the accesskey _ mod _ content

Introduction

People are relying on services available electronically lend themselves in conditions of security equivalent to those who are close to personally administration offices. Furthermore, much of the information contained in the information systems of the AA.PP. and services are national strategic assets. The information and services are subjected to threats and risks from motivated actions or illicit, errors or mistakes and accidents or disasters.

The Law 11 / 2007, of 22 June, electronic access of citizens to public services (Opens in new window) , establece principios y derechos relativos a la seguridad en relación con el derecho de los ciudadanos a comunicarse con las AA.PP. a través de medios electrónicos; y su artículo 42 crea el Esquema Nacional de Seguridad.

The national security Scheme (NHIS) , regulated by the Royal Decree 3 / 2010, of January 8th (Opens in new window) determines the security policy to be applied in the use of electronic media. The ENS consists of the basic principles and minimum requirements for adequate protection of information. Will be implemented by the AA.PP. to ensure access, integrity, availability, authenticity, confidentiality, traceability and preservation of data, information and services used in electronic means that efforts in the exercise of its powers.

The ENS has been formulated by the light of the state of the art and the main referents in safety of information from the European Union, OCDE, national and international standardization, like in other countries, etc.

The ENS is the result of a work coordinated by the ministry of the presidency, currently assumed by the Ministry of Territorial Policy and Public Function, with the support of the National PKIX Centre (CCN) and the participation of all the AA.PP., through the collegiate bodies with responsibilities for electronic administration. They have been designed with the view of industry associations TIC sector.

Goals

El Esquema Nacional de Seguridad (ENS) persigue los siguientes objetivos :

  • Create conditions confidence in the use of electronic media, through measures to ensure the security of the information and electronic services, which allows citizens and public administrations, the exercise of rights and duties through these means.
  • Establish security policy en la utilización de medios electrónicos en el ámbito de la Ley 11/2007, que estará constituida por los principios básicos y los requisitos mínimos para una protección adecuada de la información.
  • Enter the common elements que han de guiar la actuación de las Administraciones públicas en materia de seguridad de las tecnologías de la información.
  • Make a common language to facilitate interaction of public administrations, as well as the communication of the requirements of information security industry.
  • Contribute a homogeneous treatment de la seguridad que facilite la cooperación en la prestación de servicios de administración electrónica cuando participan diversas entidades.
  • Facilitate a continuous treatment security .

En el Esquema Nacional de Seguridad se concibe la seguridad como una actividad integral, en la que no caben actuaciones puntuales o tratamientos coyunturales, debido a que la debilidad de un sistema la determina su punto más frágil y, a menudo, este punto es la coordinación entre medidas individualmente adecuadas pero deficientemente ensambladas.

Elements of the national security Scheme

The main elements of ENS are as follows:

  • The basic principles to consider in decisions on security.
  • The minimum requirements allow adequate protection of information.
  • The mechanism for achieving compliance with the basic principles and minimum requirements through the adoption of security measures provided a la naturaleza de la información y los servicios a proteger.
  • The electronic communications .
  • The audit of safety .
  • The security incident response .
  • The security certification .
  • The line .

The main aspect of ENS is, without doubt, that all the higher bodies of the AA.PP. must have its security policy to be established in base to the basic principles and will run through the minimum requirements.

Scope

Its scope is set in the article 2 of the Law 11 / 2007 (Opens in new window) of 22 June, electronic access of citizens to services Públicos.estarán excluded systems dealing with classified information regulated by law 9 / 1968 of 5 April, on official secrets, amended by Law 48 / 1978, 7 October and implementing rules.

Alignment with national security Scheme

In the interim provision of Royal Decree 3 / 2010 (Opens in new window) se articula un mecanismo escalonado para la adecuación a lo previsto en el Esquema Nacional de Seguridad de manera que los sistemas de las administraciones deberán estar adecuados a este Esquema en unos plazos en ningún caso superiores a 48 meses desde la entrada en vigor del mismo. El plazo de adecuación ha vencido el 30 de enero de 2014.

The adequacy ordered to national security Scheme requires the treatment of the following issues:

ENS alignment to the figure

Changing ENS

Royal Decree 3 / 2010 , de 8 de enero (BOE de 29 de enero), por el que se regula el Esquema Nacional de Seguridad en el ámbito de la administración electrónica.

Bugfixes of the royal decree 3 / 2010 , de 8 de enero, por el que se regula el Esquema Nacional de Seguridad en el ámbito de la Administración Electrónica (BOE de 11 de marzo).

external link   Consolidated text Royal Decree 3 / 2010 , de 8 de enero. (Incluye corrección de errores publicada el día 11 de marzo).

external link Royal Decree 951 / 2015, 23 October, to modify the Royal Decree 3 / 2010, of January 8th, that regulates the national security Scheme in the area of E-government. (Opens in new window)

More information

Fill the form Contact (Opens in new window) to send your request for information.

General access point
General access point