Document Comparison
MPoC-Technical-FAQs-v1-6.pdf
→
MPoC-Technical-FAQs-v1_7.pdf
81% similar
18 → 19
Pages
6031 → 6208
Words
6
Content Changes
Content Changes
6 content changes. 15 administrative changes (dates, page numbers) hidden.
Added
p. 10
Q 17 [September 2025] Are there situations where an MPoC Product does not require full evaluation if changing laboratories for an annual checkpoint or implementation change evaluation? A A full evaluation is not required when changing laboratories during a 3-year listing period if the new laboratory has access to the full MPoC report. The new MPoC Laboratory may still determine aspects of the implementation require re-evaluation, even when a previous full evaluation report is provided.
Modified
p. 6
• Key management and change management processes have been followed, including any required key rotation processes, reseeding of DRNGs, etc,
• Key management and change management processes have been followed, including any required key rotation processes, reseeding of DRNGs, etc.,
Modified
p. 6
The MPoC Laboratory may need to perform additional testing, depending on the extent to which the MPoC Product has changed. It is expected that the MPoC Laboratory will review a sample of MPoC Applications to ensure ongoing compliance to the MPoC standard.
The MPoC Laboratory may need to perform additional testing, depending on the extent to which the MPoC Product has changed. It is expected that the MPoC Laboratory will review a sample of MPoC Applications to ensure ongoing compliance with the MPoC standard.
Modified
p. 9
Q 13 [November 2023] Can a ‘Calling Application’ interface to two or more MPoC Applications, or another MPOS application not in scope of MPoC validation? A Yes. MPoC validation covers all functionality provided by the MPoC Product under assessment. Calling applications are separate from the MPoC Application and interface to the MPoC Application through secure inter-application APIs (see Figure 3 of the MPoC Standard). A calling application is not in scope MPoC validation, and may interface to multiple MPoC Applications, …
Q 13 [November 2023] Can a ‘Calling Application’ interface to two or more MPoC Applications, or another MPOS application not in scope of MPoC validation? A Yes. MPoC validation covers all functionalities provided by the MPoC Product under assessment. Calling applications are separate from the MPoC Application and interface to the MPoC Application through secure inter-application APIs (see Figure 3 of the MPoC Standard). A calling application is not in scope of MPoC validation, and may interface to multiple MPoC …
Modified
p. 9
MPoC Applications listed as part of an MPoC Software product (not an MPoC Solution) must be developed by the MPoC Software vendor, and cannot be developed by another entity.
MPoC Applications listed as part of an MPoC Software product (not an MPoC Solution) must be developed by the MPoC Software vendor and cannot be developed by another entity.
Modified
p. 12
Q 9 [November 2023] Can access to security-flaw-reporting programs required in 1A-1.2 and 4A-3.2 of MPoC be restricted to certain groups, such as customers? A No. It is required that MPoC Vendors are able to receive and process security-flaw reports regardless of their origin. The process on how to deliver such security flaw reports must be publicly accessible, and clearly designated for this purpose. However, it is permissible to have more specific details of the program, such as outlines of …
Q 9 [November 2023] Can access to security-flaw-reporting programs required in 1A-1.2 and 4A-3.2 of MPoC be restricted to certain groups, such as customers? A No. It is required that MPoC Vendors are able to receive and process security-flaw reports regardless of their origin. The process on how to deliver such security flaw reports must be publicly accessible and clearly designated for this purpose. However, it is permissible to have more specific details of the program, such as outlines of …