Standard: RTCA DO-326


This standard is available for individual purchase.

or unlock this standard with a subscription to IHS Standards Expert

IHS Standards Expert subscription, simplifies and expedites the process for finding and managing standards by giving you access to standards from over 370 standards developing organizations (SDOs).

  • Maximize product development and R&D with direct access to over 1.6 million standards
  • Discover new markets: Identify unmet needs and discover next-generation technologies
  • Improve quality by leveraging consistent standards to meet customer and market requirements
  • Minimize risk: Mitigate liability and better understand compliance regulations
  • Boost efficiency: Speed up research, capture and reuse expertise
For additional product information, visit the IHS Standards Expert page.

For more information or a custom quote, visit the IHS Contact Us page for regional contact information.

The guidance of this document adds to current guidance for aircraft certification to handle the threat of intentional unauthorized electronic interaction to aircraft safety. It adds data requirements and compliance objectives, as organized by generic activities for aircraft development and certification, to handle the threat of unauthorized interaction to aircraft safety and is intended to be used in conjunction with other applicable guidance material, including SAE ARP 4754A/ED-79A, DO-178C/ED-12C, and DO-254/ED-80 and with the advisory material associated with FAA AC 25.1309-1A and EASA AMC 25.1309, in the context of part 25 for Transport Category Aircraft which include an approved passenger seating configuration of more than 19 passenger seats. This guidance is not intended for CFR parts 23, 27, 29, 33.28, and 35.15, normal, utility, acrobatic, and commuter category airplanes, normal category rotorcraft, transport category rotorcraft, engines, and propellers.

This document does not address:

a. Physical security or physical attacks on the aircraft (or ground element),

b. Airport, Airline or Air Traffic Service Provider security (e.g., access to airplanes, ground control facilities, data centers),

c. Communication, navigation, and surveillance services managed by national agencies or their international equivalents (e.g., GPS, SBAS, GBAS, ATC communications, ADS-B).

This guidance material is for equipment manufacturers, aircraft manufacturers, and anyone else who is applying for an initial Type Certificate (TC), and afterwards ( e.g. for Design Approval Holders (DAH)), Supplemental Type Certificate (STC), Amended Type Certificate (ATC) or changes to Type Certification for installation and continued airworthiness for aircraft systems.

Special caution is recommended when applying this guidance to developments or operations already in place. This guidance is designed to be implemented across the full life cycle of an aircraft from design, through operations, to disposal. As such, it should first be applied to the design stage before its use in subsequent stages of the life cycle. If objectives are applied to aircraft which were not previously subject to these objectives during all stages of its life cycle, then it should be borne in mind that some aspects of the objectives will not be applicable. These aspects should be described and dealt with separately. For existing aircraft or aircraft in development, alternate processes are acceptable which may utilize some or all of processes of this document.

Intentional unauthorized electronic interaction (also known as "unauthorized interaction" within the scope of this document) is defined as human-initiated actions with the potential to affect the aircraft due to unauthorized access, use, disclosure, denial, disruption, modification, or destruction of electronic information or electronic aircraft system interfaces. This definition includes the effects of malware on infected devices and the logical effects of external systems on aircraft systems, but does not include physical attacks or electromagnetic jamming.


This document is a resource for Airworthiness Authorities (AA) and the aviation industry for certification when the development or modification of aircraft systems and the effects of intentional unauthorized electronic interaction can affect aircraft safety. It deals with the activities that need to be performed in support of the airworthiness process when it comes to the threat of intentional unauthorized electronic interaction. The companion document DO-355/ED-204 "Information Security Guidance for Continuing Airworthiness" addresses airworthiness security for continued airworthiness.

A companion document will provide a set of methods and guidelines that may be used within the airworthiness security process defined in DO-326A. The provision of methods in that document is not intended to mean that will be the only acceptable set of methods; there will be other equally valid methods. Applicants and authorities should consider those methods, and alternative practices if and when they are proposed.

The FAA publishes additional guidance that may be used in combination with this document. Since aircraft electronic security requirements and regulations change, it is highly recommended that applicants contact the applicable certification offices (FAA or International Civil Aviation Authorities) to obtain the most recent guidance on the use of this document for certification projects.

Organization: RTCA, Inc.
Document Number: rtca do-326
Publish Date: 2014-08-06
Page Count: 88
Available Languages: EN
DOD Adopted: NO
ANSI Approved: NO
Most Recent Revision: YES
Current Version: YES
Status: Active

Document History

Document # Change Type Update Date Revision Status
RTCA DO-326 Change Type: STCH Update Date: 2010-12-08 Revision: 10 Status: INAC

This Standard References

Showing 10 of 28.

FAA AC 23.1309-1E
ISO/IEC 27002
NIST SP 800-115
NIST SP 800-131
NIST SP 800-30
NIST SP 800-37
NIST SP 800-57
view more

Standards That Reference This Standard

Showing 10 of 17.

FAA 77 FR 2343
FAA 77 FR 49851
FAA 80 FR 5880
FAA AC 20-140C
view more