"/>

PAe - 10 years of national security Scheme, ENS, at the service of the public Sector cybersecurity
the accesskey _ mod _ content

Ten years of national security Scheme (NHIS) at the service of the public Sector cybersecurity

08 January 2020

Fruto de un esfuerzo colectivo liderado por el MPTFP-SGAD y el CNI-CCN, el ENS ha supuesto un hito en la ciberseguridad en España y un referente para otros países. En 2020 se ha de mantener tanto el esfuerzo de implantación del ENS, pues su aplicación ayuda a una mejor protección frente a las ciberamenazas, como de su adecuación a los retos y tendencias en ciberseguridad.

On a day like today, ten years ago, approving the Royal Decree 3/2010 of 8 January, regulating the National security scheme in the field of E-government. 21 days later, on 29 January, is published in the official newsletter of the State, BOE, establishing the basic principles and minimum requirements that, according to the general interest, allowed adequate protection of information, communications and services of public administrations.

Subsequently, in 2015, expanded the scope of Esquema Nacional de Seguridad (ENS) throughout the public Sector of the hand of Law 40/2015 and was modified via the "(简) 951/ of October 23 in the light of lessons learned and Community policy context, particularly of the rules eIDAS . ENS incluía de forma pionera, 75 medidas de seguridad de obligado cumplimiento por parte del Sector Público español, tanto en el marco organizativo, como operacional y de protección.

A fortress which has positioned our country as a reference in the European Union and which is the result of a collective effort of public administrations in Spain, with the collaboration of the private Sector, which actively contributed to its development and implementation led by the Political ministry Territorial and Public Function through the General secretariat of administration Digital, SGAD , (in 2010, when it was adopted, ministry of the presidency) and central National PKIX .

The ENS has become the main tool to strengthen cybersecurity in the public Sector and has been accompanied by 61 Guides CCN-STIC (Series 800), 14 cybersecurity solutions developed by the CCN and 4 Technical safety Instructions ( ITS ) published in the BOE on notification of incidents, audit of safety in information systems, in accordance with the own scheme and the report of the state of security.

Precisely, to compile this report and to establish a measurement system of the security of the public Sector, the CCN(Abre en nueva ventana) the solution developed INES (National report of the state of security) to facilitate more fast and intuitive its adequacy finding the ENS . It has made five editions of the report INES and the 6th ongoing. In 2019, 1006 entities had loaded their data, off the 799 a year earlier. The general assessment that emerges from the report INES is that it has to maintain the effort of implantation of ENS, especially when it shows that your application helps better protection against cyber threats.

Also in 2015 established criteria for achieving compliance with the outline and its corresponding Statement and certification of conformity with the ENS so that the collaboration of the SGAD and CCN with the National accreditation entity ( ENAC ) led to the outline of accreditation and certification that has allowed to the timestamp 8 accredited certification entities and at the end of 2019 over 160 certified institutions (public and private).

Finally, and already in 2018, created the Certification council of national security Scheme ( CoCENS ), whose objective is to help the proper implementation of ENS and, consequently, to the best and most guarantor provision of public services.

ENS under revision

En este momento de aniversario es preciso realizar una revisión del ENS en la que, aprendiendo de la experiencia de estos diez años, se pueda preparar el Esquema para afrontar las nuevas amenazas; mejorar las capacidades de vigilancia y diseñar respuestas cada vez más eficaces frente a los ataques; para reducir la superficie de exposición a vulnerabilidades y deficiencias de configuración de los sistemas.

This requires, first, ENS align with the legal framework and the strategic context to the date of 2020 to provide security in the digital service; secondly, introducing flexibility to facilitate implementation of the ENS to specific needs of certain collectives of entities or technologies; and thirdly, update the ENS to facilitate the response to trends in cybersecurity, reduce vulnerabilities and promote the active defence through the revision, in light of the state of the art of the basic principles, the minimum requirements and security measures, focusing in particular on issues such as monitoring systems, the monitoring tools advanced threat detection and correlation of events, and the provision of observatories surveillance purposes, more specific approximations for notification and managing incidents, measures for the use of services in the cloud, and to help the protection of personal data as described in the First Additional Provision of the Organic Law 3/2018.

  • Security
  • Electronic services