The National Security Framework (ENS) was conceived with the primary purpose of ensuring adequate protection of the information handled by Spanish public entities, and, consequently, also all companies and/or organizations that work with them.

The objectives to be achieved in both cases can be summarized as:

• Establish the basic principles and minimum protection requirements.
• Define the roles and responsibilities of entities in security matters.
• Mitigate risks related to cyber threats and vulnerabilities.

To ensure these objectives, systems must be classified, based on the impact that security has on information systems, prior to the implementation of the ENS.

The classification is calculated based on the criticality and impact of a possible vulnerability on the information system(s). This classification is established in three possible categories for the system(s): low, medium, and high.

For the evaluation of this category, the following security dimensions must be taken into account as they impact the system(s) under the scope of the ENS:

• Confidentiality
• Integrity
• Traceability
• Availability
• Authenticity

Confidentiality, Integrity, and Traceability (CIT) are common with ISO 27.001.

To guarantee the security of the system(s), and that these five dimensions are guaranteed, it will be achieved with the implementation of 73 security measures distributed as follows:

1. Organizational Measures: with 4 measures applied to the global organizational framework of security; measures such as the definition of security policies, incident management, or the designation of security managers.
2. Operational Measures: 33 measures applied in the operational framework to protect the operation of the system; the application of measures to ensure the secure operation of systems, such as protection against unauthorized access and correct configuration of systems.
3. Protection Measures: 36 protection measures for specific assets (facilities, equipment, communications,…); measures to ensure the confidentiality, integrity, and availability of information, such as data encryption, access control, and the implementation of backups.

 

Benefits of the ENS

The implementation of all security measures, and therefore, compliance with the ENS will bring us a series of benefits:

• Reduction of risks of cyberattacks or security failures.
• Greater confidence in the digital services offered by administrations.
• Regulatory compliance, both at national and European level, regarding data protection.
• Improvement of operational efficiency and security management in public organizations.

 

The ENS is an essential tool to ensure the protection of information in the public administrations of Spain, promoting a safer and more reliable digital environment.

 

For more information visit implementation of ENS or write to