People are relying on services available electronically lend themselves in conditions of security equivalent to those who are close to personally administration offices. Furthermore, much of the information contained in the information systems of the AA.PP. and services are national strategic assets. The information and services are subjected to threats and risks from motivated actions or illicit, errors or mistakes and accidents or disasters.
The Law 11 / 2007, of 22 June, electronic access of citizens to public services
establishes principles and rights pertaining to security in relation to the right of citizens to communicate with the AA.PP. via electronic means; and their article 42 creates the National security Scheme.
The national security Scheme (NHIS)
, regulated by the Royal Decree 3 / 2010, of January 8th
determines the security policy to be applied in the use of electronic media. The ENS consists of the basic principles and minimum requirements for adequate protection of information. Will be implemented by the AA.PP. to ensure access, integrity, availability, authenticity, confidentiality, traceability and preservation of data, information and services used in electronic means that efforts in the exercise of its powers.
The ENS has been formulated by the light of the state of the art and the main referents in safety of information from the European Union, OCDE, national and international standardization, like in other countries, etc.
The ENS is the result of a work coordinated by the ministry of the presidency, currently assumed by the Ministry of Territorial Policy and Public Function, with the support of the National PKIX Centre (CCN) and the participation of all the AA.PP., through the collegiate bodies with responsibilities for electronic administration. They have been designed with the view of industry associations TIC sector.
The national security Scheme (NHIS) has the following objectives:
confidence in the use of electronic media, through measures to ensure the security of the information and electronic services, which allows citizens and public administrations, the exercise of rights and duties through these means.
Establish security policy
in the use of electronic media in the area of the law 11 / 2007, which shall be composed of the basic principles and minimum requirements for adequate protection of information.
Enter the common elements
to guide the performance of public administrations in safety of information technologies.
Make a common language
to facilitate interaction of public administrations, as well as the communication of the requirements of information security industry.
Contribute a homogeneous treatment
security that facilitate cooperation in the provision of services of electronic administration when participating various entities.
Facilitate a continuous treatment security
In the national security Scheme is conceived security as an integral activity, in which there can be no action punctual or cyclical treatments, due to the weakness of a system is determined by its point more fragile and often this point is the coordination between individual measures appropriate but poorly assembled.
Elements of the national security Scheme
The main elements of ENS are as follows:
The basic principles
to consider in decisions on security.
allow adequate protection of information.
- The mechanism for achieving compliance with the basic principles and minimum requirements through
the adoption of security measures provided
the nature of the information and services to protect.
audit of safety
security incident response
The main aspect of ENS is, without doubt, that all the higher bodies of the AA.PP. must have its security policy to be established in base to the basic principles and will run through the minimum requirements.
Its scope is set in the
article 2 of the Law 11 / 2007
of 22 June, electronic access of citizens to services Públicos.estarán excluded systems dealing with classified information regulated by law 9 / 1968 of 5 April, on official secrets, amended by Law 48 / 1978, 7 October and implementing rules.
Alignment with national security Scheme
In the interim provision of
Royal Decree 3 / 2010
articulates a phased mechanism to adjust to foreseen in the national security Scheme so that the systems of administrations must be appropriate to this scheme in timelines in no case exceeding 48 months since the entry into force of the same. the term of adequacy has expired on 30 January 2014.
The adequacy ordered to national security Scheme requires the treatment of the following issues:
Tools for suitability for the ENS
Tools to address the adequacy to ENS:
Monitor the adequacy to ENS
Royal Decree 3 / 2010
of 8 January (BOE of 29 January), which regulates the national security Scheme in the field of electronic administration.
Bugfixes of the royal decree 3 / 2010
, of January 8th, that regulates the national security Scheme in the field of electronic administration (BOE of 11 March).
Consolidated text Royal Decree 3 / 2010
of 8 January. (Includes bug fixes published on 11 March).
Royal Decree 951 / 2015, 23 October, to modify the Royal Decree 3 / 2010, of January 8th, that regulates the national security Scheme in the field of electronic administration.
Frequently Asked Questions
Frequently asked questions in relation to the national security Scheme (pdf)
Fill the form
to send your request for information.