PAe - safety requirements for e-health applications
accesskey _ mod _ content

Security requirements for e-health applications

17 september 2020

ENS Logo

The NCC published a guide on this type of developments in the context of the national security, which deals with measures to ensure the minimum security requirements in terms of the purpose of the implementation, architecture or the source code, among others.

The National Cryptologic centre (Opens in new window) has published the Guide CCN-STIC 857 safety requirements for e-health applications in the context of the NHIS (Opens in new window) , available at the public part of its portal, with the objective of assisting the developers of e-health applications to develop secure mobile applications.

Specifically, throughout this document aims to demonstrate the minimum requirements for the safe operation of an application of health, i.e. that aimed to work together in the detection, diagnosis, surveillance and treatment of a great variety of disorders, in the context of national security Scheme (NHIS). This includes what has been called a Definition of the problem of Safety (DPS), which identifies potential threat scenarios. Therefore, the objectives of the safety of mobile applications, their platforms and/or environments of deployment will be a result of the DPS.

In this regard, the various measures contained in the guide to ensure the minimum security requirements in applications, which must be paid by their manufacturers, are organized according to the following objectives:

  1. Proof of the purpose of implementation
  2. Proof of architecture
  3. Evidence of the source code
  4. Evidence of the third party software
  5. Proof of the implementation of cryptology
  6. Proof of the authentication
  7. Evidence of storage and data protection
  8. Proof of payment
  9. Evidence of specific interactions of the platform
  10. Evidence of the communication network
  11. Proof of resilience

It is noteworthy that the different scenarios of threat and the safety objectives set forth in this guide is based on the experience that the NCC has acquired over the years, in collaboration with other national and international institutions in the equivalent CCN-STIC guides (Opens in new window) the NCC and in other european and international documents.

Original source of news (Opens in new window)

  • Security