UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

RTCA DO-355

Information Security Guidance for Continued Airworthiness

active, Most Current
Buy Now
Organization: RTCA
Publication Date: 10 September 2020
Status: active
Page Count: 80
scope:

ED-202A / DO-326A and ED-203A / DO-356A provide guidance in addressing airworthiness security during the aircraft product life cycle from project initiation until the aircraft Type Certificate (Amended Type Certificate, Supplemental Type Certificate and Amended Supplemental Type Certificate) is issued for the aircraft type design. In addition, it includes the handover of information about the Type Design that is necessary to ensure continuing airworthiness with respect to possible information security threats.

ED-204A / DO-355A (this document) provides guidance for the following stages of the product life cycle: operation, support, maintenance, administration, and decommissioning.

Where an organization subcontracts any activities in these stages, the organization retains the responsibility for aircraft information security (for contracted maintenance providers, refer to section 1.6.3).

A forthcoming document titled "Guidance on Information Security Event Management" (ISEM) will be jointly published by EUROCAE and RTCA. This document will provide guidance for managing security incidents and events that affect aircraft safety and it will support the existing safety event management guidance. It will provide guidance for processes, assessment and disposition, data exchanges, reporting, and other concerns that need to be performed in response to information security events.

Topics in the scope of Type Certification activities that are related to operation and maintenance of the aircraft such as Instructions for Continued Airworthiness (ICA) and security guidance documents are introduced in ED-202A / DO-326A and detailed in ED-204A / DO-355A. In such cases ED-202A / DO-326A provides references to ED-204A / DO-355A.

This document addresses information security risks only. The security measures to mitigate these risks are not limited to technical security measures; they may also be operational or management security measures.

Apart from the classical Instructions for Continued Airworthiness that are directly related to aircraft parts and systems, this document also provides guidance on Ground Support Equipment and Ground Support Information Systems that are related to the security of aircraft information systems and data networks as illustrated in Figure 1-1. Only Airborne software that can have effect on aircraft safety are in the scope of this document

Note: The material in subsequent sections is only applicable if the aircraft and the operator use the features described.

Document History

RTCA DO-355
September 10, 2020
Information Security Guidance for Continued Airworthiness
ED-202A / DO-326A and ED-203A / DO-356A provide guidance in addressing airworthiness security during the aircraft product life cycle from project initiation until the aircraft Type Certificate...
RTCA DO-355
June 17, 2014
Security DO-355 Information Security Guidance for Continuing Airworthiness
This document is a resource for civil aviation authorities and the aviation industry when the operation and maintenance of aircraft and the effects of information security threats can affect aircraft...

References

This document references:
ARINC 645 - COMMON TERMINOLOGY AND FUNCTIONS FOR SOFTWARE DISTRIBUTION AND LOADING
Published by ARINC on July 11, 2018
This specification focuses on loadable data and software, primarily Aircraft Controlled Software (ACS). This software is controlled at an aircraft level, meaning the software is treated as an...
This document references:
ARINC 645 - COMMON TERMINOLOGY AND FUNCTIONS FOR SOFTWARE DISTRIBUTION AND LOADING
Published by ARINC on July 11, 2018
This specification focuses on loadable data and software, primarily Aircraft Controlled Software (ACS). This software is controlled at an aircraft level, meaning the software is treated as an...
This document references:
ARINC 811 - COMMERCIAL AIRCRAFT INFORMATION SECURITY CONCEPTS OF OPERATION AND PROCESS FRAMEWORK
Published by ARINC on December 20, 2005
This document does not attempt to solve specific application, communication, or network security issues, but provides a concept of airline operations and process framework to AEEC subcommittees and...
This document references:
ARINC 827 - ELECTRONIC DISTRIBUTION OF SOFTWARE BY CRATE (EDS CRATE)
Published by ARINC on August 10, 2020
EDS describes the format for the exchange of aircraft software parts and other digital contents between business partners without requiring the use of physical media. These business partners include...
This document references:
ARINC 835 - GUIDANCE FOR SECURITY OF LOADABLE SOFTWARE PARTS USING DIGITAL SIGNATURES
Published by ARINC on January 2, 2014
Purpose Airlines place a high value on aircraft information security. This document provides background and detailed technical information on existing methods to secure loadable software parts. A...
This document is referenced by:
ARINC 641 - LOGICAL SOFTWARE PART PACKAGING FOR TRANSPORT
Published by ARINC on November 16, 2020
This standard is intended to be applicable to all aircraft loadable software. The standard may impact a variety of software tools including software data loaders, software mass storage devices,...
This document is referenced by:
DO-378A - Minimum Aviation System Performance Standard (MASPS) for Coexistence of Wireless Avionics Intra-Communication Systems within 4200-4400 MHz
Published by RTCA on June 23, 2022
Scope of the Document This document addresses the coexistence aspects of WAIC that arise from the use of the frequency band 4200-4400 MHz. Aspects that are addressed are: A. that a WAIC system does...
This document is referenced by:
DEF STAN 00-970: PART 0 - Certification Specifications for Airworthiness Part 0: PROCEDURES FOR USE, CONTENT AND DEFINITIONS
Published by MODUK on March 14, 2021
Part 0 provides guidance and content information, together with definitions of terms used throughout this Standard.
This document is referenced by:
DEF STAN 00-055: PART 1 - Requirements for Safety of Programmable Elements (PE) in Defence Systems Part 1: Requirements and Guidance
Published by MODUK on April 29, 2016
This Standard specifies the requirements for achieving, assuring and managing the Design Integrity of PE in PSS. This includes PE used by, or on behalf of, the MOD, and covers the whole-life support...
This document is referenced by:
667-3 - GUIDANCE FOR THE MANAGEMENT OF FIELD LOADABLE SOFTWARE
Published by ARINC on November 1, 2022
This document provides guidance to users of ACS for the development of methods to control and manage ACS. Ideals contained within this document were developed from past experiences and future...
This document is referenced by:
667-3 - GUIDANCE FOR THE MANAGEMENT OF FIELD LOADABLE SOFTWARE
Published by ARINC on November 1, 2022
This document provides guidance to users of ACS for the development of methods to control and manage ACS. Ideals contained within this document were developed from past experiences and future...
View Less
View All
Advertisement