Publicité
Les langues disponibles
Les langues disponibles
I
I
I
Notes in accordance with VdS directives2156-2, 2386, 3169-1 and 3169-2
Management system for information security (ISMS)
If one or multiple servers with system-specific data saved or managed on them
are required for correct operation of the application, which are outside the sphe-
re of influence of the application operator, the operator of the server (third party)
must have a suitable and certified ISMS according to recognised standards (e.g.
VdS 3475, ISO 27001 etc.) for VdS-compliant operation of the application. The
manufacturer of the application must reference the ISMS certificate of the third
party in the documentation and list the type and scope of the data processing
and storage.
Measures against reverse engineering
High-order obfuscation: With 3-star applications, the source code must be
protected against reverse engineering via high-grade concealment mechanisms
(obfuscation). The obfuscation methods offered by the development system as
standard should not be used (exclusively).
Measures against loss of confidentiality
The confidentiality and integrity of the data transmitted via data networks must
be guaranteed. This must take place with suitable measures and algorithms
(e.g. HTTPS connections with current encryption methods and use of checksum
functions). HTTPS connections must be created with a minimum of a SHA-256
bit certificate signing algorithm. To avoid endangering the HTTPS connections,
protocols ≥ TLS 1.0 should be used. Outdated protocols < TLS 1.0 may not be
offered.
The manufacturer must list the applied methods and algorithms in the manufac-
turer documentation.
Certificates must be checked for validity. Only valid certificates may be used.
45
EN
Publicité
