"/>

PAe: accreditation of systems that manage classified information
accesskey _ mod _ content

Accreditation of systems that manage classified information

26 july 2016

CCN-CERT logo

The Guide updated CCN-STIC 101. This document defines the procedure of accreditation of systems that manage classified information, as provided for in security policy of ict.

The classified information handled in a system must be protected against loss of confidentiality, integrity, availability, traceability and authenticity, whether accidental or intentional, and ensure that the loss of integrity and availability of the systems themselves behind such information. And it is the Centre National Cryptologic, responsible for ensuring compliance with regulations concerning the protection of classified information.

For this reason, the NCC has made public the Guide CCN-STIC 101 accreditation of Ict Systems (Opens in new window) in that defines the accreditation procedure for the proper handling classified information, as provided for in the ict security (established in law 11/2002 of 6 may regulate the CNI, and the Royal Decree 421/2004, of 12 march, which regulates the CCN). All this, understanding for Accreditation to the authorization given to a system for handling classified information to a certain degree, or certain conditions of integrity and availability, in accordance with its Concept of operation (CO).

The Guide addresses now updated responsibilities on the accreditation of a system (bearing in mind that the secretary of State director of the CNI is authority of security), the process of accreditation or accreditation of the interconnections. In addition, comprehensive devotes a chapter to the conditions for an accreditation and the requirements in the whole process:

  • Documentation of the security council
  • Seguridad del entorno de operación (seguridad personal, física y de los documentos)
  • The security council from fumes
  • The security council of cryptologic research
  • Ict security
  • Assessment of ict security

Finally, the document contains possible situations of accreditation, their validity, the period between evaluations, re-accreditation, the reports referred between accreditation and registration systems.

Original source of news (Opens in new window)

 

 

  • Security
Subscribe to the youtube channel of OBSAE
 
Subscribe to the youtube channel of OBSAE