Augmenting Patch-Management (ALC_PAM) in CC (A03a)
Patch-Management and how to maintain the level of assurance is one of the longest and challenging problems in the application of CC. The new Patch-Management concept based on an early version of ALC_PAM was augmented in one of secuvera’s CC project. The certification was recently finished, the certification body was Federal Office for Information Security (BSI). Sebastian Fritsch (secuvera) and Michael Meissner (BSI) will share insights from applying the ALC_PAM concept and discuss options for the future use.
Sebastian is one of the co-editors of the ISO project “Towards Creating an Extension for Patch Management for ISO/IEC 15408 and ISO/IEC 18045” and Michael is a certifier for the BSI (German Federal Office for Information Security) and is piloting Patch Management.