The assurance activity indicates that “The evaluator shall examine the AGD guidance to verify that it describes how to query the current version of the MDM Server software and how to initiate updates.” This statement omits requiring guidance documentation explaining how to check the integrity of updates as required.

Also, the test assurance activity includes two cases: attempt to install signed and unsigned updates which should be successful and unsuccessful respectively.  These do not appear to match well with the requirement since Test 2 implies that the signature would be automatically checked and the update prevented (a feature not included in the requirement).

The guidance assurance activity should be modified as follows:

The evaluator shall examine the AGD guidance to verify that it describes how to query the current version of the MDM Server software, how to initiate updates, and how to check the integrity of updates prior to installation.

Test 2 should be rewritten as follows:

The evaluator shall follow available guidance to attempt to install an update not digitally signed by the vendor and verify that either the signature can be checked (allowing the update to be aborted) or the update is not installed.

The guidance documentation should describe how non-automatic integrity checks should be performed. Test 2 needs to be in alignment with the requirement, which does not require automatic integrity checks, and should test the ability to perform non-automatic integrity checks in accordance with the guidance documentation.