600.436 High-Assurance Systems
Fall 01/Development Process Assurance
23
Basic Flaw Remediation
¨The developer shall document the flaw remediation procedures (in a way that shall):
–describe the procedures used to track all reported security flaws in each release of the TOE
–require that a description of the nature and effect of each security flaw be provided, as well as the status of finding a correction to that flaw
–require that corrective actions be identified for each of the security flaws
–describe the methods used to provide flaw information, corrections and guidance on corrective actions to TOE users