Skip to page content

1370.121 - FAA Information Security and Privacy Program & Policy

Document Information

FAA Information Security and Privacy Program & Policy
Date Issued
December 23, 2016
Responsible Office
AIS-1,  Information Security and Privacy
Access Restriction
FAA Network Only
Contact Information
Paul Gilbride

This order defines the Federal Aviation Administration’s (FAA) Information Security and Privacy (IS&P) Program and policy, and augments the Department of Transportation’s (DOT) policies and guidance defined in DOT Order 1351.37, the Departmental Cybersecurity Compendium: Supplement to DOT Order 1351.37 Departmental Cybersecurity Policy (as amended), June 2015, Version 4, hereafter referred to as DOT Compendium, Cybersecurity Action Memos (CAMs), and other DOT policy documents with FAA-specific policy, Federal Risk and Authorization Management Program (FedRAMP), and guidance.

This order establishes FAA’s IS&P Program and Policy and assigns organizational and responsibilities to ensure the FAA IS&P Program and policy are implemented consistent with Federal statutes, laws, and regulations about information security management.


This document's content can only be accessed from within the FAA network.

The document's Office of Primary Responsibility (OPR) is AIS-1.
Number Title Date
1370.89 ##FAA Information Operations Condition 08/25/2003
1370.91 ##Information Systems Security Patch Management 05/19/2004
1370.90 ##Internet Access Point Configuration Management 08/01/2003
1370.95 ##Wide Area Network Connectivity Security 09/12/2006
1370.116 Boundary Protection Policy 04/16/2012
1370.104 Digital Signature Policy 10/31/2008
1370.115 Domain Name System (DNS) Security Policy 04/16/2012
1370.81A Electronic Mail 05/13/2002
1370.103 Encryption Policy 11/12/2008
1370.112 FAA Application Security Policy 10/05/2010
1370.93 FAA Web Management 08/17/2004
1370.113 FAA Web Security Policy 04/16/2012
1370.106 Information Systems Security Awareness and Training Policy 06/16/2009
1370.82A Information Systems Security Program 09/11/2006
1370.83 Internet Access Points 02/08/2001
1370.84 Internet Services 03/04/2002
1370.79A Internet Use Policy 10/12/1999
1370.105 Logical Access Control Policy 12/10/2008
1370.100 Media Sanitizing and Destruction Policy 10/01/2007
1370.92A Password and PIN Management Policy 08/06/2010
1280.1B Protecting Personally Identifiable Information (PII) 12/17/2008
1370.111 Removable Media Security Policy 09/15/2010
1370.107 Rules of Behavior/System Use Policy 06/04/2009
1370.110 Secure Telework Policy 09/15/2010
1370.109 Software Assurance Policy 10/23/2009
1370.102 System Use Notification and Disclaimer Statement Policy 07/21/2008
1370.72 Transitioning to an Office Automation Technology and Services Environment 05/28/1991
1370.74 Transmittal of Office Automation Technology and Services (OATS) Advisory Information 09/10/1991
1370.108 Voice Over Internet Protocol (VoIP)Security Policy 09/21/2009
1370.94A Wireless Technologies Security Policy 09/10/2008

This page was originally published at: