制定国内对应的标准，以确保产品的质量与性能。

- 本文将对比分析美军标883与国内对应标准的内容和要求，探讨其差异与相似之处，并对其对国内电子元器件产业的影响与建议进行讨论。

通过对这两个标准的比较，可以为我国电子元器件产业的发展提供一定的借鉴和指导。

引言部分的概述应该简洁明了，能够准确介绍该文章的主题和研究方法，同时能够激发读者的兴趣，引导读者进一步阅读后续内容。

1.2文章结构文章结构部分的内容可以包括以下内容：文章结构部分的主要目的是介绍本文的组织结构和各个章节的内容，以便读者能够更好地理解和阅读文章。

本文分为引言、正文和结论三个部分。

第一部分是引言部分。

在引言部分，首先要对文章的主题进行概述，简要介绍美军标883以及国内对应的标准的背景和重要性。

其次，说明文章结构，即介绍各个章节的内容和安排。

最后，阐明本文的目的，即通过对比分析美军标883和国内对应标准的内容，探讨其差异和影响，并给出相关建议。

第二部分是正文部分。

在正文部分，首先要详细介绍美军标883的内容，包括其主要内容和要求。

可以列举一些关键点和具体规定，以帮助读者更好地理解。

然后，介绍国内对应的标准，包括其起草背景、内容和适用范围等方面。

可以结合实际案例和数据进行说明，以论证国内对应标准的有效性和实用性。

第三部分是结论部分。

美军颁发安全性军用标准MILSTDE(可以直接使用，可编辑实用优秀文档，欢迎下载）美军颁发安全性军用标准MIL-STD-882E曾天翔美国国防部从1969年7月发布第一个系统安全军用标准MIL-STD-882，到2021年5月颁发最新的标准MIL-STD-882E的42年中，该标准先后进行了6次重大修订，平均每7年修订一次，充分体现了美军重视跟踪标准的应用情况并及时进行修订，以保持标准的先进性和适用性。

随着美国国防战略计划和目标的改变和科学技术的发展，该标准的目标从保障武器装备和军事人员的安全向保持环境安全和人员职业健康延伸，标准的技术内容从设备硬件向系统软件扩展，实现系统安全目标的方法也从单项技术向系统集成演变。

-STD-882标准的演变和发展1969年7月，美国国防部首次颁发了系统安全军用标准MIL-STD-882“系统及其有关的分系统、设备的系统安全工作要求”，规定了系统安全管理、设计、分析和评价的基本要求。

该标准作为国防部范围内武器装备采办必须遵循的文件，系统安全成为美军各种武器装备研制必须采用的工作项目。

1977年6月，MIL-STD-882进行了修订后发布MIL-STD-882A“系统安全工作要求”。

MIL-STD-882A标准提出接受风险的概念，并以此作为系统安全工作的准则。

该标准要求引入危险可能性并建立危险发生频率的等级，以便与危险严重性等级相协调，同时还增加了软件安全性要求。

1984年3月MIL-STD-882A做了修订并颁发了MIL-STD-882B“系统安全工作要求”，提出系统安全工程和管理要求的详细指导原则，并首次详细描述软件系统安全。

在附录中给出了定性风险评价表。

1987年7月发布了MIL-STD-882B的修改通报，在这标准的修订中，增加了软件安全性的工作项目，包括软件需求危险分析、概要设计危险分析、软件安全性测试、软件与用户接口分析和软件更改危险分析等。

1993年1月MIL-STD-882B进行修订并发布了MIL-STD-882C“系统安全工作要求”，删除了MIL-STD-882B对软件独立规定的工作项目，将危险和软件系统安全工作整合在一起，接着在1996年1月发布了MIL-STD-882C的修改通报。

MIL-STD-883E - 1989年3月Method 1009.8221方法1009.8盐雾(腐蚀)1。

目的。

这个测试提出了一种加速实验室腐蚀试验模拟海岸大气对设备和包装元素的影响1 1术语和定义。

1.1.1腐蚀。

腐蚀是恶化的涂层或贱金属或两者的化学或电化学作用1 1 2腐蚀位置。

腐蚀位置是这测试产品的涂层或金属底材或两者都被的腐蚀。

1.1.3腐蚀产品(沉淀物)。

腐蚀的影响(即生锈、氧化铁、氧化镍、锡氧化物等)。

产品可能在腐蚀位置,或可能流或运行(由于行动的液体载体的盐),以至于覆盖住未腐蚀的区域。

1 1 4腐蚀斑。

腐蚀斑是一种半透明的沉淀物由于腐蚀产品1 1 5泡。

一个泡是一种局部肿胀造成涂层和金属底材之间的分离(s)。

1 1 6针孔。

一个针孔是一个小洞出现在涂层作为一个缺陷完全通过涂层渗透进来。

1 1 7点蚀。

点蚀是局部腐蚀的涂层或金属底材或两者,局限于一个点或小面积,它的表现方式为空盐雾测试机。

1.1.8剥落。

剥落分离小块的涂层,暴露了基地金属2。

装置。

设备用于盐雾试验应包括以下:一个。

接触室用固件支持设备。

暴露盐雾测试机和所有配件应由材料(玻璃、塑料等),将不会影响盐雾腐蚀的效果。

测试盐雾测试机所有接触测试样品的所有部件不应造成电解腐蚀。

测试盐雾测试机应排泄正常以防止压力增大和造成盐雾喷酒不均匀。

b。

盐溶液容器以足够保护周围环境。

如果有必要,辅助容器可能用于长时间测试按照测试条件C和D(见3.2)。

c。

意味着盐溶液的雾化,包括合适的喷嘴和压缩空气或氧气,80% 20%氮混合物(进入喷嘴的气体没有像油脂、污垢等杂质).d。

室加热方法和控制。

e。

在高于室温下加湿空气。

f.空气或惰性气体干燥器。

g。

放大镜(s)1 x 3 x,10倍至20 x和30 x 60 x3。

程序。

3.1维护和调节测试室。

清洗周期的目的是确保所有的材料维护和调节测试室。

清洗周期的目的是确保所有的材料这可能影响从测试移走后的测试结果。

mil-std标准
MIL-STD 是美国国防部制定的军事标准的缩写，全称是
Military Standard。

这些标准涵盖了各种军事设备、程序和工程方面的规范，旨在确保军事产品的质量、可靠性和互操作性。

MIL-STD 标准通常涵盖了诸如材料规范、测试方法、设计标准等内容，以确保军事设备在各种环境条件下的性能和可靠性。

这些标准对于美国国防部门的承包商和供应商具有指导作用，也在一定程度上影响了其他国家的军事标准和工业标准的制定。

总的来说，MIL-STD 标准在军事领域发挥着重要的规范和指导作用。

军用标准882D（重点提出了mishap的概念）1、范围1.1范围：该文件为指导系统安全的实施概述了一个准则。

正如此中所定义的那样，系统安全标准遵照国防部5000.2-R中规定的程序，并提供一个统一的评价可识别风险的方法。

一定要识别、评价事故风险，或将其降低到一个可以被政府接受的水平（这个水平是由系统使用者或顾客所决定的），并且与联邦政府（或使用它的州）的法律、法规、行政命令、条款和合约相符合。

在降低事故风险的研究中，采取任何措施时必须考虑全寿命周期的成本问题。

对于一个具体招标和合同来说，当需要查询军用标准882时会发现，在这个标准中没有针对这个合同具体的规定，只有应用在第四部分中所提到的那些条件。

2、适用的文件这个标准中的第三、四、五部分没有适用的文件。

该部分内容不含有在这个标准中其它章节所引用的文件，也没有推荐使用额外的信息或例子。

3、定义3.1标准中所使用的首字母缩略词。

定义如下：a.AMSDL采购管理系统和数据需求清单b.ANSI美国国家标准研究所c.DID数据项目表述d.DOD国防部e.ESH环境、安全和健康f.GEIA政府电子信息技术学会g.MAIS专业自动化信息系统h.MDAP主要防御获取大纲AF美国空军3.2定义。

在该标准中，应用到了如下定义（见6.4）3.2.1采购大纲（采购计划）：为提供一个新型的，改进的或是在用的系统而进行的具有指导性且有资金支持的工作，从而满足操作合法化的需要。

3.2.2开发商：经授权负责开发工作的个人或单位。

政府或承包商均可。

3.2.3危险：能够引发人员伤害、疾病、死亡，设备或财产的损失或损坏，环境危害的一种真实或潜在的状态。

（危险是事故发生的必要条件。

）3.2.4危险物质：由于化学、物理或生物特性而引起安全、公共健康、环境危害的物质。

这种物质需要进一步加强管理。

3.2.5寿命周期：系统寿命周期的所有阶段，包括设计、研制、开发、试验和评价、生产、使用、维护、报废的各个阶段。

NOTICE 3METHOD 2020.7PARTICLE IMPACT NOISE DETECTION TEST1. PURPOSE. The purpose of this test is to detect loose particles inside a device cavity. The test provides a nondestructive means of identifying those devices containing particles of sufficient mass that, upon impact with the case, excite the transducer.2. APPARATUS. The equipment required for the particle impact noise detection (PIND) test shall consist of the following (or equivalent):a. A threshold detector to detect particle noise voltage exceeding a preset threshold of the absolute value of 20 ±1millivolt peak reference to system ground.b. A vibration shaker and driver assembly capable of providing essentially sinusoidal motion to the device under test(DUT) at:(1)Condition A: 20 g peak at 40 to 250 Hz.(2)Condition B: 10 g peak at 60 Hz minimum.c.PIND transducer, calibrated to a peak sensitivity of -77.5 ±3 dB in regards to one volt per microbar at a point withinthe frequency of 150 to 160 kHz.d. A sensitivity test unit (STU) (see figure 2020-1) for periodic assessment of the PIND system performance. TheSTU shall consist of a transducer with the same tolerances as the PIND transducer and a circuit to excite thetransducer with a 250 microvolt ±20 percent pulse. The STU shall produce a pulse of about 20 mV peak on theoscilloscope when the transducer is coupled to the PIND transducer with attachment medium.e.PIND electronics, consisting of an amplifier with a gain of 60 ±2 dB centered at the frequency of peak sensitivity ofthe PIND transducer. The noise at the output of the amplifier shall not exceed 10 mV peak.f.Attachment medium. The attachment medium used to attach the DUT to the PIND transducer shall be the sameattachment medium as used for the STU test.g.Shock mechanism or tool capable of imparting shock pulses of 1,000 ±200 g peak to the DUT. The duration of themain shock shall not exceed 100 µs. If an integral co-test shock system is used the shaker vibration may beinterrupted or perturbed for period of time not to exceed 250 ms from initiation of the last shock pulse in thesequence. The co-test duration shall be measured at the 50 ±5 percent point.3. PROCEDURES.* 3.1 Test equipment setup. Shaker drive frequency and amplitude shall be adjusted to the specified conditions based on cavity size of the DUT (for condition A, see table I herein). The shock pulse shall be adjusted to provide 1,000 ±200 g peak to the DUT.3.2 Test equipment checkout. The test equipment checkout shall be performed a minimum of one time per operation shift. Failure of the system to meet checkout requirements shall require retest of all devices tested subsequent to the last successful system checkout.3.2.1 Shaker drive system checkout. The drive system shall achieve the shaker frequency and the shaker amplitude specified. The drive system shall be calibrated so that the frequency settings are within ±8 percent and the amplitude vibration setting are within ±10 percent of the nominal values. If a visual displacement monitor is affixed to the transducer, it may be used for amplitudes between 0.04 and 0.12 inch (1.02 and 3.05 mm). An accelerometer may be used over the entire range of amplitudes and shall be used below amplitudes of 0.040 inch (1.02 mm).Supersedes page 1 of MIL-STD-883EMETHOD 2020.722 March 19891NOTICE 33.2.2 Detection system checkout. With the shaker deenergized, the STU transducer shall be mounted face-to-face and coaxial with the PIND transducer using the attachment medium used for testing the devices. The STU shall be activated several times to verify low level signal pulse visual and threshold detection on the oscilloscope. Not every application of th e STU will produce the required amplitude. All pulses which are greater than 20 mV shall activate the detector.3.2.3 System noise verification. System noise will appear as a fairly constant band and must not exceed 20 millivolts peak to peak when observed for a period of 30 to 60 seconds.3.3 Test sequence. The following sequence of operations (a through i) constitute one test cycle or run.a. 3 pre-test shocks.b. Vibration 3 ±1 seconds.c. 3 co-test shocks.d. Vibration 3 ±1 seconds.e. 3 co-test shocks.f. Vibration 3 ±1 seconds.g. 3 co-test shocks.h. Vibration 3 ±1 seconds.i. Accept or reject.* 3.3.1 Mounting requirements. Special precautions (e.g., in mounting, grounding of DUT leads, or grounding of test operator) shall be taken as necessary to prevent electrostatic damage to the DUT. Batch testing is prohibited.Most part types will mount directly to the transducer via the attachment medium. Parts shall be mounted with the largest flat surface against the transducer at the center or axis of the transducer for maximum sensitivity. Where more than one large surface exists, the one that is the thinnest in section or has the most uniform thickness shall bemounted toward the transducer, e.g., flat packs are mounted top down against the transducer. Small axial-lead, right circular cylindrical parts are mounted with their axis horizontal and the side of the cylinder against the transducer.Parts with unusual shapes may require special fixtures. Such fixtures shall have the following properties:(1)Low mass.(2)High acoustic transmission (aluminum alloy 7075 works well).(3)Full transducer surface contact, especially at the center.(4)Maximum practical surface contact with test part.(5)No moving parts.(6)Suitable for attachment medium mounting.Supersedes page 2 of MIL-STD-883EMETHOD 2020.722 March 19892METHOD 2020.722 March 198933.3.2 Test monitoring. Each test cycle (see 3.3) shall be continuously monitored, except for the period during co-test shocks and 250 ms maximum after the shocks. Particle indications can occur in any one or combinations of the three detection systems as follows:a.Visual indication of high frequency spikes which exceed the normal constant background white noise level.b.Audio indication of clicks, pops, or rattling which is different from the constant background noise present with no DUT on the transducer.c.Threshold detection shall be indicated by the lighting of a lamp or by deflection of the secondary oscilloscope trace.3.4 Failure criteria. Any noise bursts as detected by any of the three detection systems exclusive of background noise, except those caused by the shock blows, during the monitoring periods shall be cause for rejection of the device. Rejects shall not be retested except for retest of all devices in the event of test system failure. If additional cycles of testing on a lot are specified, the entire test procedure (equipment setup and checkout mounting, vibration, and co-shocking) shall be repeated for each retest cycle. Reject devices from each test cycle shall be removed from the lot and shall not be retested in subsequent lot testing.3.5 Screening lot acceptance. Unless otherwise specified, the inspection lot (or sublot) to be screened for lot acceptance shall be submitted to 100 percent PIND testing a maximum of five times in accordance with condition A herein. PINDprescreening shall not be performed. The lot may be accepted on any of the five runs if the percentage of defective devices in that run is less than 1 percent. All defective devices shall be removed after each run. Lots which do not meet the 1 percent PDA on the fifth run, or exceed 25 percent defectives cumulative, shall be rejected and resubmission is not allowed.TABLE I. Package height vs. test frequency for 20 g acceleration (condition A).Average internal cavityheightFrequency Milsmm Hz <4041-5051-6061-7071-8081-9091-100>100<1.02 1.03-1.27 1.28-1.52 1.53-1.78 1.79-2.03 2.04-2.29 2.30-2.54>2.54 130 120 110 100 90 80 70 60NOTE: The approximate average internal packageheight shall be measured from the floor of thepackage cavity or the top of the major substratefor hybrid or multichip assemblies and shallexclude the thickness of the die mounted insidethe package.4. SUMMARY. The following details shall be specified in the applicable acquisition document:a.Test condition letter A or B.b.Lot acceptance/rejection criteria (if other than specified in 3.5).c.The number of test cycles, if other than one.d.Pre-test shock level and co-test shock level, if other than specified.METHOD 2020.722 March 19894NOTES:1. Pushbutton switch: Mechanically quiet, fast make, gold contacts. E.G. T2 SM4 microswitch.2. Resistance tolerance 5 percent noninductive.3. Voltage source can be a standard dry cell.4. The coupled transducers must be coaxial during test.5. Voltage output to STU transducer 250 microvolts, ±20 percent.FIGURE 2020-1 Typical sensitivity test unit.METHOD 2020.722 March 19895。

美国常用军用标准 MIL-STD分类：美军 | 标签：美军标MIL-STD-469-1966 雷达工程电磁兼容*设计要求MIL-STD-463A 电磁干扰和电磁兼容*技术术语的定义和单位制MIL-STD-463A-1977 电磁干扰和电磁兼容*技术术语的定义和单位制MIL-STD-462-1986 暂行通知5(海军) 电磁干扰特*有测量MIL-STD-461C-10-1986 第10部分为控制电磁干扰面制订的电磁发射和敏感要求对商用电气和电机设备要求(C3类)MIL-STD-461C-9-1986 第9部为控制电磁干扰而制订的电磁发射和敏感度要求对在关键区内的机动发电及其有关部件不间断电源(UPS)以及可移动的供电和用电设备(EMP)的要求(C2类)MIL-STD-461C-8-1986 第8部为控制电磁干扰的发射与敏感度要求对战术和专用车辆及机动设备要求(C1类)MIL-STD-461C-6-1986 第6部为控制电磁干扰而制订的电磁发射和敏感度要求对潜艇内的设备和分系统的要求(A5类)第7部分为控制电磁干扰面制订的电磁发射和敏感要求对地面非关键区内的辅助设备和分系统的要求(B类)MIL-STD-461C-5-1986 第5部为控制电磁干扰的发射与敏感度要求对水面舰船内的设备和分系统要求(A4类)MIL-STD-461C-4-1986 第4部为控制电磁干扰而制订的电磁发射和敏感度要求对地面装置内的设备和分系统(固定的和移动的包括履带式和轮式车辆)的要求(A3类)MIL-STD-461C-3-1986 第3部为控制电磁干扰的发射与敏感度要求对星载和弹载设备和分系统(包括相应的地面辅助设备)要求(A2类)MIL-STD-461C-2-1986 第2部为控制电磁干扰而制订的电磁发射和敏感度要求对机载设备和分系统(包括相应的地面辅助设备)的要求(A1类)MIL-STD-461C-1-1986 第1部为控制电磁干扰的发射与敏感度要求总要求MIL-STD-461B 控制电磁干扰的发射与敏感度要求MIL-STD-461B-1980 为控制电磁干扰而制订的电磁发射和敏感*要求MIL-STD-454G-1980 电子设备标准的通用要求MIL-STD-4538(USAF)-1977 射线照相探伤MIL-STD-449D-1973 无线电频谱特*的测量MIL-STD-414-1957 计量检查抽样程序和表MIL-STD-414-1957 计量检查抽样程序和表MIL-STD-413B-1969 橡胶O形圈外观检验指南MIL-STD-403B-1968 火箭和导弹结构用铆钉和螺钉的准备及其装配MIL-STD-401B-1967 夹层结构与芯材通用试验方法MIL-STD-291B-1967 标准战术空中导航(塔康)信号MIL-STD-290D-1976 石油及石油产品的包装MIL-STD-285-1956 电子试验用电磁屏蔽室的衰减测量方法MIL-STD-280A-1969 产品等级产品互换* 样机及有关术语定义MIL-STD-255A 交流和直流电压MIL-STD-220A-1959 插入损耗的测量方法MIL-STD-210B-1973 军用设备的气候极限MIL-STD-210B-1973 军用设备的气候极限MIL-STD-210A 军用设备的气候极限MIL-STD-209E-1976 用于起吊和栓系军用装备的吊装和栓系设备MIL-STD-202F-1980 电子及电气试验方法MIL-STD-202C 电子设备电气元件试验方法MIL-STD-200K-1974 优选电子管MIL-STD-196D-1985 电子设备联合型号命名系统MIL-STD-190C-1977 橡胶制品的识别标志MIL-STD-188-313-1973 视距横向微波和对流层散射无线电远程距离通信分系统设计和工程标准及其设备技术设计标准MIL-STD-188-322-1976 远程视距(LOS)数字微波无线电传输的分系统设计/工程和设备技术设计标准MIL-STD-188-317-1972 远距离通信标准高频无线电通信分系统设计和工程标准及其设备的技术设计标准MIL-STD-188-313-1973 视距横向微波和对流层散射无线电远距离通信分系统设计和工程标准及其设备的技术设计标准MIL-STD-188-124-1978 远程战术通信系统通用的接地连接屏蔽MIL-STD-188-114-1976 数字接口电路的电气特*MIL-STD-188-110-1980 远程/战术通用数据调制解调器设备技术设计标准MIL-STD-188-100-1972 远程通信系统和战术通信系统通用技术标准MIL-STD-188C(2)-1976 军用通信系统技术标准MIL-STD-187-310-1976 国际通信系统交换的规划标准MIL-STD-177A-1969 橡胶制品外观缺陷术语MIL-STD-172B-1968 液体推进剂容器和颜色标记MIL-STD-167-2(SHIPS)-1974 舰船设备的机械振动(往复机械推进系统和轴系) MIL-STD-167-1-1974 船舶设备的机械振动(Ⅰ环境振动)(Ⅱ自激振动)MIL-STD-109B 质量保证的术语与定义MIL-STD-108E 电气和电子设备机壳定义和基本要求MIL-STD-108E-1966 电气和电子设备机壳定义和基本要求MIL-STD-105E-1989 计数检查抽样程序及表MIL-STD-105D-1963 计数抽样检查程序及表MIL-STD-35-107(MI)-1976 自动工程文件编制系统连接器插口插塞和试验点MIL-STD-35-98A(MI)-1983 自动工程文件编制系统可变电容器MIL-STD-35-63-1974 工程文件自动编制系统半导体器件斩波晶体管MIL-STD-35-60-1973 工程文件自动编制系统半导体器件光电晶体管MIL-STD-35-75-1976 工程文件自动编制体系微波/波导元件MIL-STD-35-44(MI)-1974 自动工程文件编制系统自整角机MIL-STD-792E(SH)-1986 用于专用部件的识别标记要求MIL-STD-785B-1980 系统和设备研制和生产可靠*管理规划MIL-STD-781D-1986 工程研制鉴定和生产的可靠*试验MIL-STD-781 置信区间MIL-STD-780F(AS)-1984 航空设备工作单元代*(统一编*体系)MIL-STD-761B 船用交流电源的特*和利用MIL-STD-757-1964 根据验证数据评定产品可靠*的程序MIL-STD-756B-1981 可靠*模型的建立和可靠*预计MIL-STD-753A-1963 耐蚀钢零件表面钝化的抽样检验和试验MIL-STD-751(舰船) 海军舰只与海岸用雷达信号输出标准MIL-STD-750B 半导体器件试验方法MIL-STD-750C-1983 半导体器件试验方法MIL-STD-740-2(SH)-1986 舰船设备结构振动加速度的测量和验收衡准MIL-STD-740-1(舰船)-1986 舰船设备空气噪声的测量和验收标准MIL-STD-670B-1968 多孔弹*材料的分类法和试验MIL-STD-668D-1978 食品工厂的卫生标准MIL-STD-642J-1978 战斗与战术运输车辆的识别标志MIL-STD-490-1968 规范的编制规则MIL-STD-471A-1973 维修*的核查验证和评价MIL-STD-470A-1983 系统和设备维修*管理规划MIL-STD-965A-1985 零件控制大纲MIL-STD-962 军用标准和手册的制订格式和规则MIL-STD-961A-1981 军用规范与关联文件的编制MIL-STD-904-1975 给养品的昆虫污染准则MIL-STD-903A-1978 军队自动售货点卫生标准MIL-STD-900B-1981 用于制备武装力量使用的罐头食品的淀粉面粉谷物通心面奶粉和糖的细菌标准MIL-STD-889B-1988 异种金属MIL-STD-883D-1991 微电子器件的试验方法和程序MIL-STD-883B 微电子器件的试验方法和程序MIL-STD-883C-1983 微电子器件的试验方法和程序MIL-STD-882A-1979 系统安全规划要求MIL-STD-878A-1968 航空轮胎和轮辋和尺寸表示及间隙确定的方法METHOD DIMENSIONING AND DETREMININCLEARANCE FOR AIRCRAFT TLRES AND RIMSMIL-STD-871A(USAF)-1979 无机(镀)膜层的电化学退除MIL-STD-870A(USAF)-1978 电沉积低脆*镉镀层MIL-STD-868A(USAF)-1979 电沉积低脆*镀镍MIL-STD-866B(USAF)-1978 热处理到等于或大于180000磅/英寸的钢件和镀铬钢件的磨削MIL-STD-826A(USAF)-1966 电磁干扰的试验要求与试验方法MIL-STD-810D-1983 环境试验方法和工程导则MIL-STD-810C-1975 空间及陆用设备环境试验方法MIL-STD-810A-1958 空间及陆用设备环境试验方法MIL-STD-1277A-1970 电气用拼接件夹子接线端接线板接线柱MIL-STD-1276C-1979 电子元器件引线MIL-STD-1271B-1981 增补军用车辆说明标牌内容的符号MIL-STD-1252-1975 惯*磨擦焊过程工艺及*能鉴定MIL-STD-1246A-1967 产品清洁度等级和污染控制大纲MIL-STD-1224-1960 充气轮胎目视检验指南(非航空轮胎用)VISUAL INSPECTION GUIDE FOR PHEUMATIC TIRES(NOANIRCRAFT)MIL-STD-1223V-1981 非战术轮式车辆的处理涂漆防锈识别标志和数据标牌标准MIL-STD-1188A 物资与装备的商用包装MIL-STD-1186-1963 产品装箱时加缓冲垫固定防摆动支撑填塞和防水及相应的试验方法MIL-STD-1184(AT)-1979 汽油电气部件的防水*试验MIL-STD-1180(AT)-1976 军用地面车辆安全标准MIL-STD-1197A-1976 军用车辆灯具反射器和有关信号设备MIL-STD-1165-1968 (地球)环境术语汇编MIL-STD-1157-1965 纺织品试验方法的校准与检定程序MIL-STD-1156C-1982 软饮料工厂的卫生标准MIL-STD-1132A-1976 开关及其附件的选择和使用MIL-STD-1131B-1979 铝电解电容器的库存寿命和老炼程序MIL-STD-1130B(1)-1979 无焊绕接的电连接MIL-STD-977-1982 微型电路生产线鉴定用试验方法和程序MIL-STD-976A-1981 JAN微电路的认证要求MIL-STD-1399/072-1978 船舶系统冲击界面标准MIL-STD-1399 船舶系统的界面标准MIL-STD-1397(USAF)-1973 海军系统标准数字数据输入/输出接口MIL-STD-1390C-1988 美**用标准维修等级MIL-STD-1389A-1977 标准电子模块设计要求MIL-STD-1385B-1986 预防电磁辐射对军械系统危害的一般要求MIL-STD-1378B 标准电子模块使用要求MIL-STD-1366B-1981 装备器材运输系统的尺寸和重量**的规定MIL-STD-1360A-1979 熔断器熔断器座及其有关另件的选择和使用MIL-STD-1543(USAF)-1974 宇航及导弹系统可靠*的计划要求MIL-STD-1542(USAF)-1974 宇航系统附属设备的电磁兼容*(EMC)和接地要求MIL-STD-1541A-1987 航天系统的电磁兼容*要求MIL-STD-1540B-1982 航天器试验要求MIL-STD-1538(USAF)-1973 研制试验和鉴定阶段的导弹及空间系统的备件与维护MIL-STD-1535A-1974 供应商质量保证规划的要求MIL-STD-1534-1972 航空燃气涡轮发动机设计技术要求。

MIL-STD-883E - 1989年3月Method 1009.8221方法1009.8盐雾(腐蚀)1。

目的。

这个测试提出了一种加速实验室腐蚀试验模拟海岸大气对设备和包装元素的影响1 1术语和定义。

1.1.1腐蚀。

腐蚀是恶化的涂层或贱金属或两者的化学或电化学作用1 1 2腐蚀位置。

腐蚀位置是这测试产品的涂层或金属底材或两者都被的腐蚀。

1.1.3腐蚀产品(沉淀物)。

腐蚀的影响(即生锈、氧化铁、氧化镍、锡氧化物等)。

产品可能在腐蚀位置,或可能流或运行(由于行动的液体载体的盐),以至于覆盖住未腐蚀的区域。

1 1 4腐蚀斑。

腐蚀斑是一种半透明的沉淀物由于腐蚀产品1 1 5泡。

一个泡是一种局部肿胀造成涂层和金属底材之间的分离(s)。

1 1 6针孔。

一个针孔是一个小洞出现在涂层作为一个缺陷完全通过涂层渗透进来。

1 1 7点蚀。

点蚀是局部腐蚀的涂层或金属底材或两者,局限于一个点或小面积,它的表现方式为空盐雾测试机。

1.1.8剥落。

剥落分离小块的涂层,暴露了基地金属2。

装置。

设备用于盐雾试验应包括以下:一个。

接触室用固件支持设备。

暴露盐雾测试机和所有配件应由材料(玻璃、塑料等),将不会影响盐雾腐蚀的效果。

测试盐雾测试机所有接触测试样品的所有部件不应造成电解腐蚀。

测试盐雾测试机应排泄正常以防止压力增大和造成盐雾喷酒不均匀。

b。

盐溶液容器以足够保护周围环境。

如果有必要,辅助容器可能用于长时间测试按照测试条件C和D(见3.2)。

c。

意味着盐溶液的雾化,包括合适的喷嘴和压缩空气或氧气,80% 20%氮混合物(进入喷嘴的气体没有像油脂、污垢等杂质).d。

室加热方法和控制。

e。

在高于室温下加湿空气。

f.空气或惰性气体干燥器。

g。

放大镜(s)1 x 3 x,10倍至20 x和30 x 60 x3。

程序。

3.1维护和调节测试室。

清洗周期的目的是确保所有的材料维护和调节测试室。

清洗周期的目的是确保所有的材料这可能影响从测试移走后的测试结果。

军用车辆电气标准
以下为军用车辆电气标准：
1. MIL-STD-1275B：电源系统的需求和试验方法，包括军用车辆所需的电源输入。

2. MIL-STD-461F：电磁兼容性的要求和试验方法，包括检测和控制电磁干扰以确保电气设备按预期运作。

3. MIL-STD-202G：测试方法标准，以确保军用电气设备能够承受环境、操作和负载的要求。

4. MIL-STD-810H：环境工程考虑因素的试验方法标准，包括了温度、湿度、高度和振动等试验项，以确保电气设备在军用环境下的可靠性和耐用性。

5. MIL-STD-1399-300B：交流和直流电源标准，包括了电源系统组件和负载的要求，以确保电气设备与军用电网相容并且兼容。

6. MIL-STD-1553B：数字通信总线标准，用于军用飞机、车辆、火炮的控制系统和数据传输。

包括了硬件、软件、电路和测试方法等方面的要求。

以上标准均面向军用电气设备，旨在确保其能够在严酷的军用环境下长期稳定运行，并满足作战需求。

系统安全军用标准MIL-STD-882E(中文全文)前言1.此标准被批准应用于国防部所有的军事部门和国防机构。

2.此系统安全标准是系统工程的关键要素，它为识别、分析和减轻危险提供了一个标准和通用方法。

3.国防部承诺保护个人免受意外的死亡、伤害、职业病以及在执行国防要求的任务时，保护防御系统、基础设施和财产免受意外的毁坏或破坏。

在任务要求里，国防部也会确保把环境保护到最大可能的程,整个这些努力就是使用系统安全方法来识别危险并处理与危险相关的风险。

国防部的关键目标是扩大系统安全方法论的使用，来把风险管理融入到整个系统工程当中，而不是把危险看做是操作因素。

它不仅可以被系统安全专家使用.还可以应用于其他功能学科，比如火灾保护工程师、职业健康专家和环境工程师来识别危险并通过系统工程减轻风险。

此文件的目的不是在其他功能学科使用系统安全解决个人的危险管理问题，但是，所有使用此通用方法的功能学科都应该把工作协调为整个系统工程的一部分，因为一个学科减轻危险的措施可能会在其他学科产生危险。

4.此系统安全标准确定了国防部识别危险并评价和减轻相关风险的方法，这些危险和风险是在防御系统的开发、测试、生产、使用以及报废阶段遇到的。

这个方法描述了要与国防部指令一致。

国防部指令定义了风险的可接受水平。

5.本次修订包含了满足政府和工业要求的改变，恢复了任务说明书。

这些任务可能在合同文件中规定。

当本标准在要求或合同中需要的时候，如果没有特殊要求，只有第三章和第四章是强制的。

3.2和整个第四章的定义描绘了任何国防部系统可接受的系统安全最低的强制性定义和要求。

本次修订把标准的执行与当前的国防部政策相结合，支持国防部的战略性计划和目标，调整了信息的组织安排，阐明了系统安全过程的基本要素，阐明了术语并定义了任务说明书来改善危险管理。

本标准强化了其它功能学科与系统工程的结合，最终通过大纲改进危险管理实务的一致性。

特殊的改变包括：a. 重新介绍了任务说明书：（1） 100-系列任务-管理（2） 200-系列任务-分析ii（3） 300-系列任务-评价（4） 400-系列任务-确认b. 强调了可应用的技术要求的识别c. 包括附加的任务：（1）危险物质管理计划（2）功能危险分析（3）系统之间危险分析（4）环境危险分析d. 应用严重性描述损失价值的增加e. 增加了“消除”可能性水平f. 增加了软件系统工程技术和实务g. 更新了附录6.对此文件的评论、建议或问题应该递交到美国空军装备司令部总部iii附录B(2) 与由软件引起并控制的系统危险相关的风险是可以接受的，基于证据（危险，起因以及降低风险的措施已经根据国防部顾客的要求得以识别，执行以及核实）。

MIL-STD-882E简介1、范围1.1范围。

这个系统安全标准的实行确定了国防部系统工程的方法来消除危险，如果可能的话，或者使那些不能消除的危险的风险最小化。

国防部指令里5000.02定义了风险可接受的优先性。

这个标准覆盖了系统、产品、设备、基础设施（包括硬件和软件的）贯穿于整个设计、研发、实验、产品、使用和清理阶段的所有危险。

当这个标准在一个说明或是合同里被要求但是又没有特定的任务被定义时，只有三、四部分是强制的。

3.2里的定义和第四部分描绘了最小化强制性定义和要求对于任何国防部系统的一个可接受的系统安全工作。

2、适用的文件2.1通用。

在这部分文件列出的是标准的第三、四、五部分里规定的。

这一章不包括本标准中其他章节引用的文件或是推荐的额外信息或是例子。

然而每个努力都已经被做确保这一列表的完成。

无论是否列出，文件使用者应注意到他们一定会遇到在本标准第三、四、、五章里引用的文件的规定要求。

2.2政府文件2.2.1说明书、标准和手册。

下面的说明书、标准和手册在某种规定的范围内形成了文件的一部分。

除非不被规定的，这些文件的问题都在合同里被引用。

国际标准化协议AOP52 NATOAOP52.关于软件安全设计的指导和相关计算系统必需品的评估。

（这个文件的副本在这个https:///doc/9e11399154.html,/quicksearc h/网站上可以获得或从标准化文件排序桌面获得。

费城罗宾斯大街700号4D建筑PA 19111-5094）国防部手册没有指定者软件系统安全工程接口手册（这个文件的副本在这个/doc/9e11399154.html,/links/网站上可以获得）12.2.2其他的政府文件、图纸和出版物。

下面这些其他政府文件、图纸和出版物形成了文件规定程度上的一部分。

除了没有规定的，这些文件的问题就是在合同里引用的。

国防部指令DoDI 5000.02- 防御获得系统的操作9DoDI 6055.07- 事故通告、调查、报道和记录保持(这个文件的副本在这个/doc/9e11399154.html,/links/网站上可以获得)2.3优先命令。

摘要：计算机硬件技术的发展和软件可以实现几乎人机系统的各个方面的自动化。

鉴于这些技术的能力，是否应该使系统的功能是自动的，到什么程度，是一个值得考虑的问题。

我们为设计自动化类型和层次的模型提供了一个框架，并提供这样的选择的客观依据。

自动化的适当选择是很重要的，然而自动化不只是取代而是改变人类的活动，对操作人员进行新的协调提出了要求。

可以应用于功能的自动化四大类：1）信息采集；2）信息分析；3）决策和行动选择；4）措施的实施。

在每个这些类型，一个从低到高连续的自动化水平可以应用，即，从全手动到全自动。

一个特定的系统可以包括在不同的自动化水平所有四种类型。

对于特定的自动化类型的系统，设计自动化水平的最主要评估标准就是人类绩效结果。

次要的评估标准包括自动化的可靠性和决策/行动后果的成本。

文章最后的例子采用本文提供的模型进行了自动化设计。

II.自动化机，尤其是电脑，现在能够进行许多在之前只能由人类执行的功能。

机器执行这样的功能——自动化——也得到了扩展的功能，包括人类不希望执行，或不能像可靠的机那样准确执行的任务。

在自动化系统发展中的技术问题——有特定功能的自动化，和相关的传感器的特性，控制，和软件——非常值得关注。

考虑到许多这种系统设计的复杂性和灵活性，这也并不奇怪（例如，一架大型喷气式飞机自动着陆，或对接的两飞船）。

自动化可以提供经济效益，这一点同样也使得公众更加关注自动化的技术能力。

相反，在自动化的大量技术文献，有一个小但日益增长的研究热点检查包含在自动化系统中的人的能力。

这项工作已经清楚地表明自动化不简单地取代人类的活动而是改变这些活动，常以一种出乎意料的方式有自动化的设计者进行，并对操作人员提出新的协调要求。

然而，直到最近，这些研究结果没有太多的工程和设计的知名度和影响力。

人类绩效问题的研究尤其重要，因为考虑到如今没有什么不能被自动化，现代技术能力迫使系统设计者考虑的一些艰难的选择——将什么功能自动化和到什么程度。

DRAFT MIL-STD-882D DEPARTMENT OF DEFENSESTANDARD PRACTICESYSTEM SAFETYAMSC N/A AREA SAFTFOREWORD1. This standard is approved for use by all Departments and Agencies of the Department of Defense (DoD).2. The DoD is committed to protecting personnel from accidental death, injury, or occupational illness; weapon systems, equipment, material, and facilities from accidental destruction or damage; and the public from death, injury, illness, or property damage as a result of executing its mission of national defense. While meeting mission requirements, the DoD will also ensure to the maximum extent practicable that the quality of the environment is protected. The DoD has implemented environmental, safety, and health efforts to meet these objectives. Integral to these efforts is the use of a system safety approach to manage the risk of mishaps associated with DoD operations. A key objective of the DoD system safety approach is to ensure that mishap risk identification and mitigation, consistent with mission requirements, are included in technology development and designed into systems, subsystems, equipment, facilities, and their interfaces and operation. The DoD goal is zero mishaps.3. This standard addresses an approach (a standard practice normally identified as system safety) useful in the management of environmental, safety, and health mishap risks encountered in the development, test, production, use, and disposal of systems, subsystems, equipment, and facilities. The approach described herein conforms to the acquisition procedures in DoD Regulation 5000.2-R and provides a consistent means of evaluating identified mishap risks. Mishap risk must be identified, evaluated, and mitigated to a level acceptable (as defined by the system user or customer) to the appropriate authority, and compliant with federal laws and regulations, Executive Orders, treaties, and agreements. Program trade studies associated with mitigating mishap risk must consider total life cycle cost in any decision. Residual mishap risk associated with an individual system must be reported to and accepted by appropriate authority. When MIL-STD-882 is required in a solicitation or contract and no specific references are included, then only those requirements presented in paragraph 4 are applicable.4. This current revision represents application of the tenets of acquisition reform to the use of system safety in Government procurement. A joint Government and industry integrated process team was formed to oversee the revision. Industry was represented on the integrated process team by the Government Electronic and Information Technology Association (GEIA),G-48 committee on system safety. The system safety tasks associated with previous versions of this standard have been placed in the Defense Acquisition Deskbook (see 6.8). This standard is no longer the source for any safety-related data item descriptions (DIDs).5. Beneficial comments (recommendations, additions, deletions) and any pertinent information that may be of use in improving this document should be addressed to: HQ Air Force Materiel Command (SES), 4375 Chidlaw Road, Wright-Patterson AFB, OH 45433-5006, by using the Standardization Document Improvement Proposal (DD Form 1426) appearing at the end of this document or by letter or electronic mail.CONTENTSPARAGRAPH PAGE FOREWORD (ii)1. SCOPE (1)1.1 Scope (1)2. APPLICABLE DOCUMENTS (1)3. DEFINITIONS (1)3.1 Acronyms used in this standard (1)3.2Definitions (1)3.2.1Acquisition program (1)3.2.2Developer (1)3.2.3Hazard (1)3.2.4Hazardous material (1)3.2.5Life cycle (1)3.2.6Mishap (2)3.2.7Mishap risk (2)3.2.8Program manager (2)3.2.9Residual mishap risk (2)3.2.10Safety (2)3.2.11Subsystem (2)3.2.12System (2)3.2.13System safety (2)3.2.14System safety engineering (2)4. GENERAL REQUIREMENTS (3)4.1Documentation of the system safety approach (3)4.2Identification of hazards (3)4.3Assessment of mishap risk (3)4.4Identification of mishap risk mitigation measures (3)4.5Reduction of mishap risk to an acceptable level (4)4.6Verification of mishap risk reduction (4)4.7Review of hazards and acceptance of residual mishap risk by the appropriateauthority (4)4.8Tracking of hazards and residual mishap risk (4)5.DETAILED REQUIREMENTS (4)6. NOTES (5)6.1Intended use (5)6.2Data requirements (5)6.3Subject term (key words) listing (5)6.4Definitions used in this standard (6)6.5International standardization agreements (6)6.6Explosive hazard classification and characteristic data (6)6.7Use of system safety data in certification and other specialized safety approvals ..6 6.8DoD acquisition practices (6)6.9Identification of changes (6)APPENDIXESA Guidance for implementation of system safety efforts (7)CONCLUDING MATERIAL (24)TABLESTABLE PAGE A-I.Suggested mishap severity categories (17)A-II.Suggested mishap probability levels (18)A-III.Example mishap risk assessment values (19)A-IV.Example mishap risk categories and mishap risk acceptance levels (19)1. SCOPE1.1 Scope. This standard defines a standard practice for conducting system safety.The practice defined herein conforms to the acquisition procedures inDoD Regulation 5000.2-R and provides a consistent means of evaluating identified risks. Mishap risk must be identified, evaluated, and mitigated to a level acceptable (as defined by the system user or customer) to the appropriate authority and compliant with federal laws and regulations, Executive Orders, treaties, and agreements. Program trade studies associated with mitigating mishap risk must consider total life cycle cost in any decision. Residual mishap risk associated with an individual system must be reported to and accepted by appropriate authority. When MIL-STD-882 is required in a solicitation or contract and no specific paragraphs of this standard are identified, then only those requirements presented in paragraph 4 are applicable. 2. APPLICABLE DOCUMENTSNo applicable documents are specified in sections 3, 4, and 5 of this standard. This section does not include documents cited in other sections of this standard or recommended for additional information or as examples.3. DEFINITIONS3.1 Acronyms used in this standard. The acronyms used in this standard are defined as follows:a. DoD Department of Defenseb. ESH Environmental, Safety, and Health3.2 Definitions. Within this document, the following definitions apply (see 6.4):3.2.1Acquisition program. A directed, funded effort that is designed to provide a new, improved, or continuing system in response to a validated operational need.3.2.2Developer. The individual or organization assigned responsibility for a development effort. Developers can be either internal to the government or contractors.3.2.3Hazard. Any real or potential condition that can cause injury, illness, or death to personnel; damage to or loss of equipment or property; or damage to the environment.3.2.4Hazardous material. Any substance that, due to its chemical, physical, or biological nature, causes safety, public health, or environmental concerns that would require an elevated level of effort to manage.3.2.5Life cycle. All phases of the system's life including research, development, test and evaluation, production, deployment (inventory), operations and support, and disposal.3.2.6Mishap. An unplanned event or series of events resulting in death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.3.2.7Mishap risk. An expression of the impact and possibility of a mishap in terms of potential mishap severity and probability of occurrence.3.2.8Program manager. A government official who is responsible for managing an acquisition program. Also, a general term of reference to those organizations directed by individual managers, exercising authority over the planning, direction, and control of tasks and associated functions essential for support of designated systems. This term will normally be used in lieu of system support manager, weapon program manager, system manager, and project manager when such organizations perform these functions.3.2.9Residual mishap risk. The remaining mishap risk that exists after all mitigation techniques have been implemented or exhausted, in accordance with the system safety design order of precedence (see4.4).3.2.10 Safety. Freedom from those conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.3.2.11Subsystem. A grouping of items satisfying a logical group of functions within a particular system.3.2.12System. An integrated composite of people, products, and processes that providea capability to satisfy a stated need or objective.3.2.13System safety. The application of engineering and management principles, criteria, and techniques to achieve acceptable mishap risk, within the constraints of operational effectiveness, time, and cost, throughout all phases of the system life cycle.3.2.14System safety engineering. An engineering discipline that employs specialized professional knowledge and skills in applying scientific and engineering principles, criteria, and techniques to identify and eliminate hazards, in order to reduce the associated mishap risk.4. GENERAL REQUIREMENTSThis section defines the system safety requirements that are to be performed throughout the life cycle for any system, new development, upgrade, modification, resolution of deficiencies, or technology development. When properly applied, these requirements are designed to ensure the identification and understanding of all known hazards and their associated risks, and that mishap risk is eliminated or reduced to accepted levels. The objective of system safety is to achieve acceptable mishap risk through a systematic approach of hazard analysis, risk assessment, and risk management. The requirements of this standard practice shall be applied without tailoring. When MIL-STD-882 is required in a solicitation or contract and no specific references are included, then only the requirements in this section are applicable. System safety requirements consist of the following:4.1Documentation of the system safety approach. Document the developer's and program manager's approved system safety engineering approach. This documentation will:a. Describe the program’s implementation of the requirements of this standard, including identification of the hazard analysis and mishap risk assessment processes to be used.b. Include information on how system safety will be integrated into the overall program structure.c. Define how hazards and residual mishap risk are communicated to and accepted by the appropriate risk acceptance authority (see 4.7) and how hazards and residual mishap risk will be tracked (see 4.8).4.2Identification of hazards. Identify hazards through a systematic hazard analysis process encompassing detailed analysis of system hardware and software, the environment (in which the system will exist), and the intended usage or application. Historical hazard and mishap data, including lessons learned from other systems, are considered and used. Identification of hazards is a responsibility of all members of the program. During hazard identification, consideration is given to hazards over the system life cycle.4.3Assessment of mishap risk. Assess the severity and probability of the mishap risk associated with each identified hazard, i.e., determine the potential impact of the hazard on personnel, facilities, equipment, operations, the public, and the environment, as well as on the system itself.4.4Identification of mishap risk mitigation measures. Identify potential mishap risk mitigation alternatives and the expected effectiveness of each alternative or method. Mishap risk mitigation is an iterative process that culminates when the residual mishap risk has been reduced to a level acceptable to the appropriate authority. The system safety design order of precedence for mitigating identified hazards is:a. Eliminate hazards through design selection. If an identified hazard cannot be eliminated, reduce the associated mishap risk to an acceptable level.b. Incorporate safety devices. If the hazard cannot be eliminated, reduce the mishap risk to an acceptable level through the use of protective safety features or devices.c. Provide warning devices. If safety devices do not adequately lower the mishap risk of the hazard, include a detection and warning system to alert personnel to the particular hazard.d. Develop procedures and training. Where it is impractical to eliminate hazards through design selection or to reduce the associated risk to an acceptable level with safety and warning devices, incorporate special procedures and training. Procedures may include the use of personal protective equipment.4.5 Reduction of mishap risk to an acceptable level. Reduce the mishap risk through a mitigation approach mutually agreed to by both the developer and the program manager. Residual mishap risk and hazards must be communicated to the associated test effort for verification.4.6 Verification of mishap risk reduction. Verify the mishap risk reduction and mitigation through appropriate analysis, testing, or inspection. Document the determined residual mishap risk. New hazards identified during testing must be reported to the program manager and the developer.4.7 Review of hazards and acceptance of residual mishap risk by the appropriate authority. Notify the program manager of identified hazards and residual mishap risk. The program manager must ensure that remaining hazards and residual mishap risk are reviewed and accepted by the appropriate risk acceptance authority. The appropriate risk acceptance authority must include the system user in the mishap risk review. The appropriate risk acceptance authority must formally acknowledge and document acceptance of hazards and residual mishap risk.4.8 Tracking of hazards and residual mishap risk. Track hazards, their closure, and residual mishap risk. A tracking system for hazards, their closure, and residual mishap risk must be maintained throughout the system life cycle. The program manager must keep the system user apprised of the hazards and residual mishap risk.5.DETAILED REQUIREMENTSProgram managers must identify in the solicitation and system specification any specific requirements for the system safety engineering effort including risk assessment and acceptance, unique classifications and certifications (see 6.6 and 6.7), or any unique mishap reduction needs for their program. Additional information on developing specific requirements for a program is located in Appendix A.6. NOTES(This section contains information of a general or explanatory nature that may be helpful, but is not mandatory.)6.1Intended use. This standard establishes a common basis for expectations of a properly executed system safety effort.6.2Data requirements. Hazard analysis data may be obtained from contracted sources by citing DI-MISC-80508, Technical Report - Study/Services. When it is necessary to obtain data, the applicable Data Item Descriptions (DIDs) must be listed on the Contract Data Requirements List (DD Form 1423), except where the DoD Federal Acquisition Regulation Supplement exempts the requirement for a DD Form 1423. The developer and the program manager are encouraged to negotiate access to internal development data when hard copies are not necessary.Currently available DIDs that may be applicable to a system safety effort include (check DoD 5010.12-L, Acquisition Management Systems and Data Requirements Control List (AMSDL) or /, for the most current version before use):DID Number DID TitleDI-MISC-80043 Ammunition Data CardDI-SAFT-80101 System Safety Hazard Analysis ReportDI-SAFT-80102 Safety Assessment ReportDI-SAFT-80103 Engineering Change Proposal System Safety ReportDI-SAFT-80104 Waiver or Deviation System Safety ReportDI-SAFT-80105 System Safety Program Progress ReportDI-SAFT-80106 Occupational Health Hazard AssessmentDI-SAFT-80184 Radiation Hazard Control ProceduresDI-MISC-80508 Technical Report - Study ServicesDI SAFT-80931 Explosive Ordnance Disposal DataDI-SAFT-81065 Safety Studies ReportDI-SAFT-81066 Safety Studies PlanDI-ADMN-81250 Conference MinutesDI-SAFT-81299 Explosive Hazard Classification DataDI-SAFT-81300 Mishap Risk Assessment ReportDI-ILSS-81495 Failure Mode, Effects, Criticality Analysis Report6.3Subject term (key word) listing.EnvironmentalHazardMishapMishap riskOccupational HealthResidual mishap riskMishap RiskSafetySystem safetySystem safety engineering6.4Definitions used in this standard. The definitions at 3.2 may be different from those used in other specialty areas. One must carefully check the specific definition of a termin question for its area of origination before applying the approach described in this document.6.5International standardization agreements. Certain provisions of this standard are the subject of international standardization agreements (AIR STD 20/23B, Safety Design Requirements for Airborne Dispenser Weapons, and STANAG No. 3786, Safety Design Requirements for Airborne Dispenser Weapons). When amendment, revision, or cancellation of this standard is proposed which will modify the international agreement concerned, the preparing activity will take appropriate action through international standardization channels, including departmental standardization offices, to change the agreement or make other appropriate accommodations.6.6Explosive hazard classification and characteristic data. Any new or modified item of munitions or of an explosive nature that will be transported to or stored at a DoD installation or facility must first obtain an interim or final explosive hazard classification. The system safety effort should provide the data necessary for the program manager to obtain the necessary classification(s). These data should include identification of safety hazards involved in handling, shipping, and storage related to production, use, and disposal of the item.6.7Use of system safety data in certification and other specialized safety approvals. Hazard analyses are often required for many related certifications and specialized reviews. Examples of activities requiring data generated during a system safety effort include: Federal Aviation Agency airworthiness certification of designs and modifications, DoD airworthiness determination, nuclear and non-nuclear munitions certification, flight readiness reviews, flight test safety review board reviews, Nuclear Regulatory Commission licensing, Department of Energy certification. Special safety-related approval authorities include USAF Radioisotope Committee, Weapon System Explosive Safety Review Board (Navy), Non-Nuclear Munitions Safety Board (USAF), Army Fuze Safety Review Board, Triservice Laser Safety Review Board, and the DoD Explosive Safety Board.6.8DoD acquisition practices. Information on DoD acquisition practices is presented in the Defense Acquisition Deskbook available from the Deskbook Joint Program Office, Wright-Patterson Air Force Base, Ohio, or /. Nothing in the referenced information is considered additive to the requirements provided in this standard.6.9Identification of changes. Marginal notations are not used in this revision to identify changes with respect to the previous issue due to the extent of the changes.APPENDIX AGUIDANCE FOR IMPLEMENTATION OFA SYSTEM SAFETY EFFORTA.1 SCOPEA.1.1 Scope. This appendix provides rationale and guidance to fit the needs of most system safety efforts. It includes further explanation of the effort and activities available to meet the requirements described in paragraph 4 of this standard. This appendix is not a mandatory part of this standard. However, program managers may extract portions of this appendix for inclusion in requirements documents and solicitations.A.2 APPLICABLE DOCUMENTSA.2.1 General. The documents listed in this section are referenced in sections A.3, A.4, and A.5. This section does not include documents cited in other sections of this appendix or recommended for additional information or as examples.A.2.2 Government documents.A.2.2.1 Specifications, standards, and handbooks. This section is not applicable to this appendix.A.2.2.2 Other Government documents, drawings, and publications. The following other Government document forms a part of this document to the extent specified herein. Unless otherwise specified, the issue is that cited in the solicitation.DoD 5000.2-R Mandatory Procedures for Major Defense AcquisitionPrograms (MDAPs) and Major Automated InformationSystem (MAIS) Acquisition Programs(Copies of DoD 5000.2-R are available from the Washington Headquarters Services, Directives and Records Branch (Directives Section), Washington, DC or/).A.2.3 Non-Government publications. This section is not applicable to this appendix.A.2.4 Order of precedence. Since this appendix is not mandatory, in event of a conflict between the text of this appendix and the reference cited herein, the text of the reference takes precedence. Nothing in this appendix supersedes applicable laws and regulations unless a specific exemption has been obtained.A.3 DEFINITIONSA.3.1 Acronyms used in this appendix. No additional acronyms are used in this appendix.A.3.2 Definitions. Additional definitions that apply to this appendix:A.3.2.1Development agreement. The formal documentation of the agreed-upon tasks that the developer will execute for the program manager. For a commercial developer, this agreement usually is in the form of a written contract.A.3.2.2Fail safe. A design feature that ensures the system remains safe, or in the event of a failure, causes the system to revert to a state that will not cause a mishap.A.3.2.3Health hazard assessment. The application of biomedical knowledge and principles to identify and eliminate or control health hazards associated with systems in direct support of the life-cycle management of materiel items.A.3.2.4Mishap probability. The aggregate probability of occurrence of the individual events that might be created by a specific hazard.A.3.2.5Mishap probability levels. An arbitrary categorization that provides a qualitative measure of the most reasonable likelihood of occurrence of a mishap resulting from personnel error, environmental conditions, design inadequacies, procedural deficiencies, or system, subsystem, or component failure or malfunction.A.3.2.6Mishap risk assessment.The process of characterizing hazards within risk areas and critical technical processes, analyzing them for their potential mishap severity and probabilities of occurrence, and prioritizing them for handling.A.3.2.7Mishap risk categories. An arbitrary categorization of mishap risk assessment values often used to generate specific action such as mandatory reporting of certain hazards to management for action, or formal acceptance of the associated mishap risk.A.3.2.8Mishap severity. An assessment of the consequences of the most reasonable credible mishap that could be caused by a specific hazard.A.3.2.9Mishap severity category. An arbitrary categorization that provides a qualitative measure of the most reasonable credible mishap resulting from personnel error, environmental conditions, design inadequacies, procedural deficiencies, or system, subsystem, or component failure or malfunction.A.3.2.10Safety critical. A term applied to any condition, event, operation, process, or item whose proper recognition, control, performance, or tolerance is essential to safe system operation and support (e.g., safety critical function, safety critical path, or safety critical component).A.3.2.11System safety management. All plans and actions taken to identify, assess, mitigate, and continuously track, control, and document environmental, safety, and health mishap risks encountered in the development, test, acquisition, use, and disposal of DoD weapon systems, subsystems, equipment, and facilities.A.4 GENERAL REQUIREMENTSA.4.1 General. System safety applies engineering and management principles, criteria, and techniques to achieve acceptable mishap risk, within the constraints of operational effectiveness, time, and cost, throughout all phases of the system life cycle. It draws upon professional knowledge and specialized skills in the mathematical, physical, and scientific disciplines, together with the principles and methods of engineering design and analysis, to specify and evaluate the environmental, safety, and health mishap risk associated with a system. Experience indicates that the degree of safety achieved in a system is directly dependent upon the emphasis given. The program manager and the developer must apply this emphasis during all phases of the life cycle. A safe design is a prerequisite for safe operations, with the goal being to produce an inherently safe product that will have the minimum safety-imposed operational restrictions.A.4.1.1 System safety in environmental and health hazard management. DoD 5000.2-R has directed that environmental, safety, and health hazard management be integrated into the systems engineering process. While environmental and health hazard management are normally associated with the application of statutory direction and requirements, the management of mishap risk associated with actual environmental and health hazards is directly addressed by the system safety approach. Therefore, environmental and health hazards can be analyzed and managed with the same tools as any other hazard, whether they affect equipment, the environment, or personnel.A.4.2Purpose (see 1.1). All DoD program managers shall establish and execute programs that manage the probability and severity of all hazards for their systems(DoD 5000.2-R). Provision for system safety requirements and effort as defined by this standard should be included in all applicable contracts negotiated by DoD. These contracts include those negotiated within each DoD agency, by one DoD agency for another, and by DoD for other Government agencies. In addition, each DoD in-house program will address system safety. This appendix is not intended for reference, use, or implementation in contractual documents.A.4.2.1 Solicitations and contracts. The requirements of paragraph 4 shall be applied to acquisitions without tailoring. MIL-STD-882 should be incorporated in the list of contractual compliance documents, and the potential of a developer to execute paragraph 4 requirements should be included as source selection evaluation criteria. Developers are encouraged to submit with their proposal a preliminary plan that describes the system safety effort required for the requested program. When directed by the program manager, this preliminary plan may be attached to the contract or referenced in the statement of work; it becomes the basis for a contractual system safety program.A.4.3 System safety planning. Prior to formally documenting the system safety approach, the program manager, in concert with systems engineering and associated system safety professionals, must determine what system safety effort is necessary to meet program and regulatory requirements. This effort will be built around the requirements set forth in paragraph 4 and includes developing a planned approach for safety task accomplishment, providing qualified people to accomplish the tasks, establishing the authority for implementing the safety tasks through all levels of management, and allocating appropriate resources to ensure that the safety tasks are completed.A.4.3.1 System safety planning subtasks. System safety planning subtasks should:a. Establish specific safety performance requirements (see A.4.3.2) based on overall program requirements and system user inputs.b. Establish a system safety organization or function and the required lines of communication with associated organizations (government and contractor). Establish interfaces between system safety and other functional elements of the program, as well as with other safety and engineering disciplines (such as nuclear, range, explosive, chemical, and biological). Designate the organizational unit responsible for executing each safety task. Establish the authority for resolution of identified hazards.c. Establish system safety milestones and relate these to major program milestones, program element responsibility, and required inputs and outputs.d. Establish an incident alerting/notification, investigation, and reporting process, to include notification of the program manager.e. Establish an acceptable level of mishap risk, mishap probability and severity thresholds, and documentation requirements (including but not limited to hazards and residual mishap risk).f. Establish an approach and methodology for reporting to the program manager the following information:(1) Safety critical characteristics and features.(2) Operating, maintenance, and overhaul safety requirements.(3) Measures used to eliminate or mitigate hazards.(4) Acquisition management of hazardous materials.g. Establish the method for the formal acceptance and documenting of residual mishap risks and the associated hazards.。