For now, if vendors updates the product to support new device, they always get the device tested on the latest RHEL version, which is not match the one in original cert(older). Customers can only see the original cert. So we are risky to support such updated devices as we don't know whether there would be issues when it runs on original RHEL version. To fill this gap, I would suggest to force vendor to get the updated device tested on the RHEL version which the original cert has. If it can only work well on latest RHEL, we need to file a kbase to remind the customer.
This is covered in the latest policy guide in "changes" of the hardware policies: https://hardware.redhat.com/doc/#sect-Policy_Guide-Hardware_Certification_Policies-Hardware_Policies