Commit c25d5b7f authored by Marvin Petzolt's avatar Marvin Petzolt Committed by Aki Braun
Browse files

HAS 69: Added deferral to 5.2.4.4

parent ec02599f

clauses/5.Requirements.md

+9 −3
Original line number Diff line number Diff line
@@ -211,13 +211,19 @@ The product shall provide a method of securely updating any software in the prod 


#### 5.2.4.4 MI-SUAP: Automatic secure update via product



The product shall provide a method of automatically securely updating any software in the product via the product itself with an option for the user or administrator to disable automatic updates.

The product shall provide a method of automatically securely updating any software in the product via the product itself with an option for the user or administrator to disable or defer automatic updates.



* Reference: TR-SCUD

* Objective: Prevent exploitation of known vulnerabilities

* Preparation: Prepare an update for each part of the product that can be updated with a different version number from the currently installed product version

* Activities: Check the versions of all parts of the product that can be updated, create the conditions that allow automatic secure update to occur, check the versions again, then repeat except disabling automatic updates

* Verdict: For the first test, the second versions read are that of the new product update, and for the second test with automatic updates disabled, the second versions read are the same as the first versions read => PASS, otherwise FAIL

* Activities: Check the versions of all parts of the product that can be updated, create the conditions that allow automatic secure update to occur. Then execute the same setup for all the tests:

  1. install the update, record the version again

  1. defer the update, wait the deferral period, relaunch the product, observe any update popups, install the update, record the version again

  1. disabling automatic updates, record the product version

* Verdict:  If all the following verdicts conclude => PASS, otherwise FAIL

  1. For the first test, the second versions read are that of the new product update

  1. For the second test, after deferral of the update, the product reads the same product version. After the deferral period, the update is prompted again. Once installed, versions read are that of the new product update

  1. For the third test with automatic updates disabled, the versions read are the same as the first versions

* Evidence: New update version numbers, and log of querying the product parts' versions, installing the update, and querying the versions again



#### 5.2.4.5 MI-SUOE: Secure update provided by operational environment