Skip to page content

USA Banner

Official US Government Icon

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure Site Icon

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Site Notification

Site Notification

United States Department of TransportationUnited States Department of Transportation

1370.121 - FAA Information Security and Privacy Program & Policy

Document Information

1370.121 (Cancelled)
FAA Information Security and Privacy Program & Policy
Cancelled By
Date Cancelled
November 03, 2020
Date Issued
December 23, 2016
Responsible Office
AIS-1,  Information Security and Privacy
Access Restriction
FAA Network Only
Contact Information
Paul Gilbride

This order defines the Federal Aviation Administration’s (FAA) Information Security and Privacy (IS&P) Program and policy, and augments the Department of Transportation’s (DOT) policies and guidance defined in DOT Order 1351.37, the Departmental Cybersecurity Compendium: Supplement to DOT Order 1351.37 Departmental Cybersecurity Policy (as amended), June 2015, Version 4, hereafter referred to as DOT Compendium, Cybersecurity Action Memos (CAMs), and other DOT policy documents with FAA-specific policy, Federal Risk and Authorization Management Program (FedRAMP), and guidance.

This order establishes FAA’s IS&P Program and Policy and assigns organizational and responsibilities to ensure the FAA IS&P Program and policy are implemented consistent with Federal statutes, laws, and regulations about information security management.


This document's content can only be accessed from within the FAA network.

The document's Office of Primary Responsibility (OPR) is AIS-1.
Number Title Date
1370.89 ##FAA Information Operations Condition 2003-08-25
1370.91 ##Information Systems Security Patch Management 2004-05-19
1370.90 ##Internet Access Point Configuration Management 2003-08-01
1370.95 ##Wide Area Network Connectivity Security 2006-09-12
1370.116 Boundary Protection Policy 2012-04-16
1370.104 Digital Signature Policy 2008-10-31
1370.115 Domain Name System (DNS) Security Policy 2012-04-16
1370.81A Electronic Mail 2002-05-13
1370.103 Encryption Policy 2008-11-12
1370.112 FAA Application Security Policy 2010-10-05
1370.93 FAA Web Management 2004-08-17
1370.113 FAA Web Security Policy 2012-04-16
1370.106 Information Systems Security Awareness and Training Policy 2009-06-16
1370.82A Information Systems Security Program 2006-09-11
1370.83 Internet Access Points 2001-02-08
1370.84 Internet Services 2002-03-04
1370.79A Internet Use Policy 1999-10-12
1370.105 Logical Access Control Policy 2008-12-10
1370.100 Media Sanitizing and Destruction Policy 2007-10-01
1370.92A Password and PIN Management Policy 2010-08-06
1280.1B Protecting Personally Identifiable Information (PII) 2008-12-17
1370.111 Removable Media Security Policy 2010-09-15
1370.107 Rules of Behavior/System Use Policy 2009-06-04
1370.110 Secure Telework Policy 2010-09-15
1370.109 Software Assurance Policy 2009-10-23
1370.102 System Use Notification and Disclaimer Statement Policy 2008-07-21
1370.72 Transitioning to an Office Automation Technology and Services Environment 1991-05-28
1370.74 Transmittal of Office Automation Technology and Services (OATS) Advisory Information 1991-09-10
1370.108 Voice Over Internet Protocol (VoIP)Security Policy 2009-09-21
1370.94A Wireless Technologies Security Policy 2008-09-10