Home' RTCA Documents for Review : DO-356A Contents 70
© RTCA, 2018
As required by DO-326A / ED-202A, section 2.1, the compliance statement (supported
by the substantiation evidence) should show that all risks are identified, assessed,
mitigated as needed and acceptable.
Security Tool Management Introduction
Tools are considered regarding their possible impact:
Tool whose output is part of the airborne software and thus could insert an
Such tools are qualified according to the guidance given in DO-178C / ED-
12C. When considering the impact of known problems and functional
limitations of tools as part of the DO-330 / ED-215 objectives, these
considerations should also include vulnerabilities.
Relevant tools are the ones that can introduce vulnerabilities on the
product under development. It could be compiler, source code generator,
Tool that could fail to detect an vulnerability
Such tools should be qualified acocrding to DO-330 / ED-215 TQL-5.
Relevant tools are the ones that can fail to detect vulnerabilities on the
product under development. It could be fuzz testing, static code analysis,
attack tools, ...
TQL-5 qualification objectives may be satisfied without any tool
qualification data from the tool developer, as described in ED-215 / DO-
330 section 11.3.
Any scripts and supporting data for the attacks and scans that are not subject to tool
qualification are subject to:
Configuration control for identification, integrity, traceability, retrieval, retention,
and protection from unauthorized change.
The scripts and supporting data for the attacks and scans are also considered part of
the baseline for security environment and well-known vulnerabilities. They are subject
Updating as part of updated baseline for security verification and test plan data
immediately prior to vulnerability testing,
Updating as part of updated baseline for final security risk assessment data, and
Passed on as part of initial baseline for continuing airworthiness security.
Security Tool Management Objectives
The security tool management objectives include:
O13.1 Vulnerabilities are identified in relevant tools whose output is part of the airborne
software and thus could insert a vulnerability.
O13.3 Vulnerabilities are identified in relevant tools that could fail to detect a
The security tool management objectives in this section apply in addition to the
objectives of DO-330 / ED-215.
Tools used in the development of COTS software and hardware are out of
scope of these objectives.
CONFIGURATION MANAGEMENT CONTROL CATEGORIES
There are two general classes of control categories.
The basic category CC2 is used for verification and validation results, activity records,
and problem reports. It protects the integrity and identification of the configuration items,
and provides for archiving, retrieval, and data retention.
The more rigorous category CC1 is used for all design and implementation data,
assessments, certification plans and artifacts, and the configuration index itself. It starts
with the basic category, and adds tracking of the history of changes of the configuration
item along with controls of when changes are allowed, a problem reporting and
Links Archive Navigation Previous Page Next Page