Kenai Flight Service Station

Home Page

Below -20°C

Celsius to Fahrenheit Temperature Conversion
(-20°C to +39°C)

Celsius to Fahrenheit Temperature Conversion
(Below -20°C)

Top of Page

Questions or Comments Welcome

Kenai Flight Service Station

Home Page

Current Date: 11/3/21 (U.S. Eastern Time)

Top of Page

Questions or Comments Welcome

Kenai Flight Service Station

Home Page

Alaska Flight Service Master Flight Plans

Master Flight Plan Worksheet

After completing the applicable data fields in the form use an email button to send it to the
appropriate Flight Service Station. It may also be sent via FAX, or mailed directly to the Flight Service Station. Forwarding information can be found on page 2 of the form.

Top of Page

Questions or Comments Welcome

Kenai Flight Service Station

Home Page

Kenai FSS User Comment Form

Air Traffic Organization

The Air Traffic Organization (ATO) is the operational arm of the FAA. It is responsible for providing safe and efficient air navigation services to 29.4 million square miles of airspace. This represents more than 17 percent of the world's airspace and includes all of the United States and large portions of the Atlantic and Pacific Oceans and the Gulf of America.

Our stakeholders are commercial and private aviation and the military. Our employees are the service providers – the 35,000 controllers, technicians, engineers and support personnel whose daily efforts keep aircraft moving safely through the nation's skies.

Aviation is essential to our way of life and is a driving force in our economy. Entire industries rely on the successful operation of the national airspace system. Aviation accounts for 11 million jobs and is responsible for more than 5 percent of our gross domestic product.

The U.S. air traffic system is experiencing the safest period in its history. This is the result of the ATO's robust safety culture. With the implementation of its proactive Safety Management System, the ATO is now able to identify precursors of risk before there is a safety problem.

Mission Analysis

The Information Systems Security (ISS) engineering process starts in the Corporate Mission Analysis. In this phase, the ISSE process focuses on:

• the proposed system's operating environment
• system boundaries
• information assets and functions
• and the potential threat and vulnerability sources to the system's information assets and functions.

Basic system security policy flows from FAA organizational directives, such as FAA Order 1370.82A, "ISS Program Policy" as well as from FAA operating procedures and instructions. Basic system security policy is the set of rules governing control, access, and use of system information. For example, a basic security policy statement may be that only authorized FAA users shall access the system.

The ISS engineering process applies NIST Federal Information Processing Standards (FIPS) 199, "Standards for Security Categorization of Federal Information and Information Systems" to categorize the information system assets and functions. The ISSE process analyzes the NAS system concept of operations (CONOPS) and mission need statement (MNS) to formulate a basic security policy.

The security planning aspects of ISS engineering also begins in this phase, following guidance of NIST Special Publication (SP) 800-18, "Guide for Developing Security Plans for Federal Information Systems". Security requirements, based on security policy, are in the Preliminary Program Requirements (pPR) document.

Solution Implementation

The Information Systems Security (ISS) engineering activities during the earlier phases provide the basis for the updating, monitoring, and controlling system security risks and the respective mitigation measures or controls that are implemented during this phase of the system development. A summary of ISS engineering activities for this phase includes the following:

• Revise the security related statement in the CONOPS and security requirements based on functional analysis performed during early stages of the Solution Implementation phase.
• Analyze the physical/system architecture, resulting in an allocation of the securityfeatures to be implemented in the system under development. Security trade studies may be needed to identify the appropriate security controls to be implemented that balance system and security requirements.
• Integrate the security features into the security architecture to balance them with the system architecture and design. Security trade studies, interface securityrequirements, and other Systems Engineering (SE) outputs contribute to successful integration of security architecture into system design. System design reviews are key milestones for ensuring that security controls are integrated into system development.
• Update the ISSP, one of the SCAP documents based on the expected ISS functional and assurance controls derived from the system architecture and design. Refine the system test planning and procedures to ensure that all security requirements and controls are addressed. The ISSP supports Validation (SEM Section: 4.12, subsection 4.12.1) and Synthesis (SEM Section: 4.5) to assess controls and assurance as being cost effective and meeting the ISS requirements. Use Risk Management (SEM Section: 4.10) and Requirements Management (SEM Section: 4.3) to mitigate security risk to acceptable levels. The criticality/sensitivity of the system and its information assets guides the type and level of controls and testing.
• Develop a user's guide, training plans, and Contingency/Disaster Recovery Plans (C/DRP). Security procedures, rules, training, and planning for C/DRP operations may be integrated into the integrated logistics support and lifecycle planning for systems.
• Conduct security testing. Security controls and mechanisms may be testedincrementally and as a part of system development testing. For mission-criticalsystems, a third party shall conduct independent testing of system vulnerabilities.
• Create final the Security Certification and Authorization Package (SCAP) documents. The results of ISSE activities-including relevant results from related SE elements such as Integrated Technical Planning (SEM Section: 4.2), Synthesis (SEM Section: 4.5), Validation and Verification (SEM Section: 4.12), and Lifecycle Engineering (SEM Section: 4.13)-shall be considered as final SCAP documents. The Air Traffic Organization provides templates for collecting and presenting the SCAP documentation.

Investment Analysis

Integrating the Information Systems Security (ISS) engineering process with the SE elements is essential. During the Initial Investment Analysis (IIA), ISSE develops and documents the need for security in the CONOPS and the initial security requirements for the Preliminary Requirements document (pPR). The Investment Analysis (IA) team uses the system program CONOPS and the security requirements to evaluate the system alternatives. The security engineers in the product team conduct a preliminary vulnerability and security risk assessment using updated threat and vulnerability data to determine the specific risks that must be controlled or mitigated. The security trade studies are performed to evaluate the system alternatives and to assess the security risk controls/mitigation measures related to the system alternatives. Also, the security trade studies identify the native, existing system, and/or network features that reduces the likelihood of the system threats successfully exploiting a vulnerability. These trade studies compare the costs and benefits of the system features/security controls in terms of risk reduction. Trade studies may evaluate the cost-effectiveness of different controls for a given risk or set of risks. Also, system alternatives may require different types of controls to balance the system performance and security requirements against the security risks/costs of the different alternatives. The different system alternatives may have significantly different physical and/or system architectures that would require different security controls that may lead to different security costs and effectiveness.

During the final stage of the IA phase, the ISS engineering refines and updates the preliminary vulnerability and security risk assessment. Updated threat and vulnerability data is applied, analyzing the costs and effectiveness of system features and security controls that are associated with each of the final system alternatives. ISS engineering provides the final security requirements for the final Program Requirements document (fPR) and the system specification, as well as special requirements for the Solicitation Information Request (SIR) and contract Statement of Work (SOW). In developing the final system requirements, ISS engineering analyzes and establishes the appropriate assurance level to be proven during system implementation. The assurance in this context addresses the required level of confidence in the security function, performance and ensures that the security controls function in an integrated fashion. The assurance can be gained through many techniques, including conformance testing, independent verification testing, and employing diverse and/or redundant capability.

The ISS engineering shall support a documented agreement among the FAA stakeholders regarding the necessity and sufficiency of the security requirements. It should clearly document the agreement to the security requirements before the investment decision becomes the foundation for the Security Certification and Authorization Package (SCAP), which shall be completed before the In-Service Decision (ISD). During the IA, ISS engineering identifies the technically qualified, senior FAA official who shall certify that the system security controls meet the minimum FAA/NASISS requirements (see DAA discussion in SEM section: 4.8.6). The ISSP, which was based on the NISTSP 800-18 and was a conceptual draft during the Mission Analysis of the AMS phase, is updated to become an initial draft.

The ISS engineering products from this phase include the updated preliminary and vulnerability security risk assessment, final security program requirements, security trade studies to support cost-benefit/investment analysis of security controls, and input to the SIR, SOW, system specification, and Contract Data Requirements List (CDRL) for systems to be acquired. These products support the AMS milestone decision for transition into the Solution Implementation phase.

In-Service Management

Activities during this phase include the following:

• Follow and conform to the final SCAP template as required for the final SCAP documents.
• Obtain the security Certification and Authorization (C&A). Stakeholder C&A review shall ensure that the DAA is in a position to certify and authorize the system as meeting the security requirements and as presenting an acceptable risk to the FAA mission and NAS operations.
• Conduct the performance measurement, monitoring, and reporting of the security controls and incidents. Ensure that the monitoring of ISS performance and assurance for the respective NAS service/capability has not degraded and that the new vulnerabilities have not been introduced to the operational system.
• Update the SCAP to reflect any major configuration changes at least every 3 years, assessing the changes in the environment and system for previously unforeseen risks from new threats and vulnerabilities. Plan and take corrective action as necessary.
• For disposal of the system, the following types of activities may be addressed in the Information System Security Plan, and conducted at the appropriate stage of the System Development Lifecycle
  • Archive Information - Retain information as necessary, keeping in mindlegal requirements and future technology changes that render the retrievalmethod obsolete.
  • Sanitize Media - Ensure data is deleted, erased, or written over asnecessary.
  • Dispose of Hardware and Software - Dispose of the hardware and software in accordance with ISS policy.

Data Management

It is the FAA's intent to terminate point to point (local) connections between FAA NAS systems and outside entities as soon as possible and to replace them with connections made via secure gateway. The FAA will work with aviation partners to accomplish their transition within a reasonable period of time, consistent with each aviation partner's particular situation. The FAA is willing to meet with aviation partners collectively or individually to discuss surveillance technologies available.

What is the definition of a "secure gateway"?
A secure gateway blocks or filters access between two networks, often between a private network and a larger, more public network such as the Internet; allowing internal users to connect to external networks while protecting internal systems from compromise (NIST Special Publication 800-14, 1996). The National Airspace System (NAS) Enterprise Security Gateway (NESG) infrastructure provides a framework for compliance with boundary protection service requirements between NAS and non-NAS systems/networks in accordance with FAA Order 1370.114. The NESG infrastructure includes a layered security scheme to facilitate defense in depth security controls and provides a buffer between the NAS and external systems/networks to ensure no direct service connections to NAS systems. This follows the National Institute of Standards' approach to network security, which is mandatory for all agencies.

How will the FAA achieve NESG redundancy and ensure data feed availability?
NAS data feed redundancy will be achieved through duplication of NAS data service collections points behind the NESGs and dynamic data rerouting to the available gateway location. The FAA recommends NAS data consumers connect to multiple NESG physical locations by the following methods: Use of internet-based virtual private network (VPN), user-provided dedicated transmission service (DTS), or user-provided local Ethernet connection. However, the FAA does not guarantee or warrant NAS data feed availability to any external user.

What are the "no cost" NAS surveillance data feeds and where are they located?
No-cost FAA data sources available through the NESG include Aircraft Situational Display to Industry (ASDI) and Airport Surveillance Detection Equipment, Model X (ASDE-X) data. ASDI provides NAS air surveillance data, while ASDE-X provides NAS ground surveillance data for 28 of the 35 ASDE-X-equipped airports. Both data feeds are available through the NESG at the FAA Technical Center, Atlantic City, NJ (Primary) and the FAA Aeronautical Center, Oklahoma City, OK (Backup).

Where will ARTS data be available after transition to a secure gateway?
ARTS data is presently available within the ASDI feed through the NESG.

Will secure gateway data feeds retain the same data sets and the level of data fidelity as local connections?
NAS data feeds provided through a secured gateway will generally retain the same level of fidelity as previously experienced with a local connection, but may not contain all data sets previously available. As noted above, the FAA does not warrant or guarantee the availability of NAS data feeds.

Why do vendors charge for access to surveillance products when the data is provided by the FAA at no-cost?
NAS surveillance data is made available at no cost to aviation partners. Commercial vendors charge to recover their investment during the collection and distribution of NAS data, including any conversion to commercial information products.

How will the FAA treat Memoranda of Agreement (MOA) for local connections that have not expired?
The FAA will attempt to honor existing MOAs for local connections, assuming efforts are being made to transition to a secured gateway before MOA expiration. Each situation is different and will be evaluated as such.

Should aviation partners work directly with the FAA Service Area representatives to develop their transition plans?
The FAA highly recommends collaboration with Service Area representatives for transition plan development guidance and procedures for removal of equipment from TRACONs.

When does the FAA expect to receive transition plans?
As previously discussed, the FAA has requested submission of transition plans to the Service Areas before December 15, 2012. The objective is to complete aviation partner transition to secure gateway by the end of Fiscal Year 2013.

If an aviation partner's Memorandum of Agreement (MOA) for local connection expires before their transition to a secure gateway, will the aviation partner be required to submit a new MOA for the local connection?
The FAA will require submission of a new FAA Form 1200-5 and MOA. The FAA Form 1200-5 must indicate the aviation partner's intent to transfer to a secure gateway by the date specified in their transition plan.

After transition to secure gateway, will a MOA between the FAA and aviation partners be required?
In the end state, the MOAs between the FAA and aviation partners will not be required, but replaced by an "on-line terms of use." The FAA is attempting to coordinate a transition to secure gateway connections and a revised "agreements" process. The transition to secure gateway connections has greater priority. FAA SysOps will continue to monitor the transition.