Role playbook · MRO
Maintenance (MRO)
Engineers applying cyber-maintenance bulletins, patches and software-inventory hygiene on aircraft systems.
Audience: Maintenance, Repair & OperationsTime to first value: first patch cycle (1–2 weeks)
Why CyViation matters in your role
You already manage SBs, ADs and a maintenance calendar. CyViation adds the cyber side of the same airframe lifecycle:
- A vulnerability backlog scoped to your fleet, not a generic CVE feed.
- A patch calendar that respects your existing maintenance windows.
- An SBOM per tail so "is this CVE on any of our aircraft?" takes under a minute.
No new tracker to learn — cyber maintenance fits your existing flow and approvers.
Daily playbook
- Triage new vulnerability tickets for your fleet — confirm affected tails, severity, patch availability.
[SkyRay → Vulnerability Management Dashboard] - Verify overnight patch rollouts completed cleanly; anything degraded goes straight to the duty manager.
[Vulnerability UI → Patch Calendar] - Check tonight's maintenance window calendar — confirm each deployment has a tail on stand and a qualified engineer.
- Acknowledge cyber-maintenance bulletins (CMBs) as they land — same rhythm as SBs/ADs.
- Close out yesterday's tickets with the artefact attached (patch manifest, post-patch test, SBOM diff).
Weekly playbook
- Update the SBOM per tail — reconcile any new components added during the week.
- Run a vulnerability-server scan report per tail and per fleet; trend exposure, don't just chase point-in-time CVEs.
- Review parked-aircraft exposure — stored / AOG tails accumulate debt and get missed.
- Coordinate with the CISO on out-of-cycle patches that can't wait for the next window.
- Sync with the MRO of another shift so handover stays consistent.
First 30 days
- Completed vulnerability-server training; have write access on the vulnerability UI
- Every active tail mapped to a maintenance-owner (no orphan tails)
- One full patch cycle executed end-to-end: advisory → schedule → apply → verify → close
- CMB notifications configured (email, Slack/Teams, duty-desk channel)
- One full SBOM audit for one tail, signed off
- Reviewed the CISA / avionics advisory feed; triaged at least one advisory with rationale
- Met the SOC analyst who escalates to you and agreed on a channel
Key screens
| Use case | Screen |
|---|---|
| Vulnerability backlog for my fleet | Compliance Dashboard · [SkyRay → Vulnerability Management] |
| Per-tail cyber-maintenance status | [SkyRay → Aircraft Asset View] |
| Plan / track patch windows | [Vulnerability UI → Patch Calendar] |
| External advisory feed | [Overwatch → CISA / Avionics Advisory Feed] |
| Software bill-of-materials per tail | [SkyRay → Aircraft Asset View → SBOM tab] |
When to escalate
| Situation | Who | How |
|---|---|---|
| Critical CVE, no patch, fleet exposure | CISO + Fleet Manager | Same call you'd make for a critical SB |
| Patch rollout failed; aircraft now degraded | Duty manager + SOC on-call | Availability impact, not a cyber call alone |
| Tail repeatedly shows the same exposure | CISO | Architectural, not maintenance |
| Vendor advisory contradicts CyViation guidance | CyViation TAM + CISO | Don't pick a side alone |
Glossary
Full list on the Glossary page. Key terms here: CMB, SBOM, CVE, out-of-cycle patch, risk acceptance.