An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
The FAA will establish airspace restrictions over Super Bowl LVI, Feb. 13, 2022 at SoFi Stadium in Inglewood, CA. Any person who knowingly and willingly violates these restrictions may be subject to criminal or civil penalties.
The March/April 2017 issue of FAA Safety Briefing focuses on Automatic Dependent Surveillance-Broadcast (ADS-B) technology, a foundational component of FAA's NextGen system for improving the safety and efficiency of the NAS. Articles cover the myriad safety and...
This website contains links to all FAA guidance documents in effect. Guidance documents linking to this website lack the force and effect of law, unless expressly authorized by statute, regulation or incorporated into a contract. The FAA may not cite, use, or rely on any guidance that is not posted on this website, except to establish historical facts. The FAA follows DOT's Administrative Rulemaking, Guidance, and Enforcement Procedures for issuing guidance documents.
The FAA actively maintains its guidance materials on the databases provided below. However, in the event that specific guidance documents are not included on these databases, please refer to additional guidance organized by topic below.
The FAA is responsible for providing safe and efficient air navigation services. Air Traffic stakeholders are commercial and private aviation and the military. Air Traffic employees include controllers, technicians, engineers, and support personnel whose daily efforts keep aircraft moving safely through the nation's skies. Additional Air Traffic guidance includes:
Aviation Safety includes certification, production approval, and continued airworthiness of aircraft; and certification of pilots, mechanics, and others in safety-related positions. Additional Aviation Safety guidance is listed below.
Commercial Space Transportation is FAA's only space-related line of business. It manages its licensing and regulatory work as well as a variety of programs and initiatives to ensure the health and facilitate the growth of the U.S. commercial space transportation industry.
This section includes additional guidance related to FAA environmental studies, research, and design.
The Office of the Chief Counsel provides legal services to the FAA Administrator and all agency organizations worldwide. Legal interpretations and opinions are publicly available online, as well as other helpful guidance materials.
The FAA helps ensure aviation safety, supports national security, and promotes an efficient airspace system. This is accomplished through a variety of disciplines including: personnel security, physical and technical security, cyber security, interagency communications, intelligence and investigations, law enforcement support, and hazardous materials safety.
The FAA has guidance available to operators and stakeholders regarding UAS operations, safety, regulation, and guidance. Additional UAS guidance is listed below.
We respect your right to privacy and will protect it when you visit our website.
This Privacy Policy explains our online information practices, including how we collect and use your personal information. It does not apply to third-party websites that you are able to reach from FAA.gov, nor does it cover practices of other areas within the U.S. Department of Transportation. We encourage you to read those privacy policies to learn how they collect and use your information.
We automatically collect information about your visit that does not personally identify you. We collect the computer, browser, the name of the domain of your internet service provider (ISP), and the Internet Protocol (IP) address of the website from which you linked to FAA.gov. We also collect the date, time, and the pages you visit. Collecting this information helps us design the site to suit your needs. In the event of a known security or virus threat, we may collect information on the web content that you view.
When you visit our website, we may request and collect the following categories of personal information from you:
Our principal purpose for collecting personal information online is to provide you with what you need and want, address security and virus concerns, and to ease the use of our website.
We will only use your information for the purposes you intended, to address security or virus threats, or for the purposes required under the law. See Choices on How We Use the Information You Provide.
We collect information to:
We may share personally identifiable information you provide to us online with representatives within the Department of Transportation's Operating Administrations and related entities, other federal government agencies, or other named representatives as needed to speed your request or transaction. In a government-wide effort to combat security and virus threats, we may share some information we collect automatically, such as IP address, with other federal government agencies.
Also, the law may require us to share collected information with authorized law enforcement, homeland security, and national security activities. See the Privacy Act of 1974.
Throughout our website, we will let you know whether the information we ask you to provide is voluntary or required. By providing personally identifiable information, you grant us consent to use this information, but only for the primary reason you are giving it. We will ask you to grant us consent before using your voluntarily provided information for any secondary purposes, other than those required under the law.
On some of our webpages we offer interactive forms that let you voluntarily submit personal information (such as your email address, name, or organization). This may occur when you are registering for conferences, workshops, or training sessions offered by FAA, ordering publications from FAA, or submitting comments to various web discussion forums. In those cases, we only use your information for the expressed purposes for which it is intended. Your information is not made available to any third party. However, if you supply your name, email address, or other personal information when you submit a comment to an FAA web discussion forum, we may post that information along with your comment.
We have information for children on our education web pages. We do not intentionally collect information from children under the age of 13. If in the future we choose to collect personal information from children, we will comply with the Children's Online Privacy Protection Act (COPPA).
A cookie is a small text file stored on your computer that makes it easy for you to move around a website without continually re-entering your name, password, or preferences, for example.
FAA uses session and persistent cookies on our website to collect information about your activity on FAA.gov. For example, a session cookie is used to collect the number of clicks on a link on a FAA.gov page.
A session cookie is stored on your computer only during your visit to FAA.gov. After you turn off your computer or close your browser, the cookie disappears from your computer.
In contrast, a persistent cookie is stored on your computer and is re-used each time you visit FAA.gov. After you turn off your computer or close your browser, the cookie is kept on your machine for the next time you visit FAA.gov.
If you want to remove persistent cookies from your machine, you can use your browser to delete all persistent cookies. For example, in Internet Explorer, you can delete cookies via Tools > Internet Options. Keep in mind that this removes all cookies from your machine, even those created by other websites. Therefore, it may affect your experience on other websites.
If you want to opt-out of the use of Web measurement and cookie technologies, see Web Measurement and Customization Opt-Out.
Properly securing the information we collect online is a primary commitment. To help us do this, we take the following steps:
Tampering with FAA's website is against the law. Depending on the offense, it is punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.
In recognition of the President's Coronavirus Guidelines for America and following the Department's guidance to take all necessary precautions to protect the health and safety of the Department's workforce, FAA Privacy Office employees are working remotely and not able to process any Appeal requests received by mail. Any Appeal requests received by mail after Monday, March 16, 2020, cannot be processed until employees are able to return safely to the office. If you wish to submit an Appeal request, please send it to privacy@faa.gov.
The Privacy Act of 1974 protects the personal information the federal government keeps on you in systems of records (SOR) (information the DOT controls recovered by name or other personal identifier). The Privacy Act regulates how the government can disclose, share, provide access to, and keep the personal information that it collects. The Privacy Act does not cover all information collected online.
The Act's major terms require agencies to:
When FAA collects information from you online that is subject to the Privacy Act (information kept in an SOR), we will provide a Privacy Act Statement specific to that collected information. This Privacy Act Statement tells you:
View our Privacy Act Notices.
FAA uses third-party services such as Facebook, Twitter, and YouTube to communicate and interact with the public. These services are controlled and operated by third parties, and are not government websites or applications. By interacting with FAA through these third-party services, you may be providing non-government third parties access to your personal information which can be used to distinguish or trace your identity. Any information collected by a third-party service is subject to the privacy policies of the third-party service provider.
Generally, FAA does not collect, disseminate, or maintain any personally identifiable information (PII) about you maintained by third party sites. However, you should be aware that FAA may read, review, or rely upon information that you make publicly available on these services (for example, comments made on the FAA's Facebook page), as authorized or required by law.
Below is the current list of official FAA social media accounts.
If you have comments, concerns, or need more information on our privacy practices, please contact our Privacy Division at privacy@faa.gov or 1 (888) PRI-VAC1. Also, DOT has conducted a Privacy Impact Assessment on some systems.
View our DOT Privacy Impact Assessments.
You are accessing a U.S. Government information system. This information system, including all related equipment, networks, and network devices, is provided for U.S. Government-authorized use only. Unauthorized or improper use of this system is prohibited, and may result in civil and criminal penalties, or administrative disciplinary action. The communications and data stored or transiting this system may be, for any lawful Government purpose, monitored, recorded, and subject to audit or investigation. By using this system, you understand and consent to such terms.
Federal Aviation Administration
January 26, 2023
The Federal Aviation Administration's (FAA's) continuing mission is to provide the safest, most efficient aerospace system in the world. In support of that mission, the FAA is committed to maintaining the security of FAA systems and protecting sensitive data and information from unauthorized disclosure. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey the procedures and conditions associated with submitting discovered vulnerabilities to the FAA in support of strengthening the FAA's systems.
This policy describes what systems and types of research are covered under this policy, how to send FAA vulnerability reports, and how long security researchers are required to wait before publicly disclosing vulnerabilities.
The FAA is looking for suggestions to improve the FAA's information systems’ security posture, including reporting potential system vulnerabilities.
If you make a good faith1 effort to comply with this policy during your security research, the FAA will consider your research to be authorized, work with you to understand and resolve the issue quickly, and will not recommend or pursue legal action related to your research conducted pursuant to this policy. Should a third party initiate legal action against you for activities conducted in accordance with this policy, the FAA will make this authorization known.
Under this policy, "authorized research" means activities in which you:
Once you have established that a vulnerability exists or encounter any sensitive data or information (including personally identifiable information, financial information, proprietary information or trade secrets of any party, or information indicating a potential aviation safety or security hazard), you must stop your test, notify the FAA immediately, not disclose this data or information, as applicable, to anyone else, and purge any stored FAA sensitive data and information from your systems immediately after reporting a vulnerability.
Security researchers must not:
Security researchers may:
Security researchers must:
This policy applies to all public-facing FAA systems and services. If you are not sure whether a system is in scope or not, contact the FAA at vulnerabilitydisclosure@faa.gov before starting your research.
If there is a particular system or service not in scope that you think merits testing, please contact the FAA.
Information submitted under this policy will be used for defensive purposes only – to mitigate or remediate vulnerabilities. If your findings include newly discovered vulnerabilities that may affect other users of a product or service and not solely the FAA, the FAA may share your report with the Cybersecurity and Infrastructure Security Agency (CISA), where it will be handled under their coordinated vulnerability disclosure process. The FAA may also share your report with any affected vendors or open source projects, and the Transportation Security Administration (TSA), with which the Department of Transportation, including the FAA, shares responsibility for the aviation sub-sector of the Transportation Systems critical infrastructure sector. The FAA will not share your name or contact information without your express permission.
Note the FAA does not provide payment for vulnerability submissions and, by submitting a vulnerability report, you acknowledge that you have no expectation of payment and that you expressly waive any future payment claims against the U.S. Government related to your submission. Additionally the FAA will not provide any type of recognition for disclosed vulnerabilities.
The FAA accepts vulnerability reports at vulnerabilitydisclosure@faa.gov. Reports may be submitted anonymously. If you share contact information, receipt of your report will be acknowledged within three business days.
By submitting a vulnerability report to the FAA, a researcher warrants the report and any attachments do not violate the intellectual property rights of any third party, and the researcher grants the FAA a non-exclusive, royalty-free, world-wide, perpetual license to use, reproduce, create derivative works, and publish the report and any attachments.
In order to help triage and prioritize submissions, the FAA suggests that reports:
When you choose to share your contact information, the FAA commits to coordinating with you as openly and as quickly as possible.
The FAA is committed to timely correction of vulnerabilities and recognizes that public disclosure of a vulnerability in the absence of a readily-available corrective action likely increases versus decreases risk. Accordingly, the FAA requires that reporters of vulnerabilities refrain from public disclosure for a minimum of 90 calendar days from the date the FAA acknowledges receipt of the report. In some cases, the FAA may ask for an additional delay in public disclosure. To the extent consistent with applicable law, the FAA, generally, will not publicly disclose vulnerabilities identified in its systems, even once remediated.
Questions regarding this policy may be sent to vulnerabilitydisclosure@faa.gov. The FAA encourages security researchers to contact the FAA to request clarification on any element of this policy. Please contact the FAA prior to conducting research if you are unsure if a specific test method is inconsistent with or unaddressed by this policy. The FAA also invites you to provide suggestions for improving this policy.
1Good faith means security research conducted with the intent to follow the FAA's VDP without malicious motive. The FAA may evaluate an individual's intent by taking into account all relevant facts and circumstances, including but not limited to: their actions, their statements, and the results of their actions. In other words, good faith security research means accessing a computer or software within the scope of this policy solely for the purpose of testing or investigating a security flaw or vulnerability and disclosing those findings in alignment with this policy. The security researcher's actions should be consistent with an attempt to improve security and to avoid doing harm, whether by unwarranted invasions of privacy, causing damage to property, compromising safety, or by other means.
A hallmark of good faith activity is a factual, timely report of a vulnerability on a system authorized for testing, sent directly to the FAA in accordance with this policy's instructions; however, a person could conduct research in good faith and have no reportable findings. In contrast, an individual who consciously decides to test systems that are not included within the scope of this policy would not be acting in good faith.
The Federal Aviation Administration evaluates all suggested links using the following criteria:
The Federal Aviation Administration can add a link to any government website that is publicly available unless directed not to by the agency that owns the site. Acceptable federal government-owned or government-sponsored website domains include .gov, .mil and .fed.us. FAA.gov also links to: quasi-government agencies and websites created by public sector/private sector partnerships; state and local government sites (for example, www.maryland.gov); and some government-sponsored websites that end in .com, .org, or .net (for example, www.usps.com for the U.S. Postal Service).
In rare instances, FAA.gov links to websites that are not government-owned or government-sponsored if these websites provide government information and/or services in a way that is not available on an official government website. FAA.gov provides these non-government websites as a public service only. The U.S. government, including the Federal Aviation Administration, neither endorses nor guarantees in any way the external organizations, services, advice, or products included in these website links. Furthermore, the U.S. government neither controls nor guarantees the accuracy, relevance, timeliness, or completeness of the information contained in non-government website links. (See Disclaimer of Endorsement for more information on this topic.)
FAA.gov highlights links of special interest to wide audiences by temporarily posting them in a position of prominence on the website. Featured links may include: online transactions; seasonal information; current topics on the minds of citizens, businesses or government officials; community-level services and information; cross-agency portals that enhance the public's interaction with government; kids' websites; and new links.
FAA.gov will not link to any website that exhibits hate, bias, or discrimination. Furthermore, FAA.gov reserves the right to deny or remove any link that contains misleading information or unsubstantiated claims, or is determined to be in conflict with the Federal Aviation Administration's mission or policies.
The information posted on FAA.gov includes hypertext links or pointers to information created and maintained by other public and/or private organizations. FAA.gov provides these links and pointers solely for our users' information and convenience. When users select a link to an outside website, they are leaving FAA.gov and are subject to the privacy and security policies of the owners/sponsors of the outside website.
Section 207(f)(2) of the E-Government Act of 2002 requires federal agencies to develop an inventory of information to be published on their websites, establish a schedule for publishing information, make those schedules available for public comment, and post the schedules and priorities on the website.
The FAA has a long-standing policy to publish information as soon as it can be released to the public, so there is no more specific schedule. As new information becomes available that is important to the public, we are committed to putting it on our website.
The information that follows presents a topical inventory of FAA’s website. If you have suggestions for additional information we should post, please let us know.
Priority 1: Required by law, regulation, Presidential directive or other official directive, or to ensure national security; or mission-critical and essential for program operations, but not required by law:
Priority 2: Frequently requested information or services that would improve service to the public.
Priority 3: Other information