The classified information handled in a system must be protected against loss of confidentiality, integrity, availability, traceability and authenticity, whether accidental or intentional, and ensure that the loss of integrity and availability of the systems themselves behind such information. And it is the Centre National Cryptologic, responsible for ensuring compliance with regulations concerning the protection of classified information.
For this reason, the NCC has made public the Guide CCN-STIC 101 accreditation of Ict Systems in that defines the accreditation procedure for the proper handling classified information, as provided for in the ict security (established in law 11/2002 of 6 may regulate the CNI, and the Royal Decree 421/2004, of 12 march, which regulates the CCN). All this, understanding for Accreditation to the authorization given to a system for handling classified information to a certain degree, or certain conditions of integrity and availability, in accordance with its Concept of operation (CO).
The Guide addresses now updated responsibilities on the accreditation of a system (bearing in mind that the secretary of State director of the CNI is authority of security), the process of accreditation or accreditation of the interconnections. In addition, comprehensive devotes a chapter to the conditions for an accreditation and the requirements in the whole process:
- Documentation of the security council
- Seguridad del entorno de operación (seguridad personal, física y de los documentos)
- The security council from fumes
- The security council of cryptologic research
- Ict security
- Assessment of ict security
Finally, the document contains possible situations of accreditation, their validity, the period between evaluations, re-accreditation, the reports referred between accreditation and registration systems.