600.436 High-Assurance Systems
Fall 01/Development Process Assurance
36
Assurance
Maintenance Plan
¨The developer shall provide an AM Plan (that shall)
–contain or reference a brief description of the TOE,
including the security
functionality it provides
–identify the certified version of the TOE, and shall
reference the evaluation
results
–reference the TOE component categorisation report for
the certified version of the TOE
–define the scope of changes to the TOE that are
covered by the plan
–describe the TOE life-cycle, and shall identify the
current plans for any new releases of the
TOE, together with a brief description
of any planned changes that are likely to have a significant security impact
–describe the assurance maintenance cycle, stating and
justifying the planned schedule
of AM audits and the target date of
the next re-evaluation of the TOE