The National Cryptologic centre has published the Guide CCN-STIC 857 safety requirements for e-health applications in the context of the NHIS , available at the public part of its portal, with the objective of assisting the developers of e-health applications to develop secure mobile applications.
Specifically, throughout this document aims to demonstrate the minimum requirements for the safe operation of an application of health, i.e. that aimed to work together in the detection, diagnosis, surveillance and treatment of a great variety of disorders, in the context of national security Scheme (NHIS). This includes what has been called a Definition of the problem of Safety (DPS), which identifies potential threat scenarios. Therefore, the objectives of the safety of mobile applications, their platforms and/or environments of deployment will be a result of the DPS.
In this regard, the various measures contained in the guide to ensure the minimum security requirements in applications, which must be paid by their manufacturers, are organized according to the following objectives:
- Proof of the purpose of implementation
- Proof of architecture
- Evidence of the source code
- Evidence of the third party software
- Proof of the implementation of cryptology
- Proof of the authentication
- Evidence of storage and data protection
- Proof of payment
- Evidence of specific interactions of the platform
- Evidence of the communication network
- Proof of resilience
It is noteworthy that the different scenarios of threat and the safety objectives set forth in this guide is based on the experience that the NCC has acquired over the years, in collaboration with other national and international institutions in the equivalent CCN-STIC guides the NCC and in other european and international documents.