Home' RTCA Documents for Review : DO-230I, Airport Security Access Control Systems Contents 16
©2018 RTCA, Inc.
The purpose of cyber security is to mitigate the most serious threats to information technology and the
potential for adverse economic impact to nations and industries. The number of identified cyber
vulnerabilities increases daily and the need for collaborative approaches to combat these threats has become
more important. Hardening the digital infrastructure to make it more resilient to disruptions and unwanted
cyber penetration is a top priority item, along with the ability to recover quickly from any cyber incident.
The following subsections provide information relating initiatives of the government of the United States
and its operating agencies. This is not meant to be an exhaustive information session on cyber security
initiatives, but a representative sampling for consideration given the current debates and the possible
impacts to the operations of airport security systems. Cyber security is further explored in Section 9:
National Security Initiatives
The National Security strategy adopted for cyber security is to: 1) improve the resilience to cyber incidents;
and 2) reduce cyber threats. Several federal initiatives have been launched including National Security
Presidential Directive 54 and Homeland Security Presidential Directive 23 (NSPD-54/HSPD-23), and
states, local governments and private industries continue working on various approaches. The “National
Vulnerability” database is the standards-based federal repository of vulnerabilities reference data which is
sponsored by the DHS Cyber Security division.
FICAM Cyber Security Programs
The Federal Identity, Credential and Access Management (FICAM) initiative and the implementation of
access control systems rely on strong identity management practices combined with policies and procedures
to lessen cyber security incidents. The implementation guidelines outlined in the FICAM roadmap provide
guidance for interoperable and secure FICAM components as well as reference guidance to standards and
specifications for testing and system deployment.
EOP-OMB Cloud Computing Initiative
The Executive Office of the President - Office of Management and Budget (EOP-OMB) recognized the
complex nature of the federal enterprise and the proliferation of duplicative investments in technology and
issued directives to agency Chief Information Officer (CIO) heads to show a preference for using shared
services instead of separate independent systems. Cloud computing is one of the shared services being
explored. The General Services Administration (GSA), along with NIST and other agencies, is the Program
Management Office (PMO) for the Federal Risk and Authorization Management Program (FedRAMP).
GSA will provide a standards-based approach to security assessment, authorization, and continuous
monitoring for cloud products and services.
FedRAMP will not be a part of the guidance necessary for airport security access control and other systems.
However, depending on the tenant organizations within an airport and requirements for situational
awareness, there may be a need for airport operators to become familiar with security control requirements
as well as the roles and responsibilities for FedRAMP stakeholders. Ongoing rollout of the FedRAMP
initiative continues and readers should check with EOP-OMB for the latest guidance and applicability to
particular airport implementations.
Links Archive ACAS X MOPS DRAFT Vol. 2 Navigation Previous Page Next Page