NPA 2019-07

Management of information security risks

The objective of this rulemaking task (RMT) is to efficiently contribute to the protection of the aviation system from cyberattacks and their consequences. To achieve this objective, this Notice of Proposed Amendments (NPA) proposes the introduction of provisions for the management of information security risks related to aeronautical information systems used in civil aviation. These provisions shall apply to competent authorities and organisations in all aviation domains (i.e. design, production, management of continuing airworthiness, maintenance, air operations, aircrew, air traffic management/air navigation services (ATM/ANS), and aerodromes), shall include high-level, performance-based requirements, and shall be supported by acceptable means of compliance (AMC), guidance material (GM), and industry standards.

NOTE:  For the purpose of this NPA, information security risks are those that may compromise the confidentiality, integrity and availability of information being stored, transmitted or processed through the aeronautical information systems used in civil aviation.