The objective of this section is to provide organisations within the scope of application of Royal Decree 311/2022, of 3 May, which regulates the National Security Framework, whether they belong to the public or private sector, with a mechanism to quickly and efficiently resolve those doubts that usually arise regarding compliance, suitability and certification of the information systems in question to the provisions of the aforementioned legal body..

Therefore, the texts contained in this section are not to be considered as mandatory rules or, in any way, as rules belonging to the legal order relating to the National Security Framework.

From 5 May 2022, by virtue of Royal Decree 311/2022, of 3 May, Royal Decree 3/2010, of 8 January, has been repealed. However, in order to facilitate an orderly transition and the necessary adaptation of the Certification Entities to the new regulatory framework, as communicated by the CCN, the information systems that existed prior to the entry into force of RD 311/2022 may, until 5 May 2024, continue to use the certification procedure of RD 3/2010, of 8 January, knowing that the maximum validity date of the certificates thus issued may not exceed 5.5.2024. On the other hand, certification according to RD 311/2022, of 3 May, may be undertaken from 1 December 2022 and the certificates will have the usual validity of two calendar years.

1. What is the National Security Framework for?

The ENS, based on the establishment and development of basic principles and minimum requirements, provides organisations that have their information systems compliant with its provisions and managed in the exercise of their competences, with adequate protection of the services provided and the information processed by them, in order to ensure the access, confidentiality, integrity, traceability, authenticity, availability and preservation of data, information and services directly or indirectly supported by electronic means.

For both public sector organisations and private sector organisations that provide them with solutions or services, the provisions of the ENS enable them to meet the principles of action and security requirements of public administrations that enable them to achieve their objectives.

For citizens, the ultimate recipients of the public service, it is a guarantee that the public bodies with which they interact have the necessary security conditions to safeguard their information and rights.