600.436 High-Assurance Systems
Fall 01/Development Process Assurance
37
Assurance Maintenance Plan (cont)
¨The developer shall provide an AM Plan (that shall)
–identify the individual(s) who will assume the role of developer security analyst for the TOE
–describe how the developer security analyst role will ensure that the procedures documented or referenced in the AM Plan are followed
–describe how the developer security analyst role will ensure that all developer actions involved in the analysis of the security impact of changes affecting the TOE are performed correctly
–justify why the identified developer security analyst(s) have sufficient familiarity with the security target, functional specification and (where appropriate) high-level design of the TOE, and with the evaluation results and all applicable assurance requirements for the certified version of the TOE
–describe or reference the procedures to be applied to maintain the assurance in the TOE, which as a minimum shall include the procedures for configuration management, maintenance of assurance evidence, performance of the analysis of the security impact of changes affecting the TOE, and flaw remediation