UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

close
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

RTCA DO-355

Information Security Guidance for Continued Airworthiness

active, Most Current
Buy Now
Organization: RTCA
Publication Date: 10 September 2020
Status: active
Page Count: 80
scope:

ED-202A / DO-326A and ED-203A / DO-356A provide guidance in addressing airworthiness security during the aircraft product life cycle from project initiation until the aircraft Type Certificate (Amended Type Certificate, Supplemental Type Certificate and Amended Supplemental Type Certificate) is issued for the aircraft type design. In addition, it includes the handover of information about the Type Design that is necessary to ensure continuing airworthiness with respect to possible information security threats.

ED-204A / DO-355A (this document) provides guidance for the following stages of the product life cycle: operation, support, maintenance, administration, and decommissioning.

Where an organization subcontracts any activities in these stages, the organization retains the responsibility for aircraft information security (for contracted maintenance providers, refer to section 1.6.3).

A forthcoming document titled "Guidance on Information Security Event Management" (ISEM) will be jointly published by EUROCAE and RTCA. This document will provide guidance for managing security incidents and events that affect aircraft safety and it will support the existing safety event management guidance. It will provide guidance for processes, assessment and disposition, data exchanges, reporting, and other concerns that need to be performed in response to information security events.

Topics in the scope of Type Certification activities that are related to operation and maintenance of the aircraft such as Instructions for Continued Airworthiness (ICA) and security guidance documents are introduced in ED-202A / DO-326A and detailed in ED-204A / DO-355A. In such cases ED-202A / DO-326A provides references to ED-204A / DO-355A.

This document addresses information security risks only. The security measures to mitigate these risks are not limited to technical security measures; they may also be operational or management security measures.

Apart from the classical Instructions for Continued Airworthiness that are directly related to aircraft parts and systems, this document also provides guidance on Ground Support Equipment and Ground Support Information Systems that are related to the security of aircraft information systems and data networks as illustrated in Figure 1-1. Only Airborne software that can have effect on aircraft safety are in the scope of this document

Note: The material in subsequent sections is only applicable if the aircraft and the operator use the features described.

Document History

RTCA DO-355
September 10, 2020
Information Security Guidance for Continued Airworthiness
ED-202A / DO-326A and ED-203A / DO-356A provide guidance in addressing airworthiness security during the aircraft product life cycle from project initiation until the aircraft Type Certificate...
June 17, 2014
Security DO-355 Information Security Guidance for Continuing Airworthiness
This document is a resource for civil aviation authorities and the aviation industry when the operation and maintenance of aircraft and the effects of information security threats can affect aircraft...

References

Advertisement