600.436 High-Assurance Systems
Fall 01/Development Process Assurance
41
Evidence of Maintenance Process
¨The developer security analyst shall provide AM documentation for the current version of the TOE (that shall):
–include a configuration list and a list of identified vulnerabilities in the TOE
•The list of identified vulnerabilities in the current version of the TOE shall show, for each vulnerability, that the vulnerability cannot be exploited in the intended environment for the TOE
–describe the configuration items that comprise the current version of the TOE
–provide evidence that the procedures documented or referenced in the AM Plan are being followed