Home' RTCA Documents for Review : DO-356A Contents 38
© RTCA, 2018
Interface location by domain or zone (e.g., cockpit, cabin, galley, etc),
define organizations, policies and roles
Interfaces within the aircraft for use by passenger devices,
Interfaces within the aircraft for use by cabin and flight crew devices,
Interfaces within the aircraft for use by maintenance and product support
Interfaces with ground systems,
Interfaces to other aircraft systems.
Field-Loadable Software (FLS) and User Modifiable Software (UMS) are external
data that are transmitted through the aircraft dataloading functions from the
external interfaces that support maintenance. These external interfaces must be
assessed for security and added to the security perimeter and threat
The amount of detail should be appropriate to the phase of the development. During
preliminary design, the security perimeter does not need to specify the protocol or
technical design of the external interface (unless they are already known), but needs
only to specify the general nature of the interface and the external persons that can
contact that part through that interface. Whereas during final integration the protocol or
technical design of the external interface should be specified.
Typical inputs to this activity include all aircraft and system specifications.
And typical outputs from this activity include:
Point(s) of entry (logical and physical) to asset
Updated security perimeter
Possible interactions, and information exchanges with the environment
Description of information exchange path thru the architecture
Security Environment and Trust
The security environment describes the assumptions and requirements about the
persons, organizations, and external systems outside the security perimeter that
interact with the assets under consideration. This includes all the different phases of
operation and maintenance applicable to aircraft and system under assessment.
Assumptions are environmental conditions beyond the control of an
operational authority and should be validated through a validation study
within the Verification Activities. External requirements should be
documented in the Security Guidance Documentation, see section 4.1.4.
Considerations that may affect the risk assessment are relevant and should be
expressed as assumptions in the security environment, including:
Classification of persons and organizations by their authorization and trust
relationships, typically by defining roles.
Example: If flight plans prepared by ground personnel are part of a security
perimeter, then assumptions about the trustworthiness of the ground personnel
role should be added to the security environment.
Classification of the interfaces of the security perimeter by the roles and entities
that have access to them.
List the potential types of attack that are considered or not considered for an
interface of the security perimeter (man-in-the-middle, DoS on WiFi, etc).
Classification of threat sources.
Example: Classification according to ARINC 811, Attachment 3, 3-4.2 .1 
Consideration of any protection outside the aircraft / system that is taken as given
in the risk assessment.
Examples: Security measures within the ground IT networks, Airport physical
security, access policies such as in air (e.g. avionics bay), on ground in airport
environment or on ground in MRO operations
Links Archive Navigation Previous Page Next Page