Accredited certification entities
The National Accreditation Body (ENAC) offers interested parties the accreditation scheme of entities that want to certify compliance with the National Security Scheme (ENS).
The accreditation scheme has been developed by ENAC in close collaboration with the Ministry of Finance and Public Administration and the National Cryptologic Centre (CCN).
In the case of systems classified as LIMITED DISSEMINATION (DL) or equivalent, an entity must be accredited by ENAC within the scope of the National Safety Scheme in accordance with UNE-EN ISO / IEC 17065: 2012 Able to certify compliance with STIC requirements. In addition, security auditing entities must have Enterprise Security Enablement (HSEM) in place.
Compliance with STIC requirements in the field of classified systems (DL) may also be certified among those auditing entities that fulfill one of the following options (CCN-STIC-101):
- To be an entity, body, agency and unit linked to or dependent on the Public Administrations whose competences include the development of audits of information systems, this is stated in its creation regulations or structure decrees and is guaranteed due impartiality.
- Exceptionally, to be a company validated by the CCN, which has demonstrated sufficient technical capacity to carry out STIC audits / inspections on systems handling classified information.
You can see the list of certification bodies accredited or in the process of accreditation to issue certifications in accordance with the ENS and systems classified with the degree of LIMITED DISSEMINATION (DL) or equivalent in the following link.