The Green UAS frameworks focus on threats and risks in the following assessment areas: corporate cyber hygiene, product and device security, remote operations and connectivity, and supply chain management. Each framework includes a set of security controls against which organizations and products are assessed and validated.
Passing certification and becoming Green UAS cleared indicates compliance to the frameworks.
Green UAS Certification applicants have the opportunity to remediate any of the issues found during the process to continue onto the cleared list. Those products that make it onto the cleared list are then entered into a continuous monitoring process.
 |  |  |  |
Corporate Cyber Hygiene
Assessment of an organization’s enterprise cyber security strategy, enterprise program and defined controls. A review of whether the strategy and program are in alignment with leading practice Standards Frameworks, such as the ISO (International Organization for Standardization) and National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) and similarly recognized controls guidance.
Product and Device Security
Assessment of the drone or component to ensure it has been designed, developed, and manufactured to assure the safety and security of data used to support UxS Systems and mission operations. Security controls to be tested will be based on specific operational context, application and criticality of the system.
Remote Operations & Connectivity
Assessment of the UxS systems’ connectivity for remote operations and management to assure that command and control (C2) of UxS systems can only be conducted by authorized operators, that telemetry and mission data transmitted by UxS systems is protected and secure to ensure confidentiality, integrity, and availability. Currently not available for drones that wish to go from Green to Blue.
Supply Chain Risk Management
Physical vulnerability assessment of the drone and any payloads, control stations, controllers, etc. Including a component and subcomponent review to ensure NDAA compliance for those seeking to transition to Blue UAS/DoD use. For those not selling to DoD, the Green UAS framework offers flexibility based on criticality and use-case as well as transparency to better inform acquisition decisions. Manufacturers will need to provide the assessor a software bill of materials (SBOM), hardware bill of materials (HBOM), and ship a drone and all of its components to the assessor for a teardown evaluation.
Green UAS vs Blue UAS
The Green UAS certification program builds upon and extends the Defense Innovation Unit (DIU)’s Blue UAS framework. While Blue UAS is tailored for platforms directly supporting DoD missions, Green UAS serves the broader commercial and non-DoD market, offering a rigorous, standardized vetting process aligned with federal cybersecurity and supply chain expectations. It also supports a broader network of NDAA-compliant, secure drones for procurement across public and private sectors, helping buyers across all use cases identify trusted systems.
As DIU updates its list of Blue UAS Recognized Assessors, AUVSI intends to leverage the Green UAS program as a ready-made pathway to support this evolving process. We will share additional details as they become available.
