The National PKIX centre has published the Guide CCN-STIC 857 security requirements for eHealth applications in the context of ENS available in the public part of its portal, with the aim of helping developers to develop eHealth secure mobile applications.
Specifically, throughout this document aims to highlight the minimum requirements for the safe operation of an application of health, i. e. destined to collaborate in the detection, diagnosis, monitoring and treatment of an enormous variety of pathologies, in the context of national security Scheme (NHIS). for this, includes what has been called a definition of security problem (DPS), which identifies the possible scenarios of threat. Therefore, the objectives of security of mobile applications, their platforms and/or deployment environments will be a consequence of the DPS.
En este sentido, las diferentes medidas recogidas en la Guía para garantizar los requisitos mínimos de seguridad en las aplicaciones, los cuales deben ser satisfechos por sus fabricantes, están organizadas en función de los siguientes Objetivos de Seguridad:
- Proof of the purpose of the application
- Proof of the architecture
- Test of source code
- Test of third party software
- Proof of the implementation of cryptology
- Authentication test
- Test of storage and data protection
- Proof of payment resources
- Proof of specific interactions of the platform
- Test of the network communication
- Test the resilience
It is noteworthy that the different scenarios of threat and security objectives outlined in this guide are based on the experience the CCN has gained over the years, in collaboration with other national and international institutions peers, in the CCN-STIC guides the CCN and other European and international documents.