This article is from the Computer Security Evaluation FAQ, by Trusted Product Evaluation Program TPEP@dockmaster.ncsc.mil.
The Rating Maintenance Phase (RAMP) Program was established to
provide a mechanism to extend the previous rating to a new
version of a previously evaluated computer system product.
RAMP seeks to reduce evaluation time and effort required to
maintain a rating by using the personnel involved in the
maintenance of the product to manage the change process and
perform Security Analysis. Thus, the burden of proof for RAMP
efforts lies with those responsible for system maintenance
(i.e., the vendor) instead of with an evaluation team.