@@ -50,7 +50,7 @@ The product shall be accompanied by documentation describing how the product can
#### 5.2.2.3 MI-KEVA: Automatic secure update before or during first use
The product shall implement automatic secure update by default before or during first use.
The product shall implement automatic secure update before or during first use.
* Reference: TR-NKEV
* Applicability: The product has software or firmware update capability
@@ -60,6 +60,10 @@ The product shall implement automatic secure update by default before or during
* Verdict: The secure update completes successfully, the most recently fixed vulnerability is fixed, and the documentation includes all the required information => PASS, otherwise FAIL
* Evidence: Documentation of vulnerability handling, documentation of how to securely update the product, the report for the selected vulnerability, description of how to scan for the vulnerability, log of vulnerability scan results
#### 5.2.2.3 MI-KEVX: TODO a more enterprise-approprite mitigation aligned with KEVA
Will be submitted by Mark Grayson (Cisco)
#### 5.2.2.4 MI-KEVM: Documentation of mitigation of known exploitable vulnerabilities
The product's development and release process shall include a process to document known exploitable vulnerabilities in the product and their fixes or mitigations. The documentation for this process shall conform with the process described in prEN 40000-1-3: "Cybersecurity requirements for products with digital elements – Vulnerability Handling" [\[2\]](#_ref_2). The product is deemed to be compliant with this requirement if it:
@@ -1259,7 +1263,7 @@ This clause lists all the mitigations necessary to meet requirements for each se
1. FDRP
1. IPv6-1
1. IPv6-2
1. KEVA
1. KEVX
1. KEVD
1. LMEM
1. LOGG-1
@@ -1317,7 +1321,7 @@ This clause lists all the mitigations necessary to meet requirements for each se
