It is often the case that safety-critical systems have to be reconfigured during operation because of issues such as changes in the system?s operating environment or the failure of software or hardware components. Operational systems exist that are capable of reconfiguration, but previous research and the techniques employed in operational systems for the most part either have not addressed the issue of assurance or have been developed in an ad hoc manner. In this paper we present a comprehensive approach to assured reconfiguration, providing a framework for formal verification that allows the developer of a reconfigurable system to use a set of application-level properties to show general reconfiguration properties. The properties and design are illustrated through an example from NASA's Runway Incursion Prevention System.