"/ >

PAe - Published the guides CCN-STIC on risk analysis to EELL and on the declaration and certification in accordance with the ENS
the accesskey _ mod _ content

Published the guides CCN-STIC on risk analysis to EELL and on the declaration and certification in accordance with the ENS

01 July 2019

Las guías CCN-STIC sobre el Análisis de Riesgos para Entidades Locales (882) y sobre la Declaración y Certificación de Conformidad con el ENS y Distintivos de Cumplimiento (809) acaban de hacerse públicas en el portal web del CCN-CERT.

The CCN-CERT (Opens in new window)  del Centro Criptológico Nacional ha publicado en la parte pública de su portal web dos nuevas guías sobre análisis de riesgos para entidades locales y sobre políticas y procedimientos adecuados para la implementación de las medidas contempladas en el Esquema Nacional de Seguridad (ENS).

La Guía CCN-STIC 882 de Análisis de Riesgos para Entidades Locales

Regarding the CCN-STIC-882 guide (Opens in new window)  desarrolla el proceso de Análisis y Gestión de Riesgos utilizando la herramienta Micro  PILLAR (Opens in new window)  paso a paso, de manera que sirva de ayuda guiada para las personas responsables de realizar este análisis de riesgos en una Entidad Local para el cumplimiento del National security scheme (Opens in new window) (ENS) and General rules of data protection (Opens in new window) (RGPD).

The general requirements of this guide, which allows local entities carry out analysis independently to its geographical location or size, are available Micro pillar tool version 7.3 or higher installed and with the appropriate license for its operation, as well as an inventory of services, data, treatment of personal data and technological infrastructure updated of the institution.

Among the main content that contains the guide are the tool pillar, risk analysis with Micro-pillar, the national security Scheme, the General Rules of data protection and a treatment plan risks.

Some of the advantages that makes use of the tool pillar are know the risks to treat them, knowing the degree of fulfilment of different profiles of security and implement the methodology Magerit

La Actualización de la Guía CCN-STIC 809 sobre declaración y certificación de conformidad con el ENS y distintivos de cumplimiento

Within the CCN-STIC-800 series (Opens in new window) , en la que se establece las políticas y procedimientos adecuados para la implementación de las medidas contempladas en el Esquema Nacional de Seguridad (ENS), se engloba esta nueva update of the guide CCN-STIC 809 (Opens in new window) . Aborda, como no podía ser de otra forma, temas sobre la declaración y certificación de conformidad con el ENS y los distintivos de cumplimiento.

Among the most prominent content of this new guide, first published in July 2010, are the criteria and procedures for determining the conformity with the ENS, the statement and certification in accordance, communication of certifications to CCN and its publication, as well as the Certification council national security Scheme (COCENS).

Of particular relevance is this last subparagraph, detailing various aspects concerning COCENS. This college under the CCN, was created with the main objective of helping the proper implementation of ENS and, consequently, to the best and most guarantor provision of public services, ultimate objectives of this Schema. As reflected in its terms of reference, including in this guide, the main functions of the board are as follows:

  1. To ensure proper implementation of the certification of ENS, taking the steps, in The Right, fall.
  2. Alentar los procesos de Certificación de la Conformidad con el ENS en las entidades de su ámbito subjetivo de aplicación, de los sectores público y privado.
  3. Propose for analysis and, in its case, write and publish rules, criteria or good practices in the certification of conformity with the ENS.
  4. Advise parties on methods, procedures, tools and criteria for certification of compliance with the ENS and, in general, with its introduction, guiding his management at the best service in the public sector and more and better collaboration with the private sector, manufacturers and suppliers of products or services.
  5. Advise parties involved in the identification of other schemas, arrangements or agreements, where the defense of the validity and mutual recognition of certificates issued will be of interest to the public and private sectors.
  6. Inform its constituent Departments and the national council of cybersecurity on the degree of implementation of the certification in accordance with national security Scheme.

Por último, el documento incluye dos anexos con los modelos de certificación de conformidad, en los que se puede ver el aspecto final que tendría una Certificación de Conformidad con el ENS.

Original source of the news (Guide 882) (Opens in new window)

Original source of the news (Guide 809) (Opens in new window)

  • Security
General access point
 
General access point