AMA_EVD.1 Evidence of maintenance process
Dependencies:
AMA_AMP.1 Assurance maintenance plan
AMA_SIA.1 Sampling of security impact analysis
Developer action elements:
AMA_EVD.1.1D The developer security analyst shall provide AM documentation for the current version of the TOE.
Content and presentation of evidence elements:
AMA_EVD.1.1C The AM documentation shall include a configuration list and a list of identified vulnerabilities in the TOE.
AMA_EVD.1.2C The configuration list shall describe the configuration items that comprise the current version of the TOE.
AMA_EVD.1.3C The AM documentation shall provide evidence that the procedures documented or referenced in the AM Plan are being followed.
AMA_EVD.1.4C The list of identified vulnerabilities in the current version of the TOE shall show, for each vulnerability, that the vulnerability cannot be exploited in the intended environment for the TOE.
Evaluator action elements:
AMA_EVD.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
AMA_EVD.1.2E The evaluator shall confirm that the procedures documented or referenced in the AM Plan are being followed.
AMA_EVD.1.3E The evaluator shall confirm that the security impact analysis for the current version of the TOE is consistent with the configuration list.
AMA_EVD.1.4E The evaluator shall confirm that all changes documented in the security impact analysis for the current version of the TOE are within the scope of changes covered by the AM Plan.
AMA_EVD.1.5E The evaluator shall confirm that functional testing has been performed on the current version of the TOE, to a degree commensurate with the level of assurance being maintained.