More info
Description / Abstract: Airworthiness security is the protection of the airworthiness of an aircraft from intentional unauthorized electronic interference. This includes the consequences of malware and forged data and of access of other systems to aircraft systems.
This guidance provides methods and considerations for securing airworthiness during the aircraft development life cycle from project initiation until the Aircraft Type Certificate is issued for the aircraft type design. It was developed in the context of DO-326A/ED-202A "Airworthiness Security Process Specification" which addresses type certification considerations during the first three life cycle stages of an aircraft type (Initiation, Development or Acquisition, and Implementation) and DO-355/ED-204, "Information Security Guidance for Continuing Airworthiness" which addresses airworthiness security for continued airworthiness.
It is intended to be used in conjunction with other applicable guidance material, including SAE ARP 4754A/ED-79A, SAE ARP 4761/ED-135, DO-178C/ED-12C, and DO-254/ED-80 and with the advisory material associated with FAA AC 25.1309-1A and EASA AMC 25.1309, in the context of part 25 for Transport Category Airplanes which include an approved passenger seating configuration of more than 19 passenger seats. This guidance is not intended for CFR parts 23, 27, 29, 33.28, and 35.15, normal, utility, acrobatic, and commuter category airplanes, normal category rotorcraft, transport category rotorcraft, engines, and propellers.
This document does not address:
a. Physical security or physical attacks on the aircraft (or ground element),
b. Airport, Airline or Air Traffic Service Provider security (e.g., access to airplanes, ground control facilities, data centers),
c. Communication, navigation, and surveillance services managed by national agencies or their international equivalents (e.g., GPS, SBAS, GBAS, ATC communications, ADS-B).
The methods and considerations of this document address the assessment of the acceptability of the airworthiness security risk and the design and verification of the airworthiness security attributes as related to system safety and airworthiness. Other aspects of information security for aerospace systems that do not affect the airworthiness security of the type design are excluded. Recommendations for handling those aspects can be found in other guidance.
More specifically, this guidance addresses the following areas.
It provides guidance for accomplishing the activities identified in DO-326A/ED-202A in the areas of Security Risk Assessment and Effectiveness Assurance.
It provides specific methods for Security Risk Analysis and managing technical requirements for Network Security Domains.
Purpose
This document describes guidelines, methods and tools used in performing an airworthiness security process. The guidelines, methods and tools presented are not intended to be exhaustive and can be expected to be updated with additional methods and considerations, including those needed to meet evolving regulatory assumptions. Applicants can propose alternative practices for consideration by the authorities. Practices for airworthiness security are still undergoing evolution and refinement as new features are deployed and the security threat itself evolves.
RTCA/EUROCAE documents on Aeronautical Systems Security will address information security for the overall Aeronautical Information System Security (AISS) of airborne systems with related ground systems and environment. This guidance material is for equipment manufacturers, aircraft manufacturers, and anyone else who is applying for an initial Type Certificate (TC), and afterwards ( e.g. for Design Approval Holders (DAH)), Supplemental Type Certificate (STC), Amended Type Certificate (ATC) or changes to Type Certification for installation and continued airworthiness for aircraft systems, and is derived from understood best practice.