ISO/AWI 26390

Cybersecurity requirements for uncrewed aircraft systems

Scope

This document identifies cybersecurity threats that may arise in uncrewed aircraft systems (UAS), including those originating from the supply chain. It also specifies cybersecurity requirements to mitigate the identified threats. Each requirement is derived based on the operational environment, structural characteristics, and the lifecycle of the UAS, including its supply chain.
The scope of this document is distinct from those of ISO 21384-3:2023, ISO 21895:2020, and ISO 23629-12:2022, which respectively address operational procedures, classification of civil UAS, and requirements for UAS traffic management service providers. While these standards contribute to overall UAS safety and governance, they do not provide technical requirements addressing cybersecurity risks to UAS components or interfaces. Accordingly, this document complements the existing series by defining cybersecurity threats and corresponding mitigation requirements tailored to the architecture and operational environment of UAS.
This document does not include considerations related to UAS traffic management systems. Additionally, it does not cover administrative measures for UAS components.