ENS 2022 (NationalSecurity)
✅️ Entry into force
✅️System adequacy: 24 months
· It aligns with the new regulatory reference framework to facilitate security in Digital Administration, as well as facilitate the response to new trends and cybersecurity needs.
· The National Security Scheme (ENS) establishes the security policy in the use of electronic means. It applies to the entire public sector and its technology suppliers in the private sector.
· The update of the ENS is part of the package of urgent actions, adopted on 25 May, to strengthen defense capabilities against cyber threats. It is also included in the Government Digitization Plan of the Recovery Plan.
The Council of Ministers today approved, on the proposal of the Ministry of Economic Affairs and Digital Transformation, a Royal Decree updating the National Security Scheme (NSS), and is part of the package of urgent actions, adopted on 25 May, to strengthen defense capabilities against cyber threats against the public sector and collaborating entities that provide technologies and services to it.
The National Security Scheme in force to date dates from 2010, a stage with a normative, social and technological context that has undergone a radical evolution.
The ENS establishes the security policy for the adequate protection of the information processed and the services provided through a common approach of basic principles, minimum requirements, protection measures and compliance and monitoring mechanisms, for public administration, as well as technology providers from the private sector working with the administration.
Among the innovations introduced by the Royal Decree are: the adaptation of the ENS to the new regulatory framework and the existing strategic context to ensure security in the Digital Administration; the adjustment of requirements to needs, collectives of technological entities and fields for a more effective and efficient application; updating basic principles and security measures to facilitate a better response to new trends and cybersecurity needs.
The new legislation aims to ensure the protection of information systems in the entities within its scope, reducing vulnerabilities and promoting continuous monitoring, establishing in turn optimal response mechanisms and security measures, within the current legal, technological, strategic and cyber-threat framework.
New security measures, for example, have included cloud services, system interconnection, supply chain protection, alternative media, surveillance and other network-connected devices.
Barcelona, 26.05.2022 | Download the PDF ⬇️