The Spanish National Security Framework (ENS) is Now Part of the Qualys Enterprise TruRisk™ Platform

Pablo Velázquez Fernández

The Spanish National Security Framework (ENS), regulated by Royal Decree 311/2022, is a mandatory framework designed to ensure an optimal level of security for the digital infrastructure of companies in the Spanish public sector and critical infrastructures. Its main objective is to establish a common security policy that allows for the adequate protection of the country’s information systems and essential services. This framework is vital to maintaining the integrity, availability, and confidentiality of information within entities managing critical data, both in the public and private sectors, especially those that are part of Spain’s critical infrastructures.

Royal Decree 311/2022 reinforces the importance of adhering to specific security measures and introduces a structured approach based on Continuous Risk Assessment and the implementation of controls to mitigate risks. In this context, compliance with the ENS is crucial in protecting public entities from constantly evolving cyber threats and ensuring the operational continuity of services that depend on digital infrastructures.

The ENS establishes clear principles and requirements for information system security for public administrations and providers that access or manage public information. This includes aspects such as categorizing information based on its level of sensitivity, identifying specific threats, and implementing security measures tailored to the specific risks they face. Thus, organizations that comply with the ENS mitigate risks, ensure citizen trust in public services, and improve their responsiveness to cybersecurity incidents.

Qualys Policy Compliance: assessing compliance with ENS

The Qualys Policy Compliance (PC) module assesses and monitors an organization’s regulatory compliance against various global standards and regulatory frameworks. Thanks to its advanced capabilities, organizations can ensure that their systems are aligned with specific security regulations, proactively and efficiently managing compliance.

With the inclusion of the Spanish National Security Framework (ENS) in Qualys Policy Compliance mandates, Spanish companies now have access to a solution that allows them to assess their level of conformity with ENS requirements. This includes continuously monitoring systems for deviations from ENS and generating detailed compliance reports to support decision-making.

Thanks to Qualys Policy Compliance, Spanish companies can assess their environment based on the ENS’s specific security controls, ensuring comprehensive and efficient compliance with national regulations.

ENS is now available in Qualys

We are pleased to announce that the Spanish National Security Framework mandate is now available in Qualys Policy Compliance. This integration enables public organizations and service providers operating with Spanish public sector entities to meet the stringent security requirements established by the ENS. Users can view their assets’ compliance status in real time, receive alerts about potential deviations, and prioritize corrective actions needed to stay aligned with the ENS.

The Qualys platform provides a simplified and centralized approach to ENS assessment, significantly reducing audit times and the operational complexity of managing compliance with multiple regulations simultaneously.

Upcoming ENS-based policies

At Qualys, we are developing predefined policies specifically aligned with the National Security Framework (ENS) controls, representing a significant advancement for organizations operating under security regulations in Spain. These policies will allow customers to implement security configurations in their technological environments faster, ensuring effective compliance with ENS provisions. Through these predefined configurations, organizations can automatically integrate the controls required by ENS, avoiding manual processes that are time-consuming and prone to human error.

The predefined policies will be highly configurable and adaptable to each customer’s specific environment. This means that regardless of the complexities or specifics of their IT infrastructure, these policies will facilitate the implementation of security controls in line with ENS requirements.

With the implementation of ENS policies, organizations can accelerate their alignment with the requirements established by Royal Decree 311/2022 and other important regulations, such as ISO 27001 or GDPR, which share some principles and controls. In this way, Qualys not only strengthens security in the current environment but also prepares organizations for future audits and security evaluations, providing peace of mind regarding the state of their systems and their alignment with regulations.

For more information on how to get started with ENS in Qualys, please do not hesitate to contact our team at iberia@qualys.com.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *