μCeENS
µCeENS is an innovative methodology that takes advantage of the new features of Royal Decree 311/2022, of 3 May, to facilitate obtaining the National Security Framework (ENS) on the basis of a Specific Compliance Profile (PCE)..
This methodology provides the necessary support and assistance to achieve ENS Conformity Certification from the phase prior to compliance until after obtaining it, all of which is automated in the Cybersecurity Governance tools (INES-AMPARO).
__ Phases of implementation of the µCeENS Methodology
Implementation of the µCeENS Methodology
Clic to enlarge
You can consult the details of each of the µCeENS Methodology implementation phases (6) by selecting the number at the top.
1. National Security Framework training
Clic to enlarge
Training in the ENS, asynchronously, through the ÁNGELES platform.
1.1 Diagnosis of compliance to determine the situation and the possibility of undertaking a process of adaptation to the ENS.
2. Governance and Adequacy
Clic to enlarge
Security policy, establishing a structure, determining roles assigning responsibilities and relationship flows, asset inventory, categorisation, statement of applicability and risk reporting.
3. Implementation
Clic to enlarge
Implementation of measures, regulatory framework, procedural development, adoption of technical solutions, collection of evidence and records.
4. Certification Audit
Clic to enlarge
Organisations that have completed the compliance process through the tools that make up the Cybersecurity Governance platform will be able to request, from this platform, the audit of compliance with the ENS based on the associated Specific Compliance Profile (PCE).
5. Obtaining certification
Clic to enlarge
The Certification Body (EC) or the Public Sector Technical Audit Body (OAT), after receiving the audit request, shall proceed to the evaluation of the evidence and documentation provided. After deciding on the conformity of the system, it shall issue the ENS Conformity Certification on the basis of the PCE, reserving the right to carry out an inspection.
6. Cycle of continuous improvement
Clic to enlarge
The continuous security management required by the ENS involves regular maintenance and assessments to monitor the systems and maintain their correct protection. It also requires that all personnel accessing, operating or administering the system, as well as those responsible as defined in the governance model, are kept under constant training..
The Governance Platform facilitates such continuous improvement by providing maintenance checklists and assistance in training and assessing the resilience of systems to cyber threats.
__ Documentation μCeENS
Abstracts
- Servicio NGAV (Antivirus de Nueva Generación) y su aportación al cumplimiento del ENS mediante la metodología μCeENS
- Metodología para alcanzar la Certificación de Conformidad con el ENS en base a un Perfil de Cumplimiento Específico (PCE)
- Trazabilidad del dato en el contexto del Esquema Nacional de Seguridad (ENS)