Commit 27938c50 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Dropped the reference to product lifetime

parent a9fb11de

EN-304-625.md

+6 −4
Original line number Diff line number Diff line
@@ -594,11 +594,13 @@ Recognizing that there may be vulnerabilities discovered between the time that a 


The product shall be accompanied by documentation describing how the product may be securely updated, including how to update the product prior to, or as part of, first use.



  * Applicability: Product expected use is long enough to require updates and the product has firmware update capability

  * Applicability: Product has firmware update capability

  * Reference: ER-NKEV

  * Objective: Prevent exploitation of known exploited vulnerabilities at first use

  * Preparation: Examine public or private vulnerability information sources and select a representative sample of recently fixed vulnerabilities for the product and for its dependencies

  * Activities: On a new product, carry out the initial secure update, scan the product to see if a recently fixed vulnerabilities has been fixed on the product, and examine the documentation for the required info

  * Preparation: 

    1. Examine public or private vulnerability information sources and select a representative sample of recently fixed vulnerabilities for the product and for its dependencies

    1. Examine manufacturer's product update information

  * Activities: On a new product, scan the product to see if a recently fixed vulnerabilities has been fixed on the product, and examine the documentation for the required info

  * Verdict: The secure update completes successfully, the sample set of vulnerabilities is fixed, and the documentation includes all the required information => PASS, otherwise FAIL

  * Evidence: Documentation of vulnerability handling, documentation of how to securely update the product, the report for the selected vulnerabilities, description of how to scan for the vulnerabilities, log of vulnerability scan results
@@ -606,7 +608,7 @@ The product shall be accompanied by documentation describing how the product may 


The product shall implement automatic secure update by default before or during first use.



  * Applicability: Product expected use is long enough to require updates and the product has firmware update capability

  * Applicability: Product has firmware update capability

  * Reference: ER-NKEV

  * Objective: Prevent exploitation of known exploited vulnerabilities at first use

  * Preparation: Examine public or private vulnerability information sources and select a representative sample of recently fixed vulnerabilities for the product and for its dependencies