Information Security Guidance for Continued Airworthiness
|Publication Date:||10 September 2020|
ED-202A / DO-326A and ED-203A / DO-356A provide guidance in addressing airworthiness security during the aircraft product life cycle from project initiation until the aircraft Type Certificate (Amended Type Certificate, Supplemental Type Certificate and Amended Supplemental Type Certificate) is issued for the aircraft type design. In addition, it includes the handover of information about the Type Design that is necessary to ensure continuing airworthiness with respect to possible information security threats.
ED-204A / DO-355A (this document) provides guidance for the following stages of the product life cycle: operation, support, maintenance, administration, and decommissioning.
Where an organization subcontracts any activities in these stages, the organization retains the responsibility for aircraft information security (for contracted maintenance providers, refer to section 1.6.3).
A forthcoming document titled "Guidance on Information Security Event Management" (ISEM) will be jointly published by EUROCAE and RTCA. This document will provide guidance for managing security incidents and events that affect aircraft safety and it will support the existing safety event management guidance. It will provide guidance for processes, assessment and disposition, data exchanges, reporting, and other concerns that need to be performed in response to information security events.
Topics in the scope of Type Certification activities that are related to operation and maintenance of the aircraft such as Instructions for Continued Airworthiness (ICA) and security guidance documents are introduced in ED-202A / DO-326A and detailed in ED-204A / DO-355A. In such cases ED-202A / DO-326A provides references to ED-204A / DO-355A.
This document addresses information security risks only. The security measures to mitigate these risks are not limited to technical security measures; they may also be operational or management security measures.
Apart from the classical Instructions for Continued Airworthiness that are directly related to aircraft parts and systems, this document also provides guidance on Ground Support Equipment and Ground Support Information Systems that are related to the security of aircraft information systems and data networks as illustrated in Figure 1-1. Only Airborne software that can have effect on aircraft safety are in the scope of this document
Note: The material in subsequent sections is only applicable if the aircraft and the operator use the features described.