ASTM F 3532:2023

1.1 This practice covers methods for addressing Aircraft System Information Security Protection (ASISP) risks caused by Intentional Unauthorized Electronic Interactions (IUEIs). This practice was developed considering Level 1, Level 2, Level 3, and Level 4 normal category aeroplanes. The content may be more broadly applicable. It is the responsibility of the applicant to substantiate broader applicability as a specific means of compliance. The topics covered within this practice are threat identification, identifying security measures, conducting a security risk assessment, and security documentation. 1.2 An applicant intending to use this practice as means of compliance for a design approval must seek guidance from their respective oversight authority (for example, published guidance from applicable civil aviation authority (CAA)) concerning the acceptable use and application thereof. For information on which oversight authorities have accepted this practice (in whole or in part) as an acceptable Means of Compliance to their regulatory requirements (hereinafter "the Rules"), refer to the ASTM Committee F44 web page (www.astm.org/COMMITTEE/F44.htm). 1.3 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use. 1.4 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

29.020, 35.020, 49.090