"/>

PAe - verification of compliance with the national security
accesskey _ mod _ content

Verification of compliance with the national security

04 july 2017

ENS logo

The Guide CCN-STIC 808 will complement the guide “ CCN-STIC-802 national security audit – guide ”

The Guide CCN-STIC 808 will complement the guide “ CCN-STIC-802 national security audit – guide ” and aims to “ serve both as itinerary, registration, of that person appointed as an auditor of the requirements of national security to a system ”.

The information systems of High or medium category, including those of private sector companies that provide services to public entities are obliged to the realization of a regular audit, at least every two years and an extraordinary whenever substantial changes occur in the information system.

The CCN-CERT has published on its website the Guide CCN-STIC 808 of verification of national security Scheme (NHIS) (Opens in new window) whose aim is to serve both as itinerary, registration, of that person appointed as an auditor of the requirements of the NHIS. We can put a homogeneous way the realization of the audits, either ordinary or extraordinary, establishing minimum premises in their implementation, as provided for in article 34 of the royal decree 3/2010 of 8 january, which regulates the NHIS.

The article 34 states that the information referred to in the royal decree will be subject to ordinary audited at least once every two years to verify compliance with the requirements of the present national security.

With an exceptional, must be carried out this audit whenever substantial change in the information system, which may affect the security measures required.

Audit guide

The Guide CCN-STIC 808, developed as a tool for field work with spaces reserved to the annotations, will complement the guide “ CCN-STIC-802 national security audit guide ”.

The definition of the scope, the explanation of how to use the guide and finally, the verification of compliance with that of the NHIS is divided into several articles of the TEAMS and security measures of annex II, which in turn have been submitted in the organizational framework, operational framework and measures of protection are other points of the document. Next to them, the first annex to the definition of terms and a second with the staffing of the audit report.

Original source of news (Opens in new window)

  • Security