AMA_AMP.1 Assurance maintenance plan
Dependencies:
ACM_CAP.2 Configuration items
ALC_FLR.1 Basic flaw remediation
AMA_CAT.1 TOE component categorisation report
Developer action elements:
AMA_AMP.1.1D The developer shall provide an AM Plan.
Content and presentation of evidence elements:
AMA_AMP.1.1C The AM Plan shall contain or reference a brief description of the TOE, including the security functionality it provides.
AMA_AMP.1.2C The AM Plan shall identify the certified version of the TOE, and shall reference the evaluation results.
AMA_AMP.1.3C The AM Plan shall reference the TOE component categorisation report for the certified version of the TOE.
AMA_AMP.1.4C The AM Plan shall define the scope of changes to the TOE that are covered by the plan.
AMA_AMP.1.5C The AM Plan shall describe the TOE life-cycle, and shall identify the current plans for any new releases of the TOE, together with a brief description of any planned changes that are likely to have a significant security impact.
AMA_AMP.1.6C The AM Plan shall describe the assurance maintenance cycle, stating and justifying the planned schedule of AM audits and the target date of the next re-evaluation of the TOE.
AMA_AMP.1.7C The AM Plan shall identify the individual(s) who will assume the role of developer security analyst for the TOE.
AMA_AMP.1.8C The AM Plan shall describe how the developer security analyst role will ensure that the procedures documented or referenced in the AM Plan are followed.
AMA_AMP.1.9C The AM Plan shall describe how the developer security analyst role will ensure that all developer actions involved in the analysis of the security impact of changes affecting the TOE are performed correctly.
AMA_AMP.1.10C The AM Plan shall justify why the identified developer security analyst(s) have sufficient familiarity with the security target, functional specification and (where appropriate) high-level design of the TOE, and with the evaluation results and all applicable assurance requirements for the certified version of the TOE.
AMA_AMP.1.11C The AM Plan shall describe or reference the procedures to be applied to maintain the assurance in the TOE, which as a minimum shall include the procedures for configuration management, maintenance of assurance evidence, performance of the analysis of the security impact of changes affecting the TOE, and flaw remediation.
Evaluator action elements:
AMA_AMP.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
AMA_AMP.1.2E The evaluator shall confirm that the proposed schedules for AM audits and re-evaluation of the TOE are acceptable and consistent with the proposed changes to the TOE.