"/ >

PAe - New Report of good practice on the profile of compliance in the declaration of applicability in the ENS
the accesskey _ mod _ content

New Report of good practice on the profile of compliance in the declaration of applicability in the ENS

05 July 2019

Logo national security Scheme

The report includes the procedure to define the declaration of applicability, the categorization of a system, the determination of the levels of security for dimension, category and implementation measures, examples and the profile of compliance.

The CERT from downtown National PKIX (CCN-CERT) has published a new report of good practices in the public part of its portal. document CCN-CERT BP / 14 (Opens in new window) aims to explain the procedure to define the declaration of applicability in the national security Scheme (NHIS).

The report includes the determination of the category of a system (primary, secondary or high), which is based on the valuation of the impact on the organization an incident affecting the security of the information or systems. Also, the document addresses the determination of safety levels depending on the dimension.

One of the main points is the determination of implementing measures necessary for the fulfilment of the basic principles and minimum requirements established in the ENS. In this sense, Annex II of the Royal Decree 3 / 2010 collects correspondence between the levels of security required in each dimension and security measures applicable.

The report concludes with a number of examples, a section devoted to the profile of compliance, shaped this by a set of security measures and its concrete implementation result of a risk analysis, as well as a decalogue recommendations.

Original source of the news (Opens in new window)

  • Security
General access point
 
General access point