scope:

PURPOSE AND SCOPE

This document is concerned with the overarching context of the shared responsibility for Aeronautical Information Systems Security (AISS) through the identification and description of topics which have to be addressed. This responsibility is shared by all relevant stakeholders who are part of civil aviation. The purpose of security in this context shall be understood as ensuring safety of flight, and maintaining the operation of the civil aviation infrastructure without significant disruption.

It covers all areas of Civil Aviation relevant to this purpose, including aircraft design, production and operation (passenger and cargo), air traffic management, airports, maintenance repair and overhaul operations (MRO), aviation service providers, components (such as avionics hardware and software, databases, configuration data, etc.) and information (such as NOTAMS, weather, obstacles, routes & restrictions, manuals & charts, etc.) and the supply chains which these use and comprise.

Some of the concepts covered in this guidance relate to what should be done in civil aviation rather than to current practice. Since the concepts need to be implemented by partners across the civil aviation sector their adoption will initially be piecemeal, and the full benefit will not be achieved until a critical mass of stakeholders have adopted them. Early adopters will therefore need to bear this in mind, but they will be achieving increasing levels of benefit as the concepts are adopted. Also the extent to which the concepts are applicable will vary across civil aviation. For example some of them will have limited applicability to business and general aviation.

This document also provides an introduction to all documents related to Aeronautical Information Systems Security (AISS) published by EUROCAE, which are (at the time of publication):

ED-201 Aeronautical Information System Security Framework Guidance

ED-202A Airworthiness Security Process Specification

ED-203 Airworthiness Security Methods and Considerations

ED-204 Information Security Guidance for Continuing Airworthiness

In addition to these EDs, a Glossary will be published as a EUROCAE report, to serve as the centralized and normative Definition of Terms, shared by all EUROCAE documents addressing Aeronautical Information Systems Security. However, the published documents do not cover all aspects of AISS. EUROCAE may develop additional documents for other AISS aspects in the future. Identified potential topics include CNS/ATM security and supply chain security.

RTCA Inc. has published DO-326A, which has the same technical contents as ED-202A, and DO-355 has the same technical contents as ED-204.