Home' RTCA Documents for Review : DO-356A Contents 64
© RTCA, 2018
ED-202A / DO-326A define the requirements for a complete security risk management
and development program for aircraft with security requirements. This section is
concerned primarily with determining which aircraft, system and item level assurance
objectives are needed.
Security assurance is necessary to assure that security measures perform as intended
and that final product is free of known and unacceptable exploitable vulnerabilities.
Security assurance is conducted for requirements that address security measures of
the aircraft. The security measures are defined by these requirements that result from
the security assessment of the aircraft and its systems which assessment identifies
vulnerabilities in the architecture that must be mitigated. The security assurance to be
performed is similar to that performed in the safety assurance processes with
differences resulting from the additional concern for security, Intentional Unauthorized
Electronic Interaction (IUEI). In performing the security assessment, IUEI may point out
additional functionality (security measures) and therefore new requirements that are
needed to mitigate vulnerabilities and thus mitigate Safety Events Caused by Security
Aircraft type certification relies on an existing, well-established systems development
process used to develop digital systems and equipment. However this process,
described in multiple safety development standards, does not address IUEI.
This document describes security assurance objectives, activities and considerations
that address IUEI in aircraft systems in the context that recognizes both applicant’s
desire to augment the existing aircraft system/equipment development processes with
IUEI considerations, and also other applicant’s desire to address IUEI development
without relying on the existing development process standards.
Therefore, all security assurance objectives are described in this chapter, even though
many of them are stated as part of existing safety development assurance objectives.
This complete list allows evaluation against this document alone without reliance on the
However it is noted that many applicants will benefit from existing development
assurance process standards, like those specified in ED-79A / ARP 4754A, ED-12C /
DO-178C or ED-80 / DO-254, when applicable. Applicants could benefit from (safety)
development assurance activities that have been performed, by considering security
specific additions or modifications. Development Assurance Supplement
Considerations are provided in the following subsections where this is deemed
The security assurance objectives described in this document are separated into 2
sections. Section 4.1 describes Security Specific Assurances, a name for those
assurance objectives that are not related to other development assurance standards.
Section 4.2 describes Security Development Assurances which are grouped together
because of the likelihood that these assurance objectives overlap significantly with
safety process objectives. This document provides no mapping of security assurance
objectives to Development Assurance Levels.
The objectives stated in sections 4.1 and 4.2 are the assurance objectives necessary
to provide the maximum confidence (that is, at the highest security assurance level)
associated with addressing IUEI. Assurance objectives subsets for lessor confidence
(i.e. lower security assurance levels) are described in Appendix A.
SECURITY SPECIFIC ASSURANCE
Security specific assurance is a name for those assurance objectives that are not
related to other development assurance standards. These objectives address security
topics that are not covered by quality, reliability, safety or other development assurance
activities. These objectives require new effort for compliance regardless of the
Links Archive Navigation Previous Page Next Page