CWA and CovPass: Two Years of Pandemic-Related Security Assessments
During the COVID-19 pandemic many digital solutions for controlling and managing the pandemic situation have been introduced. In Germany, the most popular ones are the contact tracing application Corona-Warn-App as well as the German vaccination certificate app CovPass. Due to the high confidentiality of the data at stake (the personal health data), data security and IT security in general are extremely critical in the context of these applications. The Federal Office For Information Security (Bundesamt für Sicherheit in der Informationstechnik - BSI) was commissioned to conduct security assessments in parallel to the development of these applications, which are published by the Robert-Koch-Institut (RKI).
Together with ERNW, the Federal Office for Information Security has been running security assessments on the Corona-Warn-App and the German vaccination certificate application for about two years. In this talk, Pascal Jeschke (BSI) and Dennis Heinze (ERNW) will provide insights into the procedures and CC of the assessment. Moreover, they will talk about the results and draw a conclusion about the past two years of the pandemic-related applications.