"/>

PAe - Published the guides CCN-STIC on risk analysis to EELL and on the declaration and certification in accordance with the ENS
the accesskey _ mod _ content

Published the guides CCN-STIC on risk analysis to EELL and on the declaration and certification in accordance with the ENS

01 July 2019

Las guías CCN-STIC sobre el Análisis de Riesgos para Entidades Locales (882) y sobre la Declaración y Certificación de Conformidad con el ENS y Distintivos de Cumplimiento (809) acaban de hacerse públicas en el portal web del CCN-CERT.

The CCN-CERT (Opens in new window) National PKIX centre has published in the public part of its web portal two new guides on risk analysis for local entities and on policies and procedures for implementing measures in the national security Scheme (NHIS).

La Guía CCN-STIC 882 de Análisis de Riesgos para Entidades Locales

Regarding the CCN-STIC-882 guide (Opens in new window) develops the process of analysis and risk management using the tool Micro PILLAR (Opens in new window)  paso a paso, de manera que sirva de ayuda guiada para las personas responsables de realizar este análisis de riesgos en una Entidad Local para el cumplimiento del National security scheme (Opens in new window) (ENS) and General rules of data protection (Opens in new window) (RGPD).

Los requisitos generales de esta guía, que permite a las Entidades Locales realizar el análisis de manera independiente a su localización geográfica o tamaño, son disponer de la herramienta Micro PILAR en versión 7.3 o superior instalada y con la licencia adecuada para su funcionamiento, así como contar con un inventario de los servicios, datos, tratamientos de datos de carácter personal e infraestructura tecnológica actualizado de la institución.

Entre los principales contenidos que recoge la guía se encuentran la herramienta Pilar, el análisis de riesgos con Micro PILAR, el Esquema Nacional de Seguridad, el Reglamento General de Protección de Datos y un plan de tratamiento de riesgos.

Algunas de las ventajas que aporta la utilización de la herramienta PILAR son conocer los riesgos a fin de poder tratarlos, conocer el grado de cumplimiento de diferentes perfiles de seguridad e implementar la metodología Magerit

La Actualización de la Guía CCN-STIC 809 sobre declaración y certificación de conformidad con el ENS y distintivos de cumplimiento

Within the CCN-STIC-800 series (Opens in new window) , en la que se establece las políticas y procedimientos adecuados para la implementación de las medidas contempladas en el Esquema Nacional de Seguridad (ENS), se engloba esta nueva update of the guide CCN-STIC 809 (Opens in new window) . Addresses, as it could not be otherwise, items on the statement and certification in accordance with the ENS and the hallmarks of compliance.

Among the most prominent content of this new guide, first published in July 2010, are the criteria and procedures for determining the conformity with the ENS, the statement and certification in accordance, communication of certifications to CCN and its publication, as well as the Certification council national security Scheme (COCENS).

Of particular relevance is this last subparagraph, detailing various aspects concerning COCENS. This college under the CCN, was created with the main objective of helping the proper implementation of ENS and, consequently, to the best and most guarantor provision of public services, ultimate objectives of this Schema. As reflected in its terms of reference, including in this guide, the main functions of the board are as follows:

  1. To ensure proper implementation of the certification of ENS, taking the steps, in The Right, fall.
  2. Encourage the certification of conformity with the ENS in entities of their field of application of the public and private sectors.
  3. Propose for analysis and, in its case, write and publish rules, criteria or good practices in the certification of conformity with the ENS.
  4. Advise parties on methods, procedures, tools and criteria for certification of compliance with the ENS and, in general, with its introduction, guiding his management at the best service in the public sector and more and better collaboration with the private sector, manufacturers and suppliers of products or services.
  5. Advise parties involved in the identification of other schemas, arrangements or agreements, where the defense of the validity and mutual recognition of certificates issued will be of interest to the public and private sectors.
  6. Informar a sus Departamentos constituyentes y al Consejo Nacional de Ciberseguridad sobre el grado de implantación de la certificación de Conformidad con el Esquema Nacional de Seguridad.

Finally, the document includes two annexes with models of certification of conformity, where you can see the final aspect that would have a certification in accordance with the ENS.

Original source of the news (Guide 882) (Opens in new window)

Original source of the news (Guide 809) (Opens in new window)

  • Security
General access point
 
General access point