Servicios y Productos / Esquema Nacional de Seguridad - ENS

National Security Framework - ENS

 

[volver]

Esquema Nacional de Seguridad

Introduction

The Real Decreto 3/2010, of January 8th (Official Diary of the State, January 29th) regulates the National Security Framework foreseen in the article 42 of the eGovernment Law 11/2007.  This Framework establishes the security policy in the use of electronic means in the scope of the eGovernment Law 11/2007; this security policy will be formed by the basic principles and minimum requirements for an adequate protection of information.

The National Security Framework pursues the creation of the necessary conditions of confidence in the use of electronic means, through measures to ensure the security of systems, data, communications and electronic services that permits the exercise of rights and the fulfilment of duties through the electronic access to public services; to ensure that information systems will provide their services in accordance with their functional specifications and will protect information.

In order to create such conditions, the National Security Scheme introduces the common elements that have to guide the action of the Public Administrations regarding security. Particularly it introduces the following principal elements:

  • The basic principles to be taken into account when adopting decisions about security.
  • The minimum requirements for the adequate protection of information.
  • The procedure to fulfill the basic principles and minimum requirements by means of the adoption of proportionate security measures.

The National Security Framework takes into account recommendations from the European Union, the current technological situation of Public Administrations, existing services, and the use of open standards and, as appropriate and in complement, standards which are of general use among the public.

During the elaboration process it has been taken into account a wide number of references about eGovernment and security coming from the European Union, other countries, the OECD, standardization bodies and forums and national legislation.

It has been developed in a process coordinated by Ministerio de la Presidencia with the support of Centro Criptológico Nacional (CCN), with the participation of all Public Administrations in Spain. During the last three years more than a hundred experts of Public Administrations have contributed to its elaboration; together with a wide number of experts who have contributed with their opinion through the professional associations of ICT Industry.

Objectives

The main objectives are the following:

  • To create the necessary conditions of trust in the use of electronic means, through measures to ensure security of systems, data, communications and electronic services that permits the exercise of rights and the fulfillment of duties through the electronic access to public services.
  • To establish the security policy in the use of electronic means in the scope of the eGovernment Law 11/2007; this security policy will be formed by the basic principles and minimum requirements for an adequate protection of information.
  • To introduce the common elements that will guide the activity of Public Administrations in relation to security.
  • To introduce a common language that will facilitate the interaction among public administrations as well as the communication of security requirements to ICT Industry.

Scope

The scope is defined in article 2 of Law 11/2007.


The systems which manage classified information are out of the scope; these systems are regulated by Law 9/1968, of April 5th, of Official Secrets modified by Law 48/1978, of October 7th, and developing rules.

Status

Published: Royal Decree 3/2010, January 8th, which regulates the National Security Framework in the are of Government.

More information

For more information you can address:

secretaria.csae@mpr.es

Buzón del Ciudadano | Comentarios y Sugerencias