Objectives
The aim of this family of requirements is to establish confidence that the assurance in the TOE is being maintained by the developer, in accordance with the AM Plan. This is achieved through the provision of evidence which demonstrates that the assurance in the TOE has been maintained, which is independently checked by an evaluator. This check, termed an `AM audit', is periodically applied during the lifetime of the AM Plan.
Component levelling
This family contains only one component.
Application notes
This family includes some evidence requirements that are similar to assurance requirements defined in the ACM, ATE and AVA classes. However, the AM audit does not require the evaluators to examine the evidence to the same extent as required by the components in these classes; rather, it requires a sampling approach to establish confidence that the assurance maintenance procedures are being followed correctly.
As part of the AM audit, the evaluators check (by sampling) that the configuration list and security impact analysis are consistent for the current version of the TOE, in terms of their identification of the TOE components that have changed from the certified version of the TOE.
AMA_EVD.1.3C requires the provision of evidence that the assurance maintenance procedures in the AM Plan are being followed. This covers all procedures referred to in AMA_AMP.1.11C, i.e. evidence of application of procedures relating to configuration management, maintenance of assurance evidence, performance of security impact analysis, and flaw remediation.
The evidence required in AMA_EVD.1.4C includes the provision of a list of identified vulnerabilities in the current version of the TOE. This is highlighted as a separate requirement because of the importance of ensuring, to a level consistent with the original evaluation assurance requirements, that the current version contains no security weakness that are exploitable within the TOE environment. The list in AMA_EVD.1.4C should include vulnerabilities arising from:
a) the developer's analysis required by AVA_VLA.1, or higher component (if required for the certified version of the TOE);
b) any other reported security flaws handled by the flaw remediation procedures required by ALC_FLR.1(or ALC_FLR.2 if required for the certified version of the TOE).
AMA_EVD.1.5E requires the evaluators to confirm that functional testing has been performed on the current version of the TOE, and that the coverage and depth of testing is commensurate with the level of assurance being maintained. This check is performed by sampling the test documentation for the current version of the TOE.