Membership is responsible for recruitment and retention efforts for Full and Associate Members. The Supplier Management Council (SMC) is a unique, non-attributional forum open to Full and Associate Members where senior supply chain representatives from system integrators and manufacturers tackle issues that impact the aerospace and defense supply chain.
AIA has five policy divisions: Civil Aviation, National Security Policy, Technical Operations & Workforce, Space Systems, and International Affairs, along with five supporting divisions: Legislative, Communications, Membership & Corporate Events, Financial Services and Human Resources.
National Aerospace Standards (NAS) works to enhance the safety and reliability of aerospace and defense products through well-defined standards, which, in turn, helps to protect U.S. citizens, our men and women in uniform, and our national security.
The Aerospace Research Center is the authoritative source for research, analysis and advanced studies designed to bring perspective to the issues, problems and policies which affect the U.S. Aerospace and Defense industry.
Corporate Events organizes, coordinates and executes all major AIA events and meetings, including bi-annual Board of Governors and Membership Meetings, the Supplier Management Council Meetings, AIA Executive Committee Meetings, and major events at international trade shows.
Legislative Affairs works with members of Congress and staff, administration officials, and other organizations to advocate on behalf of AIA's positions on issues vital to the aerospace and defense industry.
Supply chain companies are important to the aerospace and
defense industrial base. Suppliers may have unique capabilities
that are vital to aerospace and defense programs.
Aerospace and defense companies have been dealing with the
threat of cyber intrusion for the past several years. As companies
have increased the security of their IT network defenses, the
attackers are now being driven to softer targets where they may
find some of the same type of data that they previously had sought
from these companies. The adversary is also using the collaborative
relationships between the aerospace and defense companies and their
suppliers as a "back door" as the defenses get better. Companies
further down the supply chain may not have had the opportunity or
expertise necessary to fully prepare to defend their systems from
these attackers, but the result of the increased defenses in the
major suppliers is that the attacker may target their suppliers
based on their vulnerabilities. This document was designed to be a
supplier baseline so that suppliers know what kind of security they
need to have if they want to do business with aerospace and defense
Who should use this document?
This standard practice is written to be used by the aerospace
and defense supply chain. It provides basic information that a
supplier can use to:
• assess themselves on their information technology security
• determine their preparedness for cyber threat risk management
for their customer; and
• assess the risks presented by their own suppliers.
Through the process of self-assessment suppliers can determine
where their strengths and weaknesses exist.
This document should be used by any supplier that is interested
in protecting their data from disruption or exfiltration. There are
three distinct tiers of supplier that could benefit from this
standard practice. These tiers are defined as:
Tier1: Suppliers that operate without a dedicated Information
Technology professional on staff nor do they have a dedicated
Information Technology Security professional. (Questions 1-5)
Tier 2: Suppliers with a dedicated Information Technology
professional on staff, but have no dedicated Information Technology
Security professional. (Questions 1-17)
Tier 3: Suppliers that have both dedicated Information
Technology professionals and dedicated Information Technology
Security professionals on staff. (Questions 1-72)