Security Controls guidance
The 'Security Controls' guidance document addresses the security controls and recommendations applicable to eDelivery's message exchange Use Case.
According to ISO 27001, controls are any administrative, managerial, technical, or legal methods that are used as safeguards and countermeasures to modify or manage information security risks. In this document, security controls represent the technical mechanisms to be put in place to ensure confidentiality and integrity and consequently address the security requirements extracted from the eIDAS regulation.
As the message exchange Use Case is closely linked to the Electronic Registered Delivery Service (ERDS), a trust service under the eIDAS regulation, this document maps the Qualified ERDS (QERDS) requirements to the security controls of eDelivery. In this document, the message exchange Use Case uses the AS4 messaging protocol, according to the eDelivery AS4 profile, without dynamic discovery i.e. without the Service Metadata Publisher (SMP) and the Service Metadata Locator (SML).
The eIDAS regulation defines Electronic Registered Delivery Service (ERDS) as a service that makes it possible to transmit data between third parties by electronic means and provides evidence relating to the handling of the transmitted data, including the proof of sending and receiving the data, and that protects transmitted data against the risk of loss, theft, damage or any unauthorised alterations.
Documentation
