μCeENS

µCeENS is an innovative methodology that takes advantage of the new features of Royal Decree 311/2022, of 3 May, to facilitate obtaining the National Security Framework (ENS) on the basis of a Specific Compliance Profile (PCE)..

This methodology provides the necessary support and assistance to achieve ENS Conformity Certification from the phase prior to compliance until after obtaining it, all of which is automated in the Cybersecurity Governance tools (INES-AMPARO).

μCeENS

__ Phases of implementation of the µCeENS Methodology

Implementation of the µCeENS Methodology

Clic to enlarge

Gráfico general

You can consult the details of each of the µCeENS Methodology implementation phases (6) by selecting the number at the top.

1. National Security Framework training

Clic to enlarge

Gráfico general

Training in the ENS, asynchronously, through the ÁNGELES platform.

ÁNGELES

1.1 Diagnosis of compliance to determine the situation and the possibility of undertaking a process of adaptation to the ENS.

2. Governance and Adequacy

Clic to enlarge

Gráfico general

Security policy, establishing a structure, determining roles assigning responsibilities and relationship flows, asset inventory, categorisation, statement of applicability and risk reporting.

3. Implementation

Clic to enlarge

Gráfico general

Implementation of measures, regulatory framework, procedural development, adoption of technical solutions, collection of evidence and records.

4. Certification Audit

Clic to enlarge

Gráfico general

Organisations that have completed the compliance process through the tools that make up the Cybersecurity Governance platform will be able to request, from this platform, the audit of compliance with the ENS based on the associated Specific Compliance Profile (PCE).

5. Obtaining certification

Clic to enlarge

Gráfico general

The Certification Body (EC) or the Public Sector Technical Audit Body (OAT), after receiving the audit request, shall proceed to the evaluation of the evidence and documentation provided. After deciding on the conformity of the system, it shall issue the ENS Conformity Certification on the basis of the PCE, reserving the right to carry out an inspection.

6. Cycle of continuous improvement

Clic to enlarge

Gráfico general

The continuous security management required by the ENS involves regular maintenance and assessments to monitor the systems and maintain their correct protection. It also requires that all personnel accessing, operating or administering the system, as well as those responsible as defined in the governance model, are kept under constant training..

The Governance Platform facilitates such continuous improvement by providing maintenance checklists and assistance in training and assessing the resilience of systems to cyber threats.