Sofema Aviation Services (SAS) considers a number of core documents used in support of EASA compliant cyber security initiatives.
AMC 20-42 Airworthiness Information Security Risk Assessment
Date: June 2023
Description: Guidance for assessing airworthiness information security risks, including threats and mitigations.
COMMISSION DELEGATED REGULATION (EU) 2022/1645
Date: July 2022
Description: Rules for managing aviation information security risks impacting safety.
COMMISSION IMPLEMENTING REGULATION (EU) 2023/203
Date: October 2022
Description: Defines information security risk management requirements for aviation organizations.
COMMISSION IMPLEMENTING REGULATION (EU) 2024/2690
Date: October 2024
Description: NIS2 Directive compliance for cybersecurity risk management measures.
Data4Safety Programme (D4S)
Date: August 2022
Description: EASA initiative integrating safety and cybersecurity data for systemic risk management.
ED Decision 2023/008/R
Date: 2023
Description: AMC/GM supporting implementation of Part-IS aviation cybersecurity regulations.
ED Decision 2023/009/R
Date: 2023
Description: AMC/GM for Part-IS Design Organisation Requirements (IS.D.OR).
ED Decision 2023/010/R
Date: 2023
Description: AMC/GM for Part-IS Organisation Requirements (IS.I.OR).
EASA Part-IS Practical Implementation Guide
Date: 2023
Description: Practical guidance for integrating Part-IS requirements with aviation SMS.
Easy Access Rules for Information Security (EASA)
Date: August 2024
Description: Consolidated EU rules for aviation information security, including Part-IS.
ICAO Annex 17 – Aviation Security (12th Edition)
Date: July 2022
Description: SARPs for safeguarding civil aviation, including cybersecurity measures.
ISO/IEC 27001:2022
Date: October 2022
Description: International ISMS standard for managing information security risks.
ISO/IEC 27002:2022
Date: February 2022
Description: Implementation guidelines for ISO 27001 controls.
ISO/IEC 27003:2022
Date: 2022
Description: Implementation guidance for ISO/IEC 27001-compliant ISMS.
ISO/IEC 27004:2022
Date: 2022
Description: Guidelines for ISMS monitoring, measurement, and evaluation.
ISO/IEC 27005:2022
Date: 2022
Description: Guidance for managing information security risks.
ISO/IEC 27017:2015
Date: December 2015
Description: Security controls for cloud services.
ISO/IEC 27018:2019
Date: 2019
Description: Protection of personal data in public cloud environments.
ISO/IEC 27701:2019
Date: 2019
Description: Privacy Information Management Systems (PIMS) aligned with ISO 27001.
ISO/IEC 31000:2018
Date: 2018
Description: Principles and guidelines for risk management.
NIS2 Directive (EU) 2022/2555
Date: December 2022
Description: EU directive ensuring high cybersecurity levels for critical infrastructure.
RTCA/DO-326A & EUROCAE ED-202A
Date: 2014
Description: Airworthiness security process specifications.
RTCA/DO-355 & EUROCAE ED-204
Date: 2014
Description: Continued airworthiness security guidelines for aviation systems.
RTCA/DO-356A & EUROCAE ED-203A
Date: 2018
Description: Detailed methods for conducting aviation security assessments.
Next Steps
- Follow this link to our Library to find & download related documents for Free.
- See the following 2 day course https://sassofia.com/course/implementing-information-cyber-security-program-easa-part-145-organization-2-days/ for comments or questions please email [email protected]
Tags:
EASA, Aviation Security, SAS blogs, EASA Part IS, Data4Safety, ICAO Annex 17, information security risks, (EU) 2023/203, (EU) 2022/1645, 2023/008/R, 2023/009/R, 2023/010/R, RTCA/DO
