U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION. National Policy

Similar documents
9/16/ CHG 213 VOLUME 3 GENERAL TECHNICAL ADMINISTRATION CHAPTER 61 AIRCRAFT NETWORK SECURITY PROGRAM

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION National Policy

7/27/ CHG 605 VOLUME 4 AIRCRAFT EQUIPMENT AND OPERATIONAL AUTHORIZATIONS

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION N

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION. National Policy

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION. National Policy

COVER SHEET. Reduced Vertical Separation Minimum (RVSM) Information Sheet Part 91 RVSM Letter of Authorization

RECOMMENDED FIELD APPROVAL APPLICATION Portland Flight Standards District Office

Aero Design Battery Shop

Initiated By: AFS-400

COVER SHEET. Reduced Vertical Separation Minimum (RVSM) Information Sheet Part 91 RVSM Letter of Authorization

TERMS OF REFERENCE Special Committee (SC) 216 Aeronautical Systems Security (Revision 8)

SUPERSEDED. [Docket No. FAA ; Directorate Identifier 2008-NM-061-AD; Amendment ; AD ]

INTERNATIONAL CIVIL AVIATION ORGANIZATION FIRST MEETING OF DIRECTORS OF CIVIL AVIATION OF THE CARIBBEAN REGION (CAR/DCA/1)

a. Regulations. Refer to the following regulations in 14 CFR generally applicable to satisfying or making a finding of compliance.

Glossary and Acronym List

Amendment Docket No. FAA ; Directorate Identifier 2006-NM-164-AD

INSTRUCTIONS FOR COMPLETING THE CONFORMITY INSPECTION PLAN

[Docket No. FAA ; Product Identifier 2018-NM-179-AD; Amendment ; AD ]

ORDER National Policy Effective Date: 10/15/2015. Type Certificate Data Sheet (TCDS) Notes SUBJ:

Subject: Automatic Dependent Surveillance-Broadcast (ADS-B) Operations and Operational Authorization

AIRWORTHINESS CERTIFICATION OF AIRCRAFT AND RELATED PRODUCTS. 1. PURPOSE. This change is issued to incorporate revised operating limitations.

Policy Letter (PL) Global Positioning System (GPS) Equipment and Installation Approval

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION National Policy

Amendment Docket No. FAA ; Directorate Identifier 2008-NM-045-AD

[Docket No. FAA ; Product Identifier 2018-NM-176-AD; Amendment ; AD ]

[Docket No. FAA ; Directorate Identifier 2011-NM-039-AD; Amendment

FAA RNP 10 JOB AID With FAA Order B References (20 May 2010)

TABLE OF CONTENTS 1.0 INTRODUCTION...

Performance Based Communication and Surveillance

2. CANCELLATION. AC 39-7B, Airworthiness Directives, dated April 8, 1987, is canceled.

[Docket No. FAA ; Product Identifier 2017-CE-042-AD] Airworthiness Directives; GA 8 Airvan (Pty) Ltd Airplanes

[Docket No. FAA ; Product Identifier 2018-NM-039-AD] AGENCY: Federal Aviation Administration (FAA), DOT.

CAAC Continuing Airworthiness of Domestic Designed Transport Airplanes

[Docket No. FAA ; Directorate Identifier 2007-NM-291-AD; Amendment ; AD R1]

THE BOEING COMPANY

[Docket No. FAA ; Product Identifier 2017-NM-094-AD; Amendment ; AD ]

Dave Burr - AFS-260. Steve Gibbs AFS-300

[Docket No. FAA ; Product Identifier 2018-NM-176-AD; Amendment ; AD ]

TCAA-AC-AWS021B. March 2014 ACCEPTANCE OF FOREIGN AIRWORTHINESS CODE FOR TYPE CERTIFICATE AND DATA SHEET 1.0 PURPOSE

THE BOEING COMPANY

STANDARDIZED PROCEDURES FOR REQUESTING FIELD APPROVAL OF DATA, MAJOR ALTERATIONS, AND REPAIRS

[Docket No. FAA ; Directorate Identifier 2015-NM-108-AD; Amendment ; AD ]

[Docket No. FAA ; Directorate Identifier 2007-NM-027-AD; Amendment ; AD ]

[Docket No. FAA ; Directorate Identifier 2008-NM-108-AD; Amendment ; AD ]

Department of Defense DIRECTIVE

[Docket No. FAA ; Directorate Identifier 2012-NM-006-AD; Amendment ; AD ]

[Docket No. FAA ; Product Identifier 2017-NM-168-AD; Amendment ; AD ]

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION National Policy

[Docket No. FAA ; Directorate Identifier 2007-NM-031-AD; Amendment ; AD ]

Advisory Circular. 1.1 Purpose Applicability Description of Changes... 2

October 19, Multiple part identification issue. Dear Steve and Terry:

Advisory Circular. U.S. Department of Transportation Federal Aviation Administration

Technical Standard Order

SERVICE ADVISORY. NO.: 0608 Revision A. All Garmin Aviation Service Centers

[Docket No. FAA ; Directorate Identifier 2013-NM-081-AD] Airworthiness Directives; The Boeing Company Airplanes

[Docket No. FAA ; Product Identifier 2018-NM-136-AD; Amendment ; AD ]

[Docket No. FAA ; Directorate Identifier 2006-NM-180-AD; Amendment ; AD ]

Navigating your way through the process. Presented by: Mike Mertens DAR ODA MRA Administrator Manager of Regulatory Compliance Duncan Aviation

SUPERSEDED. [Docket No. 98 ANE 61 AD; Amendment ; AD ]

Advisory Circular. Aircraft Certification Authority Based on Foreign Qualifications

[Docket No. FAA ; Directorate Identifier 2016-NM-155-AD; Amendment. AGENCY: Federal Aviation Administration (FAA), DOT.

Operations Specifications

BOMBARDIER, INC (FORMERLY CANADAIR)

NIGHT VISION. Requirements, Approvals, Maintenance. Federal Aviation Administration IMAGING (NVIS)

[Docket No. FAA ; Directorate Identifier 2005-NM-056-AD; Amendment ; AD ]

SUPERSEDED [ U] DEPARTMENT OF TRANSPORTATION. Federal Aviation Administration. 14 CFR Part 39 [66 FR /5/2001]

MD HELICOPTERS, INC.

[Docket No. FAA ; Product Identifier 2017-NM-074-AD; Amendment ; AD ]

Prepared by: James Marks, ADS-B Focus Team Lead, AFS-360, (202) Installation Approval for ADS-B OUT Systems

[Docket No. FAA ; Directorate Identifier 2008-NM-103-AD; Amendment ; AD ]

BOMBARDIER, INC. (FORMERLY CANADAIR)

[Docket No. FAA ; Directorate Identifier 2007-NM-204-AD; Amendment ; AD ]

SUPERSEDED. [Docket No. FAA ; Directorate Identifier 2007-NM-141-AD; Amendment ; AD ]

[Docket No. FAA ; Directorate Identifier 2007-SW-07-AD; Amendment ; AD ]

Advisory Circular. U.S. Department of Transportation Federal Aviation Administration

The Aviation Rulemaking Committee is changing. how airworthiness directives are developed and implemented.

Applicability / Compatibility of STPA with FAA Regulations & Guidance. First STAMP/STPA Workshop. Federal Aviation Administration

Flight Operations Inspector Manual

[Docket No. FAA ; Directorate Identifier 2015-NM-124-AD] Airworthiness Directives; The Boeing Company Airplanes

[Docket No. FAA ; Directorate Identifier 2016-CE-015-AD; Amendment. Airworthiness Directives; PILATUS AIRCRAFT LTD.

[Docket No. FAA ; Product Identifier 2018-NM-025-AD; Amendment ; AD ]

BAE SYSTEMS (OPERATIONS) LIMITED

April 3, Subject: Instructions for Continued Airworthiness. To Whom It May Concern:

Cargo Certification Process

[Docket No. FAA ; Directorate Identifier 2007-NM-047-AD; Amendment ; AD ]

Advisory Circular. Canada and United States Bilateral Aviation Safety Agreement Maintenance Implementation Procedures

Adding your Aircraft to a 14CFR 135 Operating Certificate

[Docket No. FAA ; Product Identifier 2018-SW-041-AD; Amendment ; AD ]

[Docket No. FAA ; Product Identifier 2017-NM-051-AD; Amendment ; AD ]

[Docket No. FAA ; Product Identifier 2017-NM-090-AD; Amendment ; AD ]

HONEYWELL, INC.

[Docket No. FAA ; Directorate Identifier 2016-NM-116-AD; Amendment ; AD ]

Memorandum of Understanding

[Docket No. FAA ; Directorate Identifier 2014-NM-034-AD; Amendment ; AD ]

Do You Know the Definition of Airworthy? How do you Know?

[Docket No. FAA ; Directorate Identifier 2012-NM-218-AD] AGENCY: Federal Aviation Administration (FAA), DOT.

VOLUME 4 AIRCRAFT EQUIPMENT AND OPERATIONAL AUTHORIZATIONS CHAPTER 9 SELECTED FIELD APPROVALS

AIRWORTHINESS CERTIFICATION OF AIRCRAFT AND RELATED PRODUCTS. September 30, 1999 DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION

[Docket No. FAA ; Directorate Identifier 2008-NM-022-AD; Amendment ; AD ]

Transcription:

NOTICE U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION National Policy N 8900.189 Effective Date: 5/31/12 Cancellation Date: 5/31/13 SUBJ: New OpSpec D301, Aircraft Network Security Program (ANSP) 1. Purpose of This Notice. This notice introduces a new operations specification (OpSpec) D301, Aircraft Network Security Program (ANSP), to support the operation of Next Generation (NextGen) e-enabled aircraft. 2. Audience. The primary audience for this notice includes principal inspectors (PI) in the Flight Standards District Offices (FSDO) and certificate management offices (CMO). The secondary audience includes aviation safety inspectors (ASI) in Flight Standards Service (AFS) branches and divisions in the regions, in headquarters (HQ), and in Aircraft Evaluation Groups (AEG); PIs in the International Field Offices (IFO); and ASI course managers at the Federal Aviation Administration (FAA) Academy (AMA) Regulatory Standards Division. 3. Where You Can Find This Notice. You can find this notice on the MyFAA employee Web site at https://employees.faa.gov/tools_resources/orders_notices. Inspectors can access this notice through the Flight Standards Information Management System (FSIMS) at http://fsims.avs.faa.gov. Operators can find this notice on the FAA s Web site at http://fsims.faa.gov. This notice is available to the public at http://www.faa.gov/regulations_policies/orders_notices. 4. Background. a. New Use of Technology. Previously, aircraft designers used aviation (ARINC 429/ARINC 629) or military standard (MIL-STD-1553) data buses to interconnect flight-critical avionics systems. Transmission Control Protocols (TCP) and/or Internet Protocols (IP) were used only to support the passenger information and entertainment systems, which were physically and logically separated from the flight-critical avionics systems. New aircraft designs use TCP/IP technology for the main aircraft backbone, connecting flight-critical avionics and passenger information and entertainment systems in a manner that virtually makes the aircraft an airborne, interconnected network domain server. b. External System and Digital Data Bus (DDB) Access. The architecture of this airborne network may allow access to external systems and networks, such as wireless airline operations and maintenance systems, satellite communications (SATCOM), email, the World Wide Web, etc. Onboard wired and wireless devices may also have access to portions of the aircraft s DDBs that provide flight-critical functions. Distribution: Electronic Only Initiated By: AFS-300

c. Reasons for Aircraft Security Document. Aircraft using TCP/IP technology in this manner are commonly referred to as e-enabled aircraft. The design of these e-enabled aircraft makes it difficult to maintain the certificated configuration of the aircraft without following procedures documented in an aircraft network security program (ANSP). OpSpec D301 is necessary to verify that operators have the skills, tools, and procedures in place to accomplish the requirements of the manufacturer s aircraft security document and the recommended best practices appropriate to their operations. Note: The description of e-enabled aircraft refers to any aircraft produced or modified that require the manufacturer or design approval holder (DAH) to obtain FAA approval for the security guidance document provided to the operator; e.g., the B-787-8, B-747-8, A-350, and A-380 aircraft. (This example is not all-inclusive.) d. Regulatory Requirements. The existing regulations did not anticipate this type of system architecture or electronic access to aircraft systems that provide flight-critical functions. Title 14 of the Code of Federal Regulations (14 CFR) and current system safety assessment policies and techniques do not address potential cyber security vulnerabilities that could be caused by unauthorized access to aircraft data buses and servers. In accordance with 14 CFR part 11, 11.19 (as described in 14 CFR part 21, 21.16), aircraft network systems are certificated through various means, including but not limited to type certificates (TC) and Supplemental Type Certificates (STC) that include special condition requirements (as with Boeing aircraft), and the Airworthiness Limitation Section (ALS) of the instructions for continued airworthiness (ICA) (as with Airbus aircraft). 5. New OpSpec D301. The Aircraft Maintenance Division (AFS-300) created a new OpSpec D301 for 14 CFR parts 121, 121/135, 125, and 129 that will include sections for each aircraft model, the associated manufacturer s aircraft security document, and the certificate holder s respective ANSP document. Note: OpSpec D301 applies to part 125 certificate holders and does not apply to 125M Letter of Deviation Authority (LODA) holders. It applies to U.S.-registered aircraft operated under part 129 and does not apply to part 129 operators that do not have U.S.-registered aircraft. It applies to all aircraft operated under part 129, 129.14. a. ANSP Authorization. The new OpSpec D301 is the means by which the principal avionics inspector (PAI) will authorize the operator s ANSP, including pertinent revisions to its Continuous Airworthiness Maintenance Program (CAMP). b. ANSP Acceptance. PAIs are responsible for acceptance of the program with the concurrence of the other assigned PIs and the responsible Avionics Branch (AFS-360) ASI. Personnel from the Aviation Safety Information Technology Division (AQS-200) will support AFS-360 in the evaluation. 2

Note: Concurrence of ASIs in other specialties is required to ensure that all aspects of training are addressed and that the full impact of the e-enabled configuration of the aircraft is assessed. c. Meeting ANSP Requirements. Upon official notification that an operator intends to add e-enabled aircraft or systems to their fleet, the PAI must consult AFS-360 at 202-385-4292. This will provide for early coordination to ensure that all program requirements are met prior to issuing OpSpec D301. Note: As new e-enabled aircraft are delivered to operators, AFS-360 is taking a proactive approach to reach out to affected PAIs to inform, educate, and assist them in initial implementation of OpSpec D301. d. PAI Responsibility. The new OpSpec D301 requires the PAI to submit the operator s ANSP document to AFS-360 for evaluation and concurrence prior to issuance of the OpSpec. It allows the PAI to select the applicable aircraft model and to accomplish authorizations applicable to the associated manufacturer s aircraft security document and the certificate holder s associated ANSP document. Each manufacturer s listed aircraft security document will have the current revision date, document number, and name, as applicable. Each ANSP document will be identified according to the certificate holder s manual system. The PAI should select the appropriate aircraft model and insert the associated document information for the respective security program. Table 1. OpSpec D301, Aircraft M/M/S B-787-8 Boeing November 25, 2009 B-747-8 Boeing Doc. No. D925U723-01, Original, November 11, 2011 A-380 Airbus A380 Airworthiness Limitations Section, ALS Part 6, Aircraft Information System Security, Rev. 3, August 26, 2009 ABC Airlines Company Manual XYZ, Chapter 46, Section 1 ABC Airlines Company Manual XYZ, Chapter 46, Section 2 ABC Airlines Company Manual XYZ, Chapter 46, Section 3 6. Changes to Policy and Guidance. FAA Order 8900.1 is revised concurrently with the publication of this notice to include a new Volume 3, Chapter 61, Aircraft Network Security Program. 7. Action. PAIs will ensure that their assigned operators address all of the special conditions or airworthiness limitations during compliance inspections prior to accepting delivery of e-enabled aircraft. Additionally, OpSpec D301 should be issued when the operator s ANSP is authorized, and before placing the aircraft in service. 3

8. Disposition. We will incorporate the information in this notice into FAA Order 8900.1 before this notice expires. Direct questions concerning the information in this notice to AFS-360 at 202-385-4292 or AFS-300 at 202-385-6435. for John M. Allen Director, Flight Standards Service 4

Appendix A Appendix A: OpSpec D301, Aircraft Network Security Program (ANSP): 14 CFR Part 121 a. The certificate holder is authorized to conduct operations using aircraft subject to a manufacturer s FAA/CAA-approved aircraft security document provided the following conditions are met. 1. The aircraft network security program (ANSP) listed in Table 1 shall be included in the certificate holder s manual. 2. The certificate holder will implement all requirements of the manufacturer s aircraft security document, along with the recommendations appropriate to its operations. 3. The certificate holder will revise their ANSP within 30 days after the manufacturer s aircraft security document is revised. 2. Ensure that security threats specific to the certificate holder s operations are identified and assessed, and that risk mitigation strategies are implemented to ensure the continued airworthiness of the aircraft. A-300-B2203 A-319-112 A700 B-737-4B7 B-757-2B7 DC-9-81 F-28-MK0100 Please enter the ANSP document name and section references (e.g., ABC Airlines Company Manual XYZ, Chapter 46, Section 1). Enter optional text for nonstandard paragraph authorization. A-1

Appendix B Appendix B: OpSpec D301, Aircraft Network Security Program (ANSP): 14 CFR Part 125 a. The certificate holder is authorized to conduct operations using aircraft subject to a manufacturer s FAA/CAA-approved aircraft security document provided the following conditions are met. 1. The aircraft network security program (ANSP) listed in Table 1 shall be included in the certificate holder s manual. 2. The certificate holder will implement all requirements of the manufacturer s aircraft security document, along with the recommendations appropriate to its operations. 3. The certificate holder will revise their ANSP within 30 days after the manufacturer s aircraft security document is revised. 2. Ensure that security threats specific to the certificate holder s operations are identified and assessed, and that risk mitigation strategies are implemented to ensure the continued airworthiness of the aircraft. AERSTR-RX-6 AN-AN-2 AR-11-AC B-737-200 BE-100-100 CV-440-580STC MU-2B-10 Enter the ANSP document name and section references (e.g., ABC Airlines Company Manual XYZ, Chapter 46, Section 1). Enter optional text for nonstandard paragraph authorization. B-1

Appendix C Appendix C: OpSpec D301, Aircraft Network Security Program (ANSP): 14 CFR Part 121/135 a. The certificate holder is authorized to conduct operations using aircraft subject to a manufacturer s FAA/CAA-approved aircraft security document provided the following conditions are met. 1. The aircraft network security program (ANSP) listed in Table 1 shall be included in the certificate holder s manual. 2. The certificate holder will implement all requirements of the manufacturer s aircraft security document, along with the recommendations appropriate to its operations. 3. The certificate holder will revise their ANSP within 30 days after the manufacturer s aircraft security document is revised. 2. Ensure that security threats specific to the certificate holder s operations are identified and assessed, and that risk mitigation strategies are implemented to ensure the continued airworthiness of the aircraft. AMD-20-D B-747-246B B-747-469 DC-9-15F DH-1040-2A Enter the ANSP document name and section references (e.g., ABC Airlines Company Manual XYZ, Chapter 46, Section 1). Enter optional text for nonstandard paragraph authorization. C-1

Appendix D Appendix D: OpSpec D301, Aircraft Network Security Program (ANSP): 14 CFR Part 129 a. The foreign air carrier is authorized to conduct operations using aircraft subject to a manufacturer s FAA/CAA-approved aircraft security document provided the following conditions are met. 1. The aircraft network security program (ANSP) listed in Table 1 shall be included in the foreign air carrier s manual. 2. The foreign air carrier will implement all requirements of the manufacturer s aircraft security document, along with the recommendations appropriate to its operations. 3. The foreign air carrier will revise their ANSP within 30 days after the manufacturer s aircraft security document is revised. 2. Ensure that security threats specific to the foreign air carrier s operations are identified and assessed, and that risk mitigation strategies are implemented to ensure the continued airworthiness of the aircraft. A-310-300 B-203-B DO-328-200 Enter the ANSP document name and section references (e.g., ABC Airlines Company Manual XYZ, Chapter 46, Section 1). Enter optional text for nonstandard paragraph authorization. D-1

Appendix E Appendix E: OpSpec D301, Aircraft Network Security Program (ANSP): 14 CFR Part 129, 129.14 a. The foreign air carrier or foreign person is authorized to conduct operations using aircraft subject to a manufacturer s FAA/CAA-approved aircraft security document provided the following conditions are met. 1. The aircraft network security program (ANSP) listed in Table 1 shall be included in the foreign air carrier or foreign person s manual. 2. The foreign air carrier or foreign person will implement all requirements of the manufacturer s aircraft security document, along with the recommendations appropriate to its operations. 3. The foreign air carrier or foreign person will revise their ANSP within 30 days after the manufacturer s aircraft security document is revised. 2. Ensure that security threats specific to the foreign air carrier or foreign person s operations are identified and assessed, and that risk mitigation strategies are implemented to ensure the continued airworthiness of the aircraft. A700 AR-7-S7CCM B-737-2N1 Enter the ANSP document name and section references (e.g., ABC Airlines Company Manual XYZ, Chapter 46, Section 1). E-1

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback