RTCA DO-355 — Information Security Guidance for Continuing Airworthiness

DO-355

Section 07: The Big Standards Map

Definition

A standard that provides guidance on managing information security aspects related to the continuing airworthiness of aircraft throughout their operational life. While DO-326A and DO-356A address security during type design and certification, DO-355 addresses the ongoing security management after the aircraft enters service. This includes guidance on monitoring for new threats and vulnerabilities, assessing the airworthiness impact of security events, managing security patches and updates, and maintaining the effectiveness of security measures over the aircraft's operational life.

Where This Shows Up

Security threats evolve continuously — new vulnerabilities are discovered, and new attack techniques emerge. DO-355 addresses the need for ongoing security management after initial certification, ensuring that the aircraft's security posture remains effective throughout its operational life. This aligns with the broader continuing airworthiness framework that already addresses structural integrity, system reliability, and aging aircraft concerns.

Primary Sources

RTCA DO-355 (2014) — Information Security Guidance for Continuing Airworthiness

The primary document addressing post-certification airworthiness security management.

Related Terms

RTCA DO-326A / EUROCAE ED-202A — Airworthiness Security Process Specification (DO-326A)RTCA DO-356A / EUROCAE ED-203A — Airworthiness Security Methods and Considerations (DO-356A)

Need help navigating certification?

Understanding the terminology is the first step. If you need expert guidance on DO-178C, DO-254, ARP4754B, or any aspect of FAA, EASA, or TCCA certification, our team is here to help.