Standard: RTCA DO-356


This standard is available for individual purchase.

or unlock this standard with a subscription to IHS Standards Expert

IHS Standards Expert subscription, simplifies and expedites the process for finding and managing standards by giving you access to standards from over 370 standards developing organizations (SDOs).

  • Maximize product development and R&D with direct access to over 1.6 million standards
  • Discover new markets: Identify unmet needs and discover next-generation technologies
  • Improve quality by leveraging consistent standards to meet customer and market requirements
  • Minimize risk: Mitigate liability and better understand compliance regulations
  • Boost efficiency: Speed up research, capture and reuse expertise
For additional product information, visit the IHS Standards Expert page.

For more information or a custom quote, visit the IHS Contact Us page for regional contact information.

Airworthiness security is the protection of the airworthiness of an aircraft from intentional unauthorized electronic interference. This includes the consequences of malware and forged data and of access of other systems to aircraft systems.

This guidance provides methods and considerations for securing airworthiness during the aircraft development life cycle from project initiation until the Aircraft Type Certificate is issued for the aircraft type design. It was developed in the context of DO-326A/ED-202A "Airworthiness Security Process Specification" which addresses type certification considerations during the first three life cycle stages of an aircraft type (Initiation, Development or Acquisition, and Implementation) and DO-355/ED-204, "Information Security Guidance for Continuing Airworthiness" which addresses airworthiness security for continued airworthiness.

It is intended to be used in conjunction with other applicable guidance material, including SAE ARP 4754A/ED-79A, SAE ARP 4761/ED-135, DO-178C/ED-12C, and DO-254/ED-80 and with the advisory material associated with FAA AC 25.1309-1A and EASA AMC 25.1309, in the context of part 25 for Transport Category Airplanes which include an approved passenger seating configuration of more than 19 passenger seats. This guidance is not intended for CFR parts 23, 27, 29, 33.28, and 35.15, normal, utility, acrobatic, and commuter category airplanes, normal category rotorcraft, transport category rotorcraft, engines, and propellers.

This document does not address:

a. Physical security or physical attacks on the aircraft (or ground element),

b. Airport, Airline or Air Traffic Service Provider security (e.g., access to airplanes, ground control facilities, data centers),

c. Communication, navigation, and surveillance services managed by national agencies or their international equivalents (e.g., GPS, SBAS, GBAS, ATC communications, ADS-B).

The methods and considerations of this document address the assessment of the acceptability of the airworthiness security risk and the design and verification of the airworthiness security attributes as related to system safety and airworthiness. Other aspects of information security for aerospace systems that do not affect the airworthiness security of the type design are excluded. Recommendations for handling those aspects can be found in other guidance.

More specifically, this guidance addresses the following areas.

It provides guidance for accomplishing the activities identified in DO-326A/ED-202A in the areas of Security Risk Assessment and Effectiveness Assurance.

It provides specific methods for Security Risk Analysis and managing technical requirements for Network Security Domains.


This document describes guidelines, methods and tools used in performing an airworthiness security process. The guidelines, methods and tools presented are not intended to be exhaustive and can be expected to be updated with additional methods and considerations, including those needed to meet evolving regulatory assumptions. Applicants can propose alternative practices for consideration by the authorities. Practices for airworthiness security are still undergoing evolution and refinement as new features are deployed and the security threat itself evolves.

RTCA/EUROCAE documents on Aeronautical Systems Security will address information security for the overall Aeronautical Information System Security (AISS) of airborne systems with related ground systems and environment. This guidance material is for equipment manufacturers, aircraft manufacturers, and anyone else who is applying for an initial Type Certificate (TC), and afterwards ( e.g. for Design Approval Holders (DAH)), Supplemental Type Certificate (STC), Amended Type Certificate (ATC) or changes to Type Certification for installation and continued airworthiness for aircraft systems, and is derived from understood best practice.

Organization: RTCA, Inc.
Document Number: rtca do-356
Publish Date: 2014-09-23
Page Count: 80
Available Languages: EN
DOD Adopted: NO
ANSI Approved: NO
Most Recent Revision: YES
Current Version: YES
Status: Active

This Standard References

Showing 10 of 23.

view more

Standards That Reference This Standard

Showing 7 of 7.

FAA 80 FR 5880
FAA 81 FR 20049
FAA AC 20-140C
FAA 82 FR 32600A
FAA 82 FR 37285
FAA 82 FR 48737
FAA 83 FR 4118