National Security Framework of Spain

Acronym of the case:

ENS

Web address of the case:

http://www.csae.map.es/csi/pdf/ENS_SECURITY_E...

Country of the case:

Spain

Posting Date:

3 February 2010

Last Edited Date:

10 September 2010

Author:

MIGUEL A. AMUTIO (MINISTERIO DE LA PRESIDENCIA)

security | framework | legal documents

Type of initiative

Strategic initiative

Case Abstract

The Real Decreto (Royal Decree)Â 3/2010, of January 8th (Official Gazette, January 29th) regulates the National Security Framework foreseen in the article 42 of the eGovernment Law 11/2007.

This Framework establishes the security policy in the use of electronic means in the scope of the eGovernment Law 11/2007; this security policy will be formed by the basic principles and minimum requirements for an adequate protection of information.

The National Security Framework pursues the creation of the necessary conditions of confidence in the use of electronic means, through measures to ensure the security of systems, data, communications and electronic services that permits the exercise of rights and the fulfilment of duties through the electronic access to public services; to ensure that information systems will provide their services in accordance with their functional specifications and will protect information.

In order to create such conditions, the National Security Scheme introduces the common elements that have to guide the action of the Public Administrations regarding security. Particularly it introduces the following principal elements:

The basic principles to be taken into account when adopting decisions about security;
The minimum requirements for the adequate protection of information;Â
The procedure to fulfill the basic principles and minimum requirements by means of the adoption of proportionate security measures.

Description of the case

Domain

eGovernment

Topic

eIdentity and eSecurity | Infrastructure | Legal Aspects | Policy

Sector

Other

Start date - End date

January 2010 (Ongoing)

Date operational

January 2010

Target Users

Administrative | Business (self-employed) | Business (industry) | Business (SME) | Other

Target Users Description

Public Administrations of Spain: managers and civil servants responsible for the planning, design, procurement, development, deployment, operation ofsystems for eGoverment services.
ICT Industry providers of Public Administrations.

Scope

Local (city or municipality) | National | Regional (sub-national)

Status

Operation

Language(s)

Spanish

Policy Context and Legal Framework

The Real Decreto(Royal decree)Â 3/2010, of January 8th (Official Gazette, January 29th) regulates the National Security Framework foreseen in the article 42 of the eGovernment Law 11/2007.

It has been developed in a process coordinated by the Ministerio de la Presidencia with the support of Centro CriptolÃ³gico Nacional (CCN), with the participation of all Public Administrations (General State, Regional Local) in Spain through the Administration Bodies with competences in the field of eGovernment.

So the context is all Public Administrations in Spain.

During the last three years more than a hundred experts of Public Administrations have contributed to its elaboration; together with a wide number of experts who have contributed with their opinion through the professional associations of ICT Industry.

The National Security Framework takes into account recommendations from the European Union, the current technological situation of Public Administrations, existing services, and the use of open standards and, as appropriate and in complement, standards which are of general use among the public.

During the elaboration process it has been taken into account a wide number of references about eGovernment and security coming from the European Union, other countries, the OECD, standardization bodies and forums and national legislation.

Project Size and Implementation

Type of initiative

Other

Overall Implementation approach

Public administration

Technology choice

Standards-based technology

Funding source

Public funding national

Project size

Implementation: Not applicable/not available

Implementation and Management Approach

The National Security Framework is implemented through the Real Decreto (Ryal Decree)Â 3/2010, of January 8th (Official Gazette, January 29th) regulates the National Security Framework foreseen in the article 42 of the eGovernment Law 11/2007, with the participation of all Public Administrations through the Administration Bodies with competences in the field of eGovernement and which join all Public Administrations nationa, regional and local (Highest Council of eGoverment - Consejo Superior de AdministraciÃ³n ElectrÃ³nica, Sectorial Committee of eGovernment - ComitÃ© Sectorial de AdministraciÃ³n ElectrÃ³nica, National Commission of Local Administration - ComisiÃ³n Nacional de AdministraciÃ³n Local).

Technology solution

In order to create such conditions, the National Security Framework introduces the common elements that have to guide the action of the Public Administrations regarding security.

A global approach to security has been followed:

The basic principles to be taken into account when adopting decisions about security.
The minimum requirements for the adequate protection of information.Â
The procedure to fulfill the basic principles and minimum requirements by means of the adoption of proportionate security measures.

Impact, innovation and results

Impact

The National Interoperability Framework:

Creates the necessary conditions of trust in the use of electronic means, through measures to ensure security of systems, data, communications and electronic services that permits the exercise of rights and the fulfillment of duties through the electronic access to public services.
Establishes the security policy in the use of electronic means in the scope of the eGovernment Law 11/2007; this security policy will be formed by the basic principles and minimum requirements for an adequate protection of information.Â
Introduces the common elements that will guide the activity of Public Administrations in relation to security.Â
Introduces a common language that will facilitate the interaction among public administrations as well as the communication of security requirements to ICT Industry.

Track record of sharing

This National Security Framework has been developed with the participation of all Public Administrations in Spain and it is expected a high degree of reuse of it.

Lessons learnt

The three main lessons learnt are the following:

The need to address security from a completely global perspective including all aspects involved.
The importance of taking into account the points of view and contribution of all stakeholders involved. This National Security Framework has been developed with the participation of all Public Administrations in Spain. During the last three years more than a hundred experts of Public Administrations have contributed to its elaboration; together with a wide number of experts who have contributed with their opinion through the professional associations of ICT Industry. During the elaboration process it has been taken into account a wide number of references about eGovernment and security coming from the European Union, other countries, standardization bodies and forums and national legislation.
The importance of introducing the common elements and language of security in our legal basis about eGovernment.

Multimedia Content Select a Tab

There isn't any image for this case

There isn't any Video for this case