Ministry of Defence logo Defence Staff logo
Periodista del EMAD

The Joint Cyberspace Command is recognised as a Certification Entity of the National Security Scheme.

In Madrid
August 24, 2022
  • The Audit Group has achieved accreditation after passing an exhaustive verification process

'If you think technology can solve your security problems, then you don't understand the problems and you don't understand technology' (Gene Spafford).

We are on a technological bandwagon that demands continuous adaptation to an increasingly complex situation. On the one hand, technology must be made useful and simple for users, but on the other hand, it must be prevented from being used by individuals and organisations that seek other malicious purposes for which it is not intended.

This premise, which may seem obvious, faces a reality in which anyone can have computer equipment to access information through electronic means. In fact, this is nowadays the usual way of communicating between individuals, companies and administrations. And it is this open and free environment that requires organisations seeking to apply minimum security standards to adapt continuously to the technological environment in order to be at the forefront of security.

This adaptation means, in all cases, an evolution to stay ahead, smoothing the road ahead and making it difficult for those who try to derail us. One of the organisations in Spain that ensures the safe passage of this technological journey is the Joint Cyberspace Command (MCCE) Audit Group.

This group has recently undergone an exhaustive verification process to be accredited as a Certification Entity of the National Security Scheme (ENS), which, in its new wording (Royal Decree 311/2022 of 3 May), seeks to meet three main objectives:

  • Align the ENS with the existing regulatory framework and strategic context to guarantee the security of the digital administration.
  • Introduce the ability to adjust the requirements of the ENS, to ensure its adaptation to the reality of certain groups or types of systems.
  • Facilitate a better response to cybersecurity trends, reduce vulnerabilities and promote continuous vigilance.

In this verification process, the MCCE's Audit Group has demonstrated its capacity and experience to audit classified systems and, from now on, to issue the corresponding certifications in accordance with the ENS.

This new capability is added to the existing one within the bilateral agreement between the National Intelligence Centre (CNI) and the Spanish Defence Staff (EMAD) for the auditing of systems that handle internationally classified information. Now, as an accredited Certification Entity, the capabilities of the audit team are further enhanced in the unstoppable technological train under the umbrella of the ENS.