Overview of protection profiles, Technical Guidelines and testing standards for "eHealth"

BSI: Testing standards for the product assessor of the "ePA frontend of the insured person"
BSI-PV-ePA-eRp-FdV-2020, Version 2.0

BSI: Common Criteria Protection Profile Electronic Health Card Terminal (eHCT) ^[1.]
BSI-CC-PP-0032-V2-2015, Version 3.6

BSI: Common Criteria Protection Profile Mobile Card Terminal for the German Healthcare System (MobCT) ^[2.]
BSI-CC-PP-0052-2015, Version 1.4

BSI: Common Criteria Schutzprofil (Protection Profile) Schutzprofil 1:
Requirements for the network connector (NK-PP),
BSI-CC-PP-0047-2015,
Version 3.2.2
In the security target for the network connector, the "secure firmware update" must be included as a security functionality.

BSI: Common Criteria Protection Profile Card Operating System Generation 2 (PP COS G2),
BSI-CC-PP-0082-V2-2014 Version 1.9

BSI: Technical Guideline TR-03106, eHealth -- certification model for Generation G2 cards, Version 1.1

BSI: Technical Guideline TR-03143, eHealth G2-COS Consistency auditing tools,

BSI: Technical Guideline TR-03144, eHealth -- Proof of conformity for card products for Generation G2 cards, Version 1.1

BSI: Technical Guideline TR-03144 Annex, eHealth -- Security mechanisms in the environment of TR certification of G2 card products, Version 1.1

BSI: Sichere Kartenterminalidentität BSI-TR-03120 V1.1 TR 03120 provides guidance and describes requirements for physical card terminal protection. ^[3.]

^[1.] Note: For stationary Basis Command Set (BCS) card terminals in the Insured Master Data Management use case (VSDM), gematik will issue a time-limited approval. Approval is based on the criteria published by gematik and agreed with the BSI. Further information is available at www.gematik.de

^[2.] Note: gematik will grant approval for existing mobile eHealth card terminals that have already been approved by gematik in the past and now require new approval for the Insured Master Data Management (VSDM) use case provided that the mobile eHealth card terminals have successfully passed gematik's tests and can be shown to have undergone a complete, successful evaluation with a CC certificate in accordance with BSI-CC-PP-0052-2015, Version 1.4, without the test component delivery procedure (ALC_DEL). The authorisation will be linked to the period of validity of the certificate. The use of the existing, non-certified delivery procedures will be limited in time by gematik, at most until the planned end of the nationwide roll-out for the Insured Master Data Management VSDM use case.

^[3.] Note: TR 03120 provides guidance and describes requirements for physical card terminal protection. With regard to BSI Technical Guideline TR-03120, the following transitional agreement applies:

For stationary eHealth card terminals that received certification in line with PP-0032 before 1.1.2020, re-certification is possible using version 1.0 of TR-03120 together with version 1.0.2 of the annex to this TR:

• provided that the new firmware version increases the security of the card terminal (e.g. closing vulnerabilities or removing cryptographic algorithms and protocols that are no longer recommended) and
• with a maximum extension of the certificate term until the end of 2024.