600.436 High-Assurance Systems
Fall 01/Development Process Assurance
37
Assurance
Maintenance Plan (cont)
¨The developer shall provide an AM Plan (that shall)
–identify the individual(s) who will assume the role
of developer security analyst for
the TOE
–describe how the developer security analyst role will
ensure that the procedures documented
or referenced in the AM Plan are followed
–describe how the developer security analyst role will
ensure that all developer actions
involved in the analysis of the security impact of changes affecting the TOE are performed correctly
–justify why the identified developer security
analyst(s) have sufficient familiarity
with the security target, functional specification and (where appropriate) high-level design of the TOE, and
with the evaluation results
and all applicable assurance requirements for the certified version of the TOE
–describe or reference the procedures to be applied to
maintain the assurance in the TOE,
which as a minimum shall include the procedures
for configuration management, maintenance of assurance evidence, performance of the analysis of the security
impact of changes affecting the
TOE, and flaw remediation