µCeENS is an innovative methodology that takes advantage of the new features of Royal Decree 311/2022, of 3 May, to facilitate obtaining the National Security Framework (ENS) on the basis of a Specific Compliance Profile (PCE)..
This methodology provides the necessary support and assistance to achieve ENS Conformity Certification from the phase prior to compliance until after obtaining it, all of which is automated in the Cybersecurity Governance tools (INES-AMPARO).
__ Phases of implementation of the µCeENS Methodology
1. National Security Framework training
Training in the ENS, asynchronously, through the ÁNGELES platform.
1.1 Diagnosis of compliance to determine the situation and the possibility of undertaking a process of adaptation to the ENS.
4. Certification Audit
5. Obtaining certification
The Certification Body (EC) or the Public Sector Technical Audit Body (OAT), after receiving the audit request, shall proceed to the evaluation of the evidence and documentation provided. After deciding on the conformity of the system, it shall issue the ENS Conformity Certification on the basis of the PCE, reserving the right to carry out an inspection.
6. Cycle of continuous improvement
The continuous security management required by the ENS involves regular maintenance and assessments to monitor the systems and maintain their correct protection. It also requires that all personnel accessing, operating or administering the system, as well as those responsible as defined in the governance model, are kept under constant training..
The Governance Platform facilitates such continuous improvement by providing maintenance checklists and assistance in training and assessing the resilience of systems to cyber threats.