Log in
logo

COUNTERING CYBER THREATS

Alert level
VERY HIGH
barra de nivel de alerta
barra-separadora

Law 11/2007 of 22 June, on the electronic access of citizens to Public Services established the National Security Scheme, approved by Royal Decree 3/2010 of 8 January, which purpose is to establish the principles and requirements of a security policy regarding the use of electronic means, to allow the adequate protection of information. Subsequently, Law 40/2015, of 1 October, the Legal Regime of the Public Sector, includes the National Security Scheme in Article 156 paragraph 2 in similar terms.

In 2015 the amendment of the National Security Scheme was published by the Royal Decree 951/2015, of 23 October, in response to the changing regulatory environment, in particular the European Union, of information technologies and experience of the implementation of the Scheme.

Systems must conform to the provisions of the said amendment within twentyfour months (November 5, 2017).

Among others, the following changes are made:

Article 11, continued security management as a key aspect that has to accompany the services available electronically.

Article 15, the requirement, objective and non - discriminatory, of qualified professionals to organizations providing security services to government.

Article 18, the use, proportionate to the category of the system and certain security level, those products that have certified the functionality, security related to the object of purchase.

Article 24 deployment procedures management of security incidents, and weaknesses in the elements of the information system.

Article 27, the formalization of security measures in a document called "statement of applicability" and the possibility of replacing safety measures for other compensatory where warranted documented.

Article 29, the figure of the "Technical Safety" governing aspects such as the report on the state of security, auditing of security, the accordance with the Scheme, the notification of security incidents, the acquisition of products security, cryptology used in the scope of the Scheme and safety requirements in outsourced environments, among others.

Article 35, express to the articulation of the necessary procedures for the collection and consolidation of information for references annual report security status, and bodies responsible for their implementation.

Article 36, notification to the National Cryptologic Centre (CCN) for those incidents having a significant impact on the security of information handled and services provided.

Article 37 necessary to investigate security incidents by the National Cryptologic Centre evidence.

Security Audits

The Article 34 of the ENS notes that the information systems referred to the royal decree will be subject to an ordinary regular audit, at least every two years, to verify compliance with the requirements of this National Security Scheme.

In extraordinary circumstances, such audit should be performed whenever significant changes occur in the information system, which may affect the required safety measures.

Accordance with ENS

The Article 41 states: "The bodies and Public Law Entities shall publicize the corresponding electronic declarations in accordance headquarters, and security badges that are creditors obtained regarding compliance with the National Security Scheme"

Go back

Esta web utiliza cookies, puedes ver nuestra política de cookies Si continuas navegando estás aceptándola Modificar configuración