"/>

PAe - New Report of good practice on the profile of compliance in the declaration of applicability in the ENS
the accesskey _ mod _ content

New Report of good practice on the profile of compliance in the declaration of applicability in the ENS

05 July 2019

Logo national security Scheme

The report includes the procedure to define the declaration of applicability, the categorization of a system, the determination of the levels of security for dimension, category and implementation measures, examples and the profile of compliance.

El CERT del Centro Criptológico Nacional (CCN-CERT) ha publicado un nuevo Informe de Buenas Prácticas en la parte pública de su portal. El document CCN-CERT BP/14 (Opens in new window) aims to explain the procedure to define the declaration of applicability in the national security Scheme (NHIS).

El informe incluye la determinación de la categoría de un sistema (Básica, Media o Alta), la cual se basa en la valoración del impacto que tendría sobre la organización un incidente que afectara a la seguridad de la información o de los sistemas. Asimismo, el documento contempla la determinación de los niveles de seguridad en función de la dimensión.

One of the main points is the determination of implementing measures necessary for the fulfilment of the basic principles and minimum requirements established in the ENS. In this sense, Annex II of the Royal Decree 3/2010 collects correspondence between the levels of security required in each dimension and security measures applicable.

The report concludes with a number of examples, a section devoted to the profile of compliance, shaped this by a set of security measures and its concrete implementation result of a risk analysis, as well as a decalogue recommendations.

Original source of the news (Opens in new window)

  • Security
General access point
 
General access point