Home' RTCA Documents for Review : DO-356A Contents 1
© RTCA, 2018
This document is the joint product of two industry committees: the EUROCAE Working
Group WG-72, titled “Aeronautical Systems Security” and the RTCA Special Committee
SC-216, also titled “Aeronautical Systems Security”. WG-72 was formed to address
information security for the overall Aeronautical Information System Security (AISS) of
airborne systems with related ground systems and environment, while SC-216 was
formed more specifically to address information security for certification of aircraft and
This document provides a set of methods and guidelines that may be used within the
airworthiness security process defined in ED-202A / DO-326A. It is recognized that
alternative methods to the processes described or references in this document may be
available to an organization desiring to obtain certification.
This document provides neither guidelines concerning the structure of an individual
organization nor how the responsibilities for certification activities are divided. No such
guidance should be inferred from the descriptions provided.
Airworthiness security is the protection of the airworthiness of an aircraft from intentional
unauthorized electronic interaction. Existing safety processes have not had to consider
Intentional unauthorized electronic interaction (also known as "unauthorized interaction"
within the scope of this document) is defined as human-initiated actions with the
potential to affect the aircraft due to unauthorized access, use, disclosure, denial,
disruption, modification, or destruction of electronic information or electronic aircraft
system interfaces. This definition includes the effects of malware on infected devices
and the logical effects of external systems on aircraft systems, but does not include
physical attacks or electromagnetic jamming.
This document provides methods and considerations for showing compliance for
airworthiness security during the aircraft life cycle. It was developed as a companion
document to ED-202A / DO-326A "Airworthiness Security Process Specification" which
addresses security aspects of aircraft certification and to ED-204 / DO-355, "Information
Security Guidance for Continuing Airworthiness" which addresses airworthiness
security for continued airworthiness.
This document assumes that its readers are knowledgeable of applicable guidance
material. The guidelines in this document were developed in the context of 14 CFR Part
25 and EASA CS-25. It may be applicable to other regulations, such as Parts 23, 27,
29, 33, and 35 (CS-23, CS-27, CS-29, CS-E, CS-P). It does not assume that applicants
are in compliance with the guidance materials referenced in this document, but does
assume that the applicant has in place a comprehensive flight safety program as part
of development and continued airworthiness which is compliant with regulation, and an
applicant may tailor this guidance appropriately in negotiation with regulatory
The methods and considerations of this document provide guidance for accomplishing
the airworthiness security process activities identified in ED-202A / DO-326A. See
section 1.3 for a discussion of the guidance provided. Appendix C lists the ED-202A /
DO-326A activities and references that are addressed in this version of the document.
Those aspects of information security that have no safety effect are out of the scope of
Those aspects of security that deal with physical interaction (“physical threats”) are out
of scope of this document.
Links Archive Navigation Previous Page Next Page