The Federal Office for Information Security has published new versions of the Technical Guidelines for "Replacement Scanning" (RESISCAN) and the "Preservation of Evidence of Cryptographically Signed Documents" (TR-ESOR), developed with the support of ecsec, which provide the basis for efficient and secure digitalisation of business and public administration.
Secure digital administration processes thanks to RESISCAN, E-File, TR-ESOR & Co.
As part of the digitalisation strategy of the new German Federal Government, the electronic transaction processing in public administration (E-File) plays an important role. The Federal Government’s E-Government Act has already provided regulations for the "Electronic record-keeping" (§ 6 EGovG) and the "Conversion and destruction of the original paper document" (§ 7 EGovG) since 2013, whereby the systems and processes used must be protected using state-of-the-art security measures. The required and recommended measures are described in the relevant Technical Guidelines of the Federal Office for Information Security, such as BSI TR-03125 (TR-ESOR, "Preservation of Evidence of Cryptographically Signed Document ") and BSI TR-03138 (TR-RESISCAN, "Replacement Scanning"). With the support of ecsec both guidelines were recently updated and adapted, among other things, to the legal framework of the pan-European eIDAS-Regulation (EU) No 910/2014 and General Data Protection Regulation (GDPR) (EU) No 2016/679.
eIDAS-Regulation creates opportunities for secure and efficient digitalisation
Both the substituting scanning according to version 1.2 of BSI TR-03138 (RESISCAN) and the preservation of evidence of cryptographically signed documents in accordance with version 1.2.1 of BSI TR-03125 (TR-ESOR) result in organisational relief. Electronic seals that are assigned to legal persons can now, for example, be used in scanning processes to protect the integrity and evidence of scanned documents. These new options for the implementation of TR-RESISCAN have already been applied by first users in the federal administration, such as the Federal Railway Estate Authority – a federal authority within the scope of the Federal Ministry of Transport and Digital Infrastructure. Thus, the annually scanned 250,000 documents with 1.2 million pages no longer have to be archived in paper form, but can now be electronically stored and processed in an E-File.
"The Technical Guidelines of the Federal Office for Information Security provide the basis for the secure electronic handling of economical and administrative business processes," adds Dr. Detlef Hühnlein, CEO of ecsec GmbH. "We are very pleased that the opportunities for trustworthy digitalisation offered by the eIDAS-Regulation are increasingly being recognised and used by authorities."
The current version 1.2 of the BSI TR-03138 “Replacement Scanning” (RESISCAN) is available at https://resiscan.de and comprises in addition to the main document with the modular requirements catalogue, a test specification (Annex P), the result of a generic risk analysis (Annex A), answers to frequently asked questions (Annex F), non-binding legal advice on the use of TR-RESISCAN (Annex R) and an exemplary process instruction (Annex V).
The current version 1.2.1 of BSI TR-03125 “Preservation of Evidence of Cryptographically Signed Documents” (TR-ESOR) is available at https://tr-esor.de providing recommendations for a reference architecture including its processes, modules and interfaces as a concept of a Middleware, requirements for data, document and exchange formats for archive data objects and evidence data, as well as additional requirements for federal authorities and compliance rules for various levels of compliance