Already available for consultation, in the private part of the portal of CCN-CERT, CCN-STIC-301 guide security measures of the TIC to implement on systems Classified. The object of this instruction technique is set minimum STIC requirements that must be implemented in systems of public administrations, when handled classified information in modes sure operation “ devoted ”, “ unified to the top level ” or “ compartmentalized ”.
The guide is especially needed in a context of increased cyberattacks, coupled with the potential consequences for a country would be a security incident affecting their systems that handle classified information. This implies the need to increase and improve the capabilities of prevention, monitoring, surveillance and response, through operations centres of cybersecurity (SOC), as a way to optimize their resources based on information that handle and the services they provide.
The content of this guide, binding on all systems to handle classified information, is structured around three distinct annexes:
- Anexo A: Requisitos STIC específicos para sistemas que manejan información clasificada
- Annex B: Requirements for specific STIC systems that handle classified information until limited diffusion
- Annex C: Declaration of Applicability ENS category High for dissemination limited.
An important aspect of the document is included, for the first time, security measures to implement with Annex II of Royal Decree 3/2010, of January 8th , which regulates the national security Scheme in the area of E-government. In this way, the measures referred to the preceding paragraphs shall take these as a reference.