We use necessary cookies to make our website work. We'd also like to use optional cookies to understand how you use it, and to help us improve it.

For more information, please read our cookie policy.

Cyber Security Oversight

Information about our Oversight Team and the cyber security regulatory framework

We would like to hear from you

The CAA is committed to improving how we deliver services, please help us by completing a short survey about your experiences today



The CAA Cyber Security Oversight Team is responsible for all cyber security regulatory activity within any of the CAA regulatory domains (for example Continuing Airworthiness, Flight Operations, Aerodromes, Airspace, Air Traffic Management, and Aviation Security).

Our approach to cyber security oversight, the Cyber Security Oversight Process for Aviation, is laid out in CAP 1753. It consists of eight key steps:

Stage 1 – Engagement
Stage 2 – Nomination of cyber key roles
Stage 3 – System scoping
Stage 4 – Cyber assessment
Stage 5 – Assessment verification
Stage 6 – Corrective action plan
Stage 7 – Security programme and Certificate of Compliance
Stage 8 – Ongoing oversight

Engagement

Initial and formal engagement will be conducted by the CAA with the aviation organisation. During this stage the CAA will notify the aviation organisation of being in scope of CAP1753 and set deadline.

Roles and responsibilities

The nomination and appointment of a CRSM or point of contact must take place prior to subsequent stages.

System scoping

System scoping activities must be conducted by the aviation organisation to determine the scope of which oversight activities apply.

Cyber assessment

A cyber self assessment must be conducted by the aviation organisation prior to an audit.

Verification audit

A verification audit of the cyber self-assessment must be carried out by either an ASSURE Cyber Supplier or the CAA Cyber Oversight Team.

Corrective action plan

A corrective action plan must be devised by the aviation organisation and agreed by the CAA. The plan must address any shortcomings between the profile the aviation organisation was assigned and the outcome of the audit.

Certificate of compliance

On receipt of a Statement of Assurance, the CAA will issue an aviation organisation with a Certificate of Compliance serving as confirmation that an entity has complied with CAP1753.

Ongoing oversight

Aviation organisations must engage in ongoing oversight activities.

News from UK Civil Aviation Authority

  1. Big Bang Award winner: Betsy Ellis
    • Published on:
    • Category: Blog Post
  2. UK on course to lead world in hydrogen fuel as aviation regulator expands Hydrogen Challenge
    • Published on:
    • Category: News Item
  3. UK's first vertical launch approved by Civil Aviation Authority
    • Published on:
    • Category: News Item