Introduction to the Emerging & Required DO-326/ED-202-Set: Aviation-Cyber-Security Regulation for Safety

Wednesday 3rd November 2021


Aviation Security:  understanding what is required for new avionics/aircraft development and operations via the new mandatory DO-326A/ED-202A documents.  In this introduction, attendees will get a top-level review of the new “DO-326/ED-202 ecosystem” of emerging regulation.

The DO-326A/ED-202A set of documents is all about the mitigation of the aviation/aircraft safety effects of “Intentional Unauthorized Electronic Interaction (IUEI)”, a.k.a. “Cyber Threats”, and which were explicitly excluded from the classic DO-178/ED-12/ARP4754 set.

DO-326A/ED-202A & DO-356A/ED-203A focus upon type certification during the first three phases of an aircraft (including avionics) type: 1) Initiation, 2) Development or Acquisition, and 3) Implementation. Their companions DO-355/ED-204 focus upon security for continued airworthiness.

DO-326A/ED-202A currently has 3 (three) companion documents: ED-201, DO-355/ED-204 and DO-356A / ED-203A, and a few more planned. DO-326A / ED202A provide requirements and objectives in a similar fashion to DO-178C, DO-254, and ARP4754A; while the DO-326A guidance is just that, certification authorities increasingly assess DO-326A compliance as added requirements for aviation suppliers.
The DO-326A/ED-202A set currently applies to fixed-wing aircraft (Part 25), with clear FAA/EASA recommendations for the adaptation/tailoring of DO-326A/ED-202A for general aviation (Part 23),rotorcraft (Parts 27 and 29), engines (Part 33) and propellers (Part 35), and clear indications of it will increasingly being applied to these other aircraft including military beginning in 2022 or thereafter.


  • Top-level acquaintance with Information/”Cyber” security in general
  • Cybersecurity aspects of OT/ICAS
  • Aviation as a unique Cybersecurity case
  • Origins of Cybersecurity standards & regulation
  • The road to ED-202/DO-326: “Security as a Safety Aspect”
  • The top-level development process of the entire “ED-202/DO-326 set”, rationale behind the documents & relations with the “DO-178/ED-12 set”
  • Initial acquaintance with the documents:
    • ED-201: Aeronautical Information System Security (AISS) Framework Guidance
    • DO-326A/ED-202A: Airworthiness Security Process Specification
    • DO-356A/ED-203A: Airworthiness Security Methods and Considerations
    • DO-355/ED-204: Information Security Guidance for Continuing Airworthiness
    • ED-205: Process Standard for Security Certification/Declaration of Air Traffic Management/Air Navigation Services (ATM/ANS) Ground Systems
    • Planned new/revised documents
    • Where does current regulation stand
  • Where do we go from here – the expected regulatory landscape for the next years


Attendees may include all levels of aviation, aircraft, and avionics developers who must understand and comply with the new Security rules.