ASTM F3532-22
(Practice)Standard Practice for Protection of Aircraft Systems from Intentional Unauthorized Electronic Interactions
Standard Practice for Protection of Aircraft Systems from Intentional Unauthorized Electronic Interactions
SIGNIFICANCE AND USE
4.1 The purpose of this practice is to establish methods that can be used to satisfy the Function and Installation requirements, and the Safety Requirements, provided in 4.1 and 4.2, respectively, in Specification F3061/F3061M.
4.2 Threat conditions that can cause Hazardous or Catastrophic failure conditions, including those that can propagate through interconnected systems causing Hazardous or Catastrophic failure conditions, are required to be addressed using this practice.
SCOPE
1.1 This practice covers methods for addressing Aircraft System Information Security Protection (ASISP) risks caused by Intentional Unauthorized Electronic Interactions (IUEIs). This practice was developed considering Level 1, Level 2, Level 3, and Level 4 normal category aeroplanes. The content may be more broadly applicable. It is the responsibility of the applicant to substantiate broader applicability as a specific means of compliance. The topics covered within this practice are threat identification, identifying security measures, conducting a security risk assessment, and security documentation.
1.2 An applicant intending to use this practice as means of compliance for a design approval must seek guidance from their respective oversight authority (for example, published guidance from applicable civil aviation authority (CAA)) concerning the acceptable use and application thereof. For information on which oversight authorities have accepted this practice (in whole or in part) as an acceptable Means of Compliance to their regulatory requirements (hereinafter “the Rules”), refer to the ASTM Committee F44 web page (www.astm.org/COMMITTEE/F44.htm).
1.3 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.
1.4 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.
General Information
Relations
Standards Content (Sample)
This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the
Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.
Designation: F3532 − 22
Standard Practice for
Protection of Aircraft Systems from Intentional
1
Unauthorized Electronic Interactions
This standard is issued under the fixed designation F3532; the number immediately following the designation indicates the year of
original adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. A
superscript epsilon (´) indicates an editorial change since the last revision or reapproval.
1. Scope is indicated. In all cases, later document revisions are accept-
able if shown to be equivalent to the listed revision, or if
1.1 This practice covers methods for addressing Aircraft
otherwise formally accepted by the governing CAA; earlier
System Information Security Protection (ASISP) risks caused
revisions are not acceptable.
by Intentional Unauthorized Electronic Interactions (IUEIs).
2
This practice was developed considering Level 1, Level 2, 2.2 ASTM Standards:
Level 3, and Level 4 normal category aeroplanes. The content F3060 Terminology for Aircraft
may be more broadly applicable. It is the responsibility of the F3061/F3061M Specification for Systems and Equipment in
applicant to substantiate broader applicability as a specific Small Aircraft
means of compliance. The topics covered within this practice F3230 Practice for Safety Assessment of Systems and
are threat identification, identifying security measures, con- Equipment in Small Aircraft
3
ductingasecurityriskassessment,andsecuritydocumentation.
2.3 EASA Standard:
AMC 20-42 Airworthiness Information Security Risk As-
1.2 An applicant intending to use this practice as means of
sessment
compliance for a design approval must seek guidance from
4
their respective oversight authority (for example, published
2.4 EUROCAE Standards:
guidance from applicable civil aviation authority (CAA))
ED-202A Airworthiness Security Process Specification
concerning the acceptable use and application thereof. For
ED-203A Airworthiness Security Methods and Consider-
information on which oversight authorities have accepted this
ations
practice (in whole or in part) as an acceptable Means of
ED-204A Information Security Guidance for Continuing
Compliance to their regulatory requirements (hereinafter “the
Airworthiness
Rules”), refer to the ASTM Committee F44 web page
5
2.5 FAA Advisory Circulars:
(www.astm.org/COMMITTEE/F44.htm).
AC 20-115D Airborne Software Development Assurance
1.3 This standard does not purport to address all of the
Using EUROCAE ED-12( ) and RTCA DO-178( )
safety concerns, if any, associated with its use. It is the
AC 20-153B Acceptance of Aeronautical Data Processes
responsibility of the user of this standard to establish appro-
and Associated Databases
priate safety, health, and environmental practices and deter-
AC 119-1 Airworthiness and Operational Approval of Air-
mine the applicability of regulatory limitations prior to use.
craft Network Security Program (ANSP)
1.4 This international standard was developed in accor-
6
2.6 RTCA Standards:
dance with internationally recognized principles on standard-
RTCA DO-326A Airworthiness Security Process Specifica-
ization established in the Decision on Principles for the
tion
Development of International Standards, Guides and Recom-
mendations issued by the World Trade Organization Technical
Barriers to Trade (TBT) Committee.
2
For referenced ASTM standards, visit the ASTM website, www.astm.org, or
contact ASTM Customer Service at service@astm.org. For Annual Book of ASTM
2. Referenced Documents
Standards volume information, refer to the standard’s Document Summary page on
the ASTM website.
2.1 Following is a list of external standards referenced
3
Available from European Union Aviation Safety Agency (EASA), Konrad-
throughoutthispractice;theearliestrevisionacceptableforuse
Adenauer-Ufer 3, D-50668 Cologne, Germany, https://www.easa.europa.eu.
4
Available from European Organisation for Civil Aviation Equipment
(EUROCAE), 9-23 rue Paul Lafargue, “Le Triangle” building, 93200 Saint-Denis,
1
This practice is under the jurisdiction of ASTM Committee F44 on General France, https://www.eurocae.net/.
5
Aviation Aircraft and is the direct responsibility of Subcommittee F44.50 on Available from Federal Aviation Administration (FAA), 800 Independence
Systems and Equipment. Ave., SW, Washington, DC 20591, http://www.faa.gov.
6
Current edition approved Feb. 1, 2022. Published February 2022. DOI: 10.1520/ Available from RTCA, Inc., 1150 18th NW, Suite 910, Washington, D.C.
F3532-22 20036, https://www.rtca.org.
Copyright © ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959. Uni
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.