PAe - incidents of high impact of the public sector should be reported to National Cryptologic Centre
accesskey _ mod _ content

Incidents of high impact of the public sector should be reported to National Cryptologic Centre

26 april 2018


This is stipulated in the security Component of Notification of security incidents, published in the BOE provided for in the national security.

The official gazette of the past 19 april, issued resolution of 13 april 2018, the secretariat of state of public service, which approves the Technical instruction of the security council (ITS) “ notice of security incidents ” (Opens in new window) , its implementation will be on the day following its publication (20 april).

This ITS aims, in accordance with Chapter VII Royal Decree 3/2010, of 8 january of the national security (Opens in new window) the notification and management of security incidents in information systems of public-Sector entities, when such incidents would have a significant impact in the security of information or the services they provide, in relation to the category of the system.

The Instruction states that once detected an incident will Guide CCN-STIC 817 (Opens in new window) for classification, and for those with a High impact, very high or critical be notified to the ability to respond to incidents of Cryptologic, National Centre (CCN-CERT). It will be collected evidence of the incident, which will be documented and guarded so as to determine the mode of delivery, ensuring the chain of custody is respected, and the legal system resulting from implementation.

For notification of such incidents, the NCC has developed a tool LUCIA (Opens in new window) with a view to automate the mechanisms for notification, communication and exchange of information on security incidents, which is kept constantly updated.

Ámbito of implementation

Public Administrations (General, Regional and Local levels), government agencies and public law entities, entities of private law (with administrative powers), public universities and public organizations comprising the subjective scope of application of this instruction (and ENS), as well as all those activities undertaken by public or private entities whose role is to ensure the information and services provided (hardware, software, information media, communications, facilities, personnel and services provisionados by third parties).

Technical instructions of The Security Council

This is the fourth ITS issued binding upon the recommendation of the sectoral Commission E-government and initiative of the centre National Cryptologic, as laid down in article 29 of the royal decree 3/2010, which regulates the NHIS. The other two relate to “ Conformity with the national security ” and “ Report of the state security ”.

These technical instructions deal with a number of specific aspects that the daily reality has been particularly significant, such as: Report of the state security; notice of security incidents; audit of security; conformity with the national security; acquisition of products of The security council; cryptology of employment in the national security; interconnection in the national security and safety requirements in outsourced environments, without prejudice to the proposals that might be able to agree on the Sectoral Committee of E-government, as provided for in article 29.

Original source of news (Opens in new window)

  • Security