Return to site
EUCC Scheme - Patch Management
December 2, 2020

The EUCC Scheme's vulnerability handling and disclosure processes are based on the ISO/IEC 30111 and ISO/IEC 29417 standards. However, as these standards cannot provide assurance on whether the developed and deployed remediation doesn't introduce new vulnerabilities and does not define any tasks for a third-party assessment body and its methodology, the EUCC Scheme adds a Patch Management method in order to cover these gaps.

Patch Management Process

The patch management approach of the EUCC scheme starts with discovering a previously undetected cybersecurity vulnerability related to the certified ICT product. A product may include a patch management mechanism assessed within its certification, and it may be based on the conditions defined under Patch management ISO SC27 WG3 Technical Report

"Extension for Patch Management for ISO 15408 and ISO 18045," or on the ISCI WG1 Proposal for new Security Assurance Requirements (SAR) components and Packages in CC for Patch Management.

Applying either of the above, during the initial certification, the manufacturer or provider of the ICT product will detail patching processes following the content and presentation requirements of the accepted patch management process, define the Target of Evaluation (TOE) boundaries when the Security Architecture (ADV_ARC) is included, and where it's not, and finally detail Patching mechanisms using the relevant work units of the chosen listed approach.

During the Remediation development phase of Vulnerability handling, the acceptable patch level (Level 1, 2, or 3 with potentially critical update flow) will be defined under the following conditions:

  • Patch Level 1 is to be applied where the TOE is part of a bigger ICT product, and product parts not affecting the TOE may be patched whenever required. 
  • Patch Level 2 is to be applied for minor changes.
  • Patch Level 3 consists of applying the already existing provisions, as defined by Assurance Continuity, for a major change.
  • Critical Update Flow process is an additional patch level to be applied for changes where an attack is already possible to be exploited, or where update is critical and needs to be released urgently.

If you want to learn more about the EUCC Scheme and Patch Management mechanism, get in touch with specialized experts.