DO-326A / DO-356A – Airworthiness Security and Continued Operational Security Essentials Training by Tonex
Modern airborne systems are increasingly connected, software-defined, and reliant on complex supply chains, which raises the stakes for safety and security assurance. This course equips engineering and compliance teams to interpret and implement DO-326A and DO-356A with confidence, aligning security activities with airworthiness objectives across the lifecycle. You will learn how to define threat-based security requirements, verify them with evidence, and maintain compliance during change. From concept to continued operation, the program shows how security complements safety without slowing certification. Cybersecurity risk management, secure architecture patterns, and vulnerability handling are woven into practical workflows to protect avionics, connectivity, and ground interfaces.
Learning Objectives
- Explain the intent, scope, and relationships of DO-326A, DO-356A, and companion guidance.
- Translate aircraft-level security needs into verifiable, lifecycle-managed requirements.
- Integrate security activities into safety, systems, software, and hardware processes.
- Apply risk assessment to prioritize mitigations and justify certification evidence.
- Plan for continued operational security, change impacts, and coordinated responses.
- Strengthen assurance cases so cybersecurity controls demonstrably support airworthiness.
Audience
- Systems and Software Engineers
- Avionics Architects and Integrators
- Certification and Compliance Managers
- Safety and Reliability Engineers
- Program and Product Managers
- Cybersecurity Professionals
Course Modules
Module 1: Regulatory Foundations and Scope
- Airworthiness security definitions and context
- DO-326A framework and lifecycle alignment
- DO-356A security methods and activities
- Interfaces to safety, software, hardware
- Certification ecosystem and roles
- Compliance strategy and planning
Module 2: Risk Assessment and Threat Modeling
- Operational scenarios and assets
- Threat sources and attack paths
- Vulnerabilities and exposure analysis
- Likelihood and impact estimation
- Security level assignment rationale
- Risk acceptance and documentation
Module 3: Requirements, Architecture, and Partitioning
- Deriving security requirements
- Traceability to hazards and risks
- Secure architecture principles
- Segmentation and robust partitioning
- Interface and data flow protections
- Cryptographic and key management choices
Module 4: Development Assurance and Verification
- Planning security processes and evidence
- Secure development activities integration
- Static, dynamic, and fuzz testing
- Verification of mitigations and coverage
- Assurance case construction and review
- Supplier oversight and artifact control
Module 5: Aircraft Integration and Connectivity
- Networked avionics and data buses
- Maintenance ports and ground links
- Wireless, SATCOM, and IP gateways
- Boundary protection and monitoring
- Telemetry, updates, and provenance
- Safety-security co-analysis practices
Module 6: Continued Operational Security
- Configuration and change management
- Vulnerability disclosure coordination
- Patch planning and impact analysis
- Monitoring, logging, and forensics readiness
- Service bulletins and field communications
- Reassessment and compliance sustainment
Elevate your organization’s airworthiness security posture with Tonex. Enroll your team today to turn DO-326A and DO-356A requirements into clear, auditable engineering practices that protect safety, schedule, and certification confidence.