Loading EN-304-621.md +22 −0 Original line number Diff line number Diff line Loading @@ -608,6 +608,28 @@ For medium risk: 1. Description of how to scan for the vulnerability 1. Log of vulnerability scan results #### 6.1.1.1 REQ-EXPLOIT-1ish from Uli **Preparation:** Program a test source providing an authentic and integrity correct update package.<br/> **Activities:** * Operate the test update server. * Study the technical documentation. * If needed activate the update mechanism and check whether the mechanism is configurable. * Check if the update mechanisms can be configured to check itself for updates, conduct the update on trigger, or runs at first use. * Configure the update mechanisms with respect to point in time of conduct. **Verdict:** * The technical documentation describes the update mechanism in sufficient practical detail to conduct the update. * The test update is operated as configured on action, prior, or as part of the first use. * The test update was operated as configured with respect to the point of time of conduct. **Supporting Evidence:** * References to document sections. * Screenshots from the update configurations and of the corresponding conducts. #### 6.1.1.2 REQ-EXPLOIT-2 **Objective:** Responsibility of OS level updgrades can be elsewhere outside of the system control.<br/> Loading Loading
EN-304-621.md +22 −0 Original line number Diff line number Diff line Loading @@ -608,6 +608,28 @@ For medium risk: 1. Description of how to scan for the vulnerability 1. Log of vulnerability scan results #### 6.1.1.1 REQ-EXPLOIT-1ish from Uli **Preparation:** Program a test source providing an authentic and integrity correct update package.<br/> **Activities:** * Operate the test update server. * Study the technical documentation. * If needed activate the update mechanism and check whether the mechanism is configurable. * Check if the update mechanisms can be configured to check itself for updates, conduct the update on trigger, or runs at first use. * Configure the update mechanisms with respect to point in time of conduct. **Verdict:** * The technical documentation describes the update mechanism in sufficient practical detail to conduct the update. * The test update is operated as configured on action, prior, or as part of the first use. * The test update was operated as configured with respect to the point of time of conduct. **Supporting Evidence:** * References to document sections. * Screenshots from the update configurations and of the corresponding conducts. #### 6.1.1.2 REQ-EXPLOIT-2 **Objective:** Responsibility of OS level updgrades can be elsewhere outside of the system control.<br/> Loading