"/>

PAe - safety requirements for applications eHealth
the accesskey _ mod _ content

Security requirements for applications eHealth

17 September 2020

ENS Logo

El CCN publica una guía sobre este tipo de desarrollos en el contexto del Esquema Nacional de Seguridad, donde se recogen medidas para garantizar los requisitos mínimos de seguridad en función de la finalidad de la aplicación, la arquitectura o el código fuente, entre otros.

The National PKIX centre (Opens in new window) has published the Guide CCN-STIC 857 security requirements for eHealth applications in the context of ENS (Opens in new window) available in the public part of its portal, with the aim of helping developers to develop eHealth secure mobile applications.

Specifically, throughout this document aims to highlight the minimum requirements for the safe operation of an application of health, i. e. destined to collaborate in the detection, diagnosis, monitoring and treatment of an enormous variety of pathologies, in the context of national security Scheme (NHIS). for this, includes what has been called a definition of security problem (DPS), which identifies the possible scenarios of threat. Therefore, the objectives of security of mobile applications, their platforms and/or deployment environments will be a consequence of the DPS.

En este sentido, las diferentes medidas recogidas en la Guía para garantizar los requisitos mínimos de seguridad en las aplicaciones, los cuales deben ser satisfechos por sus fabricantes, están organizadas en función de los siguientes Objetivos de Seguridad:

  1. Proof of the purpose of the application
  2. Proof of the architecture
  3. Test of source code
  4. Test of third party software
  5. Proof of the implementation of cryptology
  6. Authentication test
  7. Test of storage and data protection
  8. Proof of payment resources
  9. Proof of specific interactions of the platform
  10. Test of the network communication
  11. Test the resilience

It is noteworthy that the different scenarios of threat and security objectives outlined in this guide are based on the experience the CCN has gained over the years, in collaboration with other national and international institutions peers, in the CCN-STIC guides (Opens in new window) the CCN and other European and international documents.

Original source of the news (Opens in new window)

  • Security