RTCA DO-326A / EUROCAE ED-202A — Airworthiness Security Process Specification

DO-326A

Section 07: The Big Standards Map

Definition

A standard that defines the airworthiness security process for aircraft systems, addressing intentional unauthorized electronic interactions (IUEI) — cybersecurity threats — that could affect the safety of the aircraft. DO-326A establishes a security risk assessment process that evaluates how threat agents could exploit vulnerabilities in aircraft systems to cause failure conditions. The standard defines security objectives commensurate with safety impact: systems whose compromise could lead to catastrophic failure conditions require the most rigorous security measures. DO-326A integrates security considerations into the existing safety assessment framework of ARP4754B and ARP4761A.

Where This Shows Up

As aircraft systems become increasingly connected (electronic flight bags, satellite communications, wireless maintenance systems, airline information services), the cybersecurity threat landscape has expanded. DO-326A / ED-202A provides the framework for ensuring that security threats are addressed as part of the airworthiness certification process. This is distinct from airline operational security (covered by other standards); DO-326A focuses specifically on security as it relates to the continued airworthiness of the aircraft type design.

Primary Sources

RTCA DO-326A (2014) / EUROCAE ED-202A — Airworthiness Security Process Specification

The primary document defining the airworthiness security process for aircraft and systems certification.

FAA AC 20-172A — Airworthiness SecurityFAA

FAA Advisory Circular addressing airworthiness security expectations and referencing DO-326A.

Across Jurisdictions

FAA (United States)

14 CFR 25.1319; AC 20-172A

FAA increasingly requires airworthiness security assessment for connected aircraft systems, referencing DO-326A as the acceptable process. Special Conditions for aircraft cybersecurity have been issued for recent type certifications.

EASA (Europe)ED-202A

AMC 20-42

EASA references ED-202A through AMC 20-42 and has issued Certification Specifications addressing airworthiness security.

EASA has been somewhat more prescriptive in requiring security assessments for new type certificates and major modifications.

Related Terms

RTCA DO-356A / EUROCAE ED-203A — Airworthiness Security Methods and Considerations (DO-356A)RTCA DO-355 — Information Security Guidance for Continuing Airworthiness (DO-355)SAE ARP4754B — Guidelines for Development of Civil Aircraft and Systems (ARP4754B)SAE ARP4761A — Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment (ARP4761A)

Need help navigating certification?

Understanding the terminology is the first step. If you need expert guidance on DO-178C, DO-254, ARP4754B, or any aspect of FAA, EASA, or TCCA certification, our team is here to help.