WASHINGTON – The Federal Aviation Administration (FAA) announced that the agency is conducting a market survey to ensure the cyber security of the nation’s air traffic and airspace.
The FAA’s National Airspace System (NAS) Security and Enterprise Operations (NASEO) are tasked with minimizing the impact of – and recovery from – cyber security programs for Air Traffic Organization (ATO).
The FAA runs a multi-faceted cybersecurity program to protect the NAS per Federal Information Security Management Act (FISMA). The ATO Cybersecurity Group (ACG), a line of business under NAS NASEO within the ATO, is the lead organization for governing, implementing, and managing cybersecurity controls for NAS.
the ATO Cybersecurity Strategic Plan has been developed to ensure that critical infrastructure remains secure and resilient. This plan aims to maintain the functionality of essential services under various cyber conditions, adapt NAS cybersecurity capabilities to evolving threats, and enable rapid recovery from disruptions.
The increasing sophistication of cyber adversaries requires deep institutional knowledge of critical infrastructure to ensure the mission space’s resiliency. The ATO Cybersecurity Group (ACG) manages ATO cybersecurity, integrating functions into NAS and ATO operations. ACG’s responsibilities include providing an enterprise-wide view of cybersecurity risk, securing NAS and ATO-operated systems through authorization, continuous monitoring, and ensuring compliance. The foundation of ATO cybersecurity is understanding and managing risk to protect and enable operational missions.
The FAA anticipates that the requirements will encompass several areas. Program Control and Governance will cover program management, cybersecurity policy management, privacy, data calls, audits, and authorization management, including System Security Officers (SSOs), Cyber Security Assessment and Management (CSAM), and related memos.
Related: Avcon Industries obtains FAA STC for its dual camera ports on Cessna 208s
Enterprise Architecture, Design, and Solutions will include enterprise and system architecture, cyber supply chain risk management, cybersecurity strategic planning and analysis, future technology and capability insertion, and operating environment definitions.
Cybersecurity Engineering will focus on cyber engineering requirements development, system domain subject matter experts, the Risk Management Framework, software development, and enterprise solutions development.
Integration, Outreach, and Planning will involve training, workforce development, cybersecurity outreach and communication, cybersecurity tabletops, and operation risk management.
Responses to this survey must be returned to Elizabeth H. Williams, who can be emailed at [email protected], by 5 p.m. EDT on 17 July 2024. More information, including submission guidelines, for this survey, can be found at https://sam.gov/opp/79ef1ef95e214063b30059a363a4f860/view.
This post was originally published on 3rd party site mentioned in the title of this site
