The Certification Council of the National Security Framework (CoCENS) is a collegiate body, regulated by the provisions of Section 3 of Chapter II of the Preliminary Title of Law 40/2015, of 1 October, on the Legal Regime of the Public Sector and the provisions of the CCN-STIC Guide 809 on Declaration and Certification of Conformity with the ENS.
CoCENS was created as a body that would incorporate all parties, help the proper implementation of the ENS and, consequently, a better provision of public services, which is one of the most important objectives of the National Security Framework. It meets at least once a year to respond to the needs arising from its mission.
These are permanent powers of the ENS Certification Board:
Be informed of the regulations governing ENS Conformity Certification, and account for recognised Public Sector Technical Audit Bodies or accredited Certification Bodies and certified organisations.
Be informed of the list of security certification frameworks with which the Public Sector has established agreements.
Propose guidelines and recommendations to be included in the minutes of Board meetings.
Head of the Cybersecurity Regulation and Services Area of the National Cryptologic Centre
That he/she may assume the chairmanship of the ENS Certification Board by delegation of the Director of the CCN.
A representative of the Ministry of Economic Affairs and Digital Transformation
At the level of Assistant Director-General or Deputy Assistant Director-General, whose appointment and attendance shall be requested by the CCN.
Technical Director of the National Accreditation Entity (ENAC)
Or to whom he/she may delegate, and whose appointment and assistance shall be requested by the NCC.
One representative from each Public Sector Technical Audit Body
recognised by the CCN or ENS Certification Body accredited by ENAC.
External experts from the public, private and/or academic sectors
Who, by reason of their experience or connection with the ENS Certification, may be called to the meetings of the Board.
__ CoCENS Documentation
- ENS Certification Framework for Local Authorities
- Additional Security Requirements for Cloud Solutions (SaaS) Deployed in On-Premises Mode
- The CCN as ENS Certification Body
- Obligations of service providers to public entities
- Conditions and Requirements in relation to ENS Certification Audits, the issuance of the corresponding Certificates of Conformity and those relating to ENAC Accreditation.
- Data traceability in the context of the National Security Framework (ENS)
- Methodology for achieving ENS Compliance Certification based on a Specific Compliance Profile (SPP)