Introducing RTCA's Security Standards and Training Partnership
NEW! Security Courses on RTCA Security Documents DO-391, DO-392 and DO-393. More details below.
Discover a world of advanced security solutions with RTCA.
We are proud to have published a comprehensive collection of security standards documents, with an exciting lineup scheduled for release in 2023. RTCA’s security documents tackle critical aspects of airworthiness security methods and considerations, offering invaluable guidance to ensure the utmost safety and resilience of aviation systems.
We have forged a strategic partnership with Wichita State University’s National Institute for Aviation Research. Together, we are dedicated to empowering professionals with in-depth training on multiple vital security standards. We aim to cultivate a community that is well-equipped to address the evolving challenges of aviation security.
Stay at the forefront of aviation security and explore the initiatives of RTCA. Unleash the potential of your organization with our cutting-edge standards and comprehensive training programs.
DO-326(), Airworthiness Security Process Specification
Originally published in 2010, the guidance of this document is intended to augment current guidance for aircraft certification to handle the information security threat to aircraft safety. DO-326A was published in 2014. This newer version, along with the other Airworthiness Security Documents listed below, will be part of an FAA SC concurrently with the rule.
Additional Security Documents and Training
Referenced in AC119-1 (being updated for DO-355A) and in relevant FAA Inspector Guidance 8900.1.
The guidance provided by this joint document is intended to constitute an Acceptable Means of Compliance for approving information security aspects of Continuing Airworthiness activities performed by Design Approval Holders and Operators. This document provides guidance for the operation and maintenance of aircraft and for organizations and personnel involved in these tasks. It is intended to support the responsibilities of the Design Approval Holder (DAH) to obtain a valid airworthiness certificate and aircraft operators to maintain their aircraft to demonstrate that the effects on the safety of the aircraft of information security threats are confined within acceptable levels. As all information security threats may have an intentional origin, this document also covers Intentional Unauthorized Electronic Interaction (IUEI).
This document is the joint product of two industry committees: the EUROCAE Working Group WG-72, titled “Aeronautical Systems Security” and the RTCA Special Committee SC-216, also titled “Aeronautical Systems Security”. This document provides a set of methods and guidelines that may be used within the airworthiness security process defined in RTCA DO-326A / EUROCAE ED-202A, Airworthiness Security Process Specification. It is recognized that alternative methods to the processes described or referenced in this document may be available to an organization desiring to obtain certification. This document does not provide guidelines concerning the structure of an individual organization or how the responsibilities for certification activities are divided. No such guidance should be inferred from the descriptions provided.
This document is concerned with the overarching context of the shared responsibility for Aeronautical Information System Security (AISS) through the identification and description of topics which have to be addressed. It deals with shared responsibility of all relevant stakeholders who are part of civil aviation. The purpose of security in this context should be understood as ensuring safety of flight and maintaining the operation of the civil aviation infrastructure without significant disruption.
This document provides guidance on security event management for various stakeholders in the aviation environment such as manufacturers, operators, maintainers, product suppliers, service providers, etc., to develop processes and procedures for identifying, responding to and reporting information security events impacting aviation safety. The guidelines in this document were developed with the intent to provide Acceptable Means of Compliance to EASA’s proposed Part IS which intends to establish a regulation requiring approved organizations to implement an Information Security Management System including (Security) Occurrence Reporting analogous to Safety Management System with (Safety) Occurrence Reporting. Other regulations may also apply. Organizations may elect to apply Information Security Event Management processes for operational or other business needs.
This document will guide an organization that manages and operates Air Traffic Management (ATM) and Air Navigation Systems (ANS) ground-to-ground and ground-to-air systems and services in becoming approved for operations by a Civil Aviation Appropriate Authority (AA).
SC-216, Aeronautical Information Systems Security
SC-216, Aeronautical Information Systems Security, established June 26, 2007, to develop airworthiness security methods and considerations. Based on the 2016 Aviation Rulemaking Advisory Committee (ARAC) Aircraft System Information Security / Protection (ASISP) working group report, the committee was asked to work with EUROCAE WG-72 to harmonize recommendations and guidance material to help ensure safe, secure and efficient operations amid the growing use of highly integrated electronic systems and network technologies used on-board aircraft, for CNS/ATM systems, and air carrier operations and maintenance. They have published nine documents and are currently tasked with four additional documents.
To view upcoming committee meetings, click here.
Updates on the Horizon
DO-326B, Airworthiness Security Process
DO-392A, Guidance on Security Event Management
New Document, Information Security Management System Guidance
New Document, Data Security Minimum Operational Performance Standards