@@ -594,7 +594,7 @@ Recognizing that there may be vulnerabilities discovered between the time that a
The product shall be accompanied by documentation describing how the product may be securely updated, including how to update the product prior to, or as part of, first use.
* Applicability: Product expected use is long enough to require updates
* Applicability: Product expected use is long enough to require updates and the product has firmware update capability
* Reference: ER-NKEV
* Objective: Prevent exploitation of known exploited vulnerabilities at first use
* Preparation: Examine public or private vulnerability information sources and select a representative sample of recently fixed vulnerabilities for the product and for its dependencies
@@ -606,7 +606,7 @@ The product shall be accompanied by documentation describing how the product may
The product shall implement automatic secure update by default before or during first use.
* Applicability: Product expected use is long enough to require updates
* Applicability: Product expected use is long enough to require updates and the product has firmware update capability
* Reference: ER-NKEV
* Objective: Prevent exploitation of known exploited vulnerabilities at first use
* Preparation: Examine public or private vulnerability information sources and select a representative sample of recently fixed vulnerabilities for the product and for its dependencies
