"/>

PAe - New Report of good practice on the profile of compliance in the declaration of applicability in the ENS
the accesskey _ mod _ content

New Report of good practice on the profile of compliance in the declaration of applicability in the ENS

05 July 2019

Logo national security Scheme

The report includes the procedure to define the declaration of applicability, the categorization of a system, the determination of the levels of security for dimension, category and implementation measures, examples and the profile of compliance.

El CERT del Centro Criptológico Nacional (CCN-CERT) ha publicado un nuevo Informe de Buenas Prácticas en la parte pública de su portal. El document CCN-CERT BP/14 (Opens in new window) aims to explain the procedure to define the declaration of applicability in the national security Scheme (NHIS).

The report includes the determination of the category of a system (primary, secondary or high), which is based on the valuation of the impact on the organization an incident affecting the security of the information or systems. Also, the document addresses the determination of safety levels depending on the dimension.

One of the main points is the determination of implementing measures necessary for the fulfilment of the basic principles and minimum requirements established in the ENS. In this sense, Annex II of the Royal Decree 3/2010 collects correspondence between the levels of security required in each dimension and security measures applicable.

El informe finaliza con una serie de ejemplos, un apartado dedicado al perfil de cumplimiento, conformado este por un conjunto de medidas de seguridad y su implementación concreta resultado de un análisis de riesgos, así como un decálogo de recomendaciones.

Original source of the news (Opens in new window)

  • Security
General access point
 
General access point