Requirement #

DO-306 ED 122 Safety Requirement Description

Status

Type of evidence collected

DO306 - ED 122 requirements allocated to the ATS Ground System

SR-1

An indication shall be provided to the initiator when a recipient rejects a data link service request at the application layer.
Note: Rejection can also occur in a communication layer. In this case, a message could be discarded before it is processed by the application

F

SR-2

A detected loss of data link service shall be indicated to the controller/flight crew.

F

SR-3

Data link service shall be established in sufficient time to be available for operational use. 

F

SR-4

ATSU shall be notified of planned outage of data link service sufficiently ahead of time. 

F

SR-5

There shall be an indication to the initiator when a message cannot be successfully transmitted.

F

SR-6

The end system shall provide unambiguous and unique identification of the origin and destination with each message it transmits.

F

SR-7

A response shall indicate to which messages it refers.

F

SR-8

The aircraft and the ATSU shall exchange via data link and process the same route information.

F

SR-9

The end system shall time stamp to within one second UTC for each CPDLC message when it is released for onward transmission.

F

SR-11

Any processing (data entry/ encoding/ transmitting/decoding/ displaying) shall not affect the intent of the message. 

F

SR-12

The end system shall reject messages not addressed to itself.

F

SR-13

The initiator shall transmit messages to the designated end system.

F

SR-14

The ATSU system shall indicate to the controller when a required response for a message sent by the ATSU is not received within the required time (ETTRN). 

F

SR-15

When the end system receives a message whose time stamp exceeds ETTRN, the end system shall provide appropriate indication.
Note1: Appropriate indication may include the need for real time monitoring and alerting (such as via an uplink delay timer, see Table 4-4 and Table 4-8). This is determined based on further safety assessment and is a local matter. The safety assessment needs to consider message content, intended use, and environmental conditions that could potentially lead to an unacceptable risk of undetected late delivery of a message as determined by the continuity requirement.

N

SR-16

The ATSU and aircraft end system shall prevent the release of clearance and operational responses without controller or flight crew action.

F

SR-17

The recipient system shall prohibit operational processing of corrupted messages. 

F

SR-18

The recipient shall be able to determine the message initiator.

F

SR-19

The recipient system shall prohibit operational processing of messages not addressed to the recipient.

F

SR-20

ATSU shall only establish and maintain data link services when the aircraft identifiers in data link initiation correlate with the ATSU’s corresponding aircraft identifiers in the current flight plan.

F

SR-21

The aircraft identifiers used for data link initiation correlation shall be unique and  unambiguous (e.g. the Aircraft Identification and either the Registration Marking or the Aircraft Address) 

F

SR-23

The ATSU shall not permit data link services when there are no compatible version numbers. 

F

SR-24

Messages shall be responded to in
their entirety.

F

SR-25

The end system shall be capable of detecting errors that would result in mis-delivery introduced by the communication service.
Note: A number of algorithms exist that have demonstrated error detection at acceptable levels of integrity, such as those based on cyclic redundancy check (CRC) or Fletcher’s checksum. The specific algorithms found to be viable need to be defined in the Interoperability Standards appropriate for the technology used

F

SR-26

The end system shall be capable of detecting errors that would result in corruption introduced by the communication service.
Note: A number of algorithms exist that have demonstrated error detection at  cceptable levels of integrity, such as those based on CRC or Fletcher’s checksum. The specific algorithms found to be viable need to be defined in the Interoperability Standards appropriate for the technology used.

F