Commit ee7f5c60 authored by Mark Grayson's avatar Mark Grayson Committed by Aki Braun
Browse files

add enterprise KEV by administrator

parent b629b6a0

clauses/5.Requirements.md

+11 −3
Original line number Diff line number Diff line
@@ -51,9 +51,17 @@ The product shall implement automatic secure update before or during first use. 
* Verdict: The secure update completes successfully, the most recently fixed vulnerability is fixed, and the documentation includes all the required information => PASS, otherwise FAIL

* Evidence: Documentation of vulnerability handling, documentation of how to securely update the product, the report for the selected vulnerability, description of how to scan for the vulnerability, log of vulnerability scan results



#### 5.2.2.3 MI-KEVX: TODO a more enterprise-approprite mitigation aligned with KEVA

#### 5.2.2.3a MI-KEVE: Automatic secure update via administrator action before or during first use



Will be submitted by Mark Grayson (Cisco)

The product shall implement secure update by via administrator actions before or during first use.



* Reference: TR-NKEV

* Applicability: The product has software or firmware update capability and is administered by a professional network administrator.

* Objective: Prevent exploitation of known exploitable vulnerabilities at first use

* Preparation: Examine public or private vulnerability information sources and select a recently fixed vulnerability (preferably the most recently fixed)

* Activities: Follow the instructions for the administrator to receive and install the latest release,  use the product for the first time, scan the product to see if a recently fixed vulnerability has been fixed on the product, and examine the documentation for the required info

* Verdict: The secure update completes successfully, the most recently fixed vulnerability is fixed, and the documentation includes all the required information => PASS, otherwise FAIL

* Evidence: Documentation of vulnerability handling, documentation of how to securely update the product, the report for the selected vulnerability, description of how to scan for the vulnerability, log of vulnerability scan results



#### 5.2.2.4 MI-KEVM: Documentation of mitigation of known exploitable vulnerabilities
@@ -1312,7 +1320,7 @@ This clause lists all the mitigations necessary to meet requirements for each se 
  1. FDRP

  1. IPv6-1

  1. IPv6-2

  1. KEVX

  1. KEVE

  1. KEVD

  1. LMEM

  1. LOGG-1