the accesskey _ mod _ content

Introduction

People are relying on services available electronically lend themselves in conditions of security equivalent to those who are close to personally administration offices. Furthermore, much of the information contained in the information systems of the AA.PP. and services are national strategic assets. The information and services are subjected to threats and risks from motivated actions or illicit, errors or mistakes and accidents or disasters.

The Law 11 / 2007, of 22 June, electronic access of citizens to public services (Opens in new window) establishes principles and rights pertaining to security in relation to the right of citizens to communicate with the AA.PP. via electronic means; and their article 42 creates the National security Scheme.

The national security Scheme (NHIS) , regulated by the Royal Decree 3 / 2010, of January 8th (Opens in new window) determines the security policy to be applied in the use of electronic media. The ENS consists of the basic principles and minimum requirements for adequate protection of information. Will be implemented by the AA.PP. to ensure access, integrity, availability, authenticity, confidentiality, traceability and preservation of data, information and services used in electronic means that efforts in the exercise of its powers.

The ENS has been formulated by the light of the state of the art and the main referents in safety of information from the European Union, OCDE, national and international standardization, like in other countries, etc.

The ENS is the result of a work coordinated by the ministry of the presidency, currently assumed by the Ministry of Territorial Policy and Public Function, with the support of the National PKIX Centre (CCN) and the participation of all the AA.PP., through the collegiate bodies with responsibilities for electronic administration. They have been designed with the view of industry associations TIC sector.

Goals

The national security Scheme (NHIS) has the following objectives:

  • Create conditions confidence in the use of electronic media, through measures to ensure the security of the information and electronic services, which allows citizens and public administrations, the exercise of rights and duties through these means.
  • Establish security policy in the use of electronic media in the area of the law 11 / 2007, which shall be composed of the basic principles and minimum requirements for adequate protection of information.
  • Enter the common elements to guide the performance of public administrations in safety of information technologies.
  • Make a common language to facilitate interaction of public administrations, as well as the communication of the requirements of information security industry.
  • Contribute a homogeneous treatment security that facilitate cooperation in the provision of services of electronic administration when participating various entities.
  • Facilitate a continuous treatment security .

In the national security Scheme is conceived security as an integral activity, in which there can be no action punctual or cyclical treatments, due to the weakness of a system is determined by its point more fragile and often this point is the coordination between individual measures appropriate but poorly assembled.

Elements of the national security Scheme

The main elements of ENS are as follows:

  • The basic principles to consider in decisions on security.
  • The minimum requirements allow adequate protection of information.
  • The mechanism for achieving compliance with the basic principles and minimum requirements through the adoption of security measures provided the nature of the information and services to protect.
  • The electronic communications .
  • The audit of safety .
  • The security incident response .
  • The security certification .
  • The line .

The main aspect of ENS is, without doubt, that all the higher bodies of the AA.PP. must have its security policy to be established in base to the basic principles and will run through the minimum requirements.

Scope

Its scope is set in the article 2 of the Law 11 / 2007 (Opens in new window) of 22 June, electronic access of citizens to services Públicos.estarán excluded systems dealing with classified information regulated by law 9 / 1968 of 5 April, on official secrets, amended by Law 48 / 1978, 7 October and implementing rules.

Alignment with national security Scheme

In the interim provision of Royal Decree 3 / 2010 (Opens in new window) articulates a phased mechanism to adjust to foreseen in the national security Scheme so that the systems of administrations must be appropriate to this scheme in timelines in no case exceeding 48 months since the entry into force of the same. the term of adequacy has expired on 30 January 2014.

The adequacy ordered to national security Scheme requires the treatment of the following issues:

ENS alignment to the figure

Changing ENS

Royal Decree 3 / 2010 of 8 January (BOE of 29 January), which regulates the national security Scheme in the field of electronic administration.

Bugfixes of the royal decree 3 / 2010 , of January 8th, that regulates the national security Scheme in the field of electronic administration (BOE of 11 March).

external link   Consolidated text Royal Decree 3 / 2010 of 8 January. (Includes bug fixes published on 11 March).

external link Royal Decree 951 / 2015, 23 October, to modify the Royal Decree 3 / 2010, of January 8th, that regulates the national security Scheme in the field of electronic administration. (Opens in new window)

More information

Fill the form Contact (Opens in new window) to send your request for information.

General access point
General access point