600.436 High-Assurance Systems
Fall 01/Development Process Assurance
41
Evidence of
Maintenance Process
¨The developer security analyst shall provide AM documentation for the current version of the TOE (that shall):
–include a configuration list and a list of identified
vulnerabilities in the TOE
•The list of identified vulnerabilities in the current
version of the TOE shall show, for each
vulnerability, that the vulnerability
cannot be exploited in the intended environment
for the TOE
–describe the configuration items that comprise the current version of the TOE
–provide evidence that the procedures documented or referenced in the AM Plan are being followed