"/ >

PAe - update of the national security scheme in electronic administration
the accesskey _ mod _ content

Update of the national security scheme in electronic administration

23 October 2015

ENS Logo

Updates the national security Scheme to strengthen the protection of public administrations against cyber threats, through adaptation to the rapid evolution of technologies, the lessons learned from the implantation of the same and context international and European regulatory.

El Consejo de Ministros ha aprobado un Real Decreto que modifica otro Real Decreto del 8 de enero de 2010, por el que se regula el Esquema Nacional de Seguridad en el ámbito de la Administración Electrónica.

The object of the rule is to strengthen the protection of public administrations off the "cyber threats" through alignment with the rapid evolution of technologies, taking into account the experience in the implementation of the national security scheme from 2010. Furthermore, allows you to adjust the current regulations context international and European regulatory, particularly foreseen in a Community regulation 2014 regarding electronic identification and services of confidence for electronic transactions in the internal market. In short, it is providing the National security Scheme of the necessary mechanisms to improve the security response technological systems.

Therefore, modifies the laws for protection against cyber threats reinforcing trust services and protection for electronic transactions. The systems must comply with the provisions of the present modification within a period of 24 months.

The effort made to the update of the national security Scheme responds to the Goal I of the strategy of National Cyber regarding "to ensure that the information and telecommunications systems that use public administrations have the appropriate level of cybersecurity and resilience", as well as the general principles under the law of Legal Regime of the public Sector, which relate to security as a key element in the interaction of public administrations by electronic means

For this, is entered into the national security Scheme, among others, the following additional steps:

  • In Article 11, continuous management of security as a key aspect to accompany the services available electronically 24 hours a day.
  • Article 15, the demand, objectively and non-discriminatory, qualified professional organizations that provide security services to public administrations.
  • In Article 18, use, proportionately to the category of the system and safety level certain, those products that are certified the functionality of security related to the object of acquisition.
  • En el artículo 24, el despliegue de procedimientos de gestión de incidentes de seguridad y de debilidades detectadas en los elementos del sistema de información.
  • En el artículo 27, la formalización de las medidas de seguridad en un documento denominado ‘declaración de aplicabilidad’ y la posibilidad de reemplazar medidas de seguridad por otras compensatorias cuando se justifique documentalmente.
  • Article 29, the figure of the “ technical safety Instructions ” that regulate aspects such as the report of the state of security, the audit of safety, compliance with the schema, notification of security incidents, the acquisition of products of security, cryptology used in the field of outline and safety requirements outsourced environments, among others.
  • Article 35, explicit references to the articulation of the necessary procedures for the collection and consolidating information for the annual reports state of security and agencies responsible for its realization.
  • Article 36, notification to the Center of National PKIX those incidents that have a significant impact on information security handled and services.
  • Article 37, evidence necessary for the investigation of security incidents by the National PKIX Centre.
  • The improvement of various security measures to improve its effectiveness and to suit stipulated in Regulation No 910 / 2014 of the European Parliament and of the board of 23 July 2014 on electronic identification and services of confidence for electronic transactions in the internal market and repealing Directive 1999 / 93 / CE. In particular, paragraphs 3.4, 4.1.2, 4.1.5, 4.2.1, 4.2.5, 4.3.3, 4.3.7, 4.3.8, 4.3.9, 4.3.11, 4.4.2, 4.6.1, 4.6.2, 5.2.3, 5.1.3, 5.4.2, 5.4.3, 5.5.2, 5.5.5, 5.6.1, 5.7.4, 5.5.5, 5.5.7 and 5.8.2.
  • También se concreta el Anexo III, referido a la auditoría de seguridad, se modifica el Glosario de términos recogido en el Anexo IV, se actualiza la redacción de la cláusula administrativa particular contenida en el Anexo V, se elimina la referencia a INTECO y se establece mediante disposición transitoria un plazo de veinticuatro meses contados a partir de la entrada en vigor para la adecuación de los sistemas a lo dispuesto en la modificación.

Original source of the news (Opens in new window)

Published in the 4-11-2015: BOE Royal Decree 951 / 2015 (Opens in new window) , 23 October, to modify the Royal Decree 3 / 2010, of January 8th, that regulates the national security Scheme in the area of E-government.

  • Security
General access point
 
General access point