Grimm, RüdigerVolkamer, MelanieKrimmer, RobertGrimm, Rüdiger2019-10-162019-10-162008978-3-88579-225-3https://dl.gi.de/handle/20.500.12116/29181Remote electronic voting systems are more and more used - not so much for parliamentary elections, but nevertheless for elections on lower levels as in associations and at universities. In order to have a basis for the evaluation and certification, in Germany a Common Criteria Protection Profile [PP08] is developed, which defines basic requirements for remote electronic voting systems. This Protection Profile requires a rather low evaluation depth (EAL2+). For elections on higher levels an appropriate adjustment of the evaluation depth is recommended. In its first part this paper points out that increasing the evaluation depth beyond EAL5 is not possible at present, since EAL6 requires formal methods and in particular a formal IT security model. Such a formal model does not exist yet. In the second part, this paper proposes a first step to an IT security model for remote electronic voting systems, which, however, considers only a subset of the security objectives defined in the Protection Profile [PP08].enText/Conference Paper1617-5468