- Open administration
The web seals of the Open Administration Recognitions 2024 are available
According to data analyzed by the AOC in theDigital Maturity Index 2024, 87% of local administrations already use e-government solutions and platforms certified in accordance with the National Security Scheme (hereinafter, ENS). This percentage has been growing steadily, driven mainly by the investment of market solution providers to adapt to cybersecurity regulations. It is a significant step forward in protecting data and public services.
The comprehensive certification of the ENS: a pending challenge
However, it must be borne in mind that using certified solutions is only part of the path to full security. Obtaining comprehensive ENS certification as an entity is a much more demanding and complex process. Currently, the vast majority of municipalities - especially those of smaller size and resources - do not have comprehensive ENS certification and have enormous difficulties in complying with all the requirements implied by this complete certification.
To facilitate the achievement of an adequate level of security in the most critical services, the National Cryptological Center (CCN) defined a basic certification, the Essential Security Requirements Compliance Profile (CCN-STIC 890A), which defines 35 key controls to help municipalities move towards certification, focusing on the fundamental aspects of local cybersecurity in a more accessible way.
Girona, Vilanova i la Geltrú, l'Ametlla del Vallès and Manlleu have the ENS certification
Despite the difficulties, there are already examples of municipalities leading this process. Municipalities such as Girona, Vilanova i la Geltrú, l'Ametlla del Vallès and Manlleu have certified certain systems according to the ENS. Likewise, municipalities such as Arenys de Munt, Bellmunt, Agramunt, Capafonts, Bot, Vilalba dels Arcs, Masllorenç and Almoster have successfully implemented the 35 controls of the CCN-STIC 890A profile, obtaining certification for the essential requirements. These cases are a clear example of the real progress that is taking place on the ground.
The Cybersecurity Agency and Localret they support municipalities
Catalan city councils have the support of key entities such as theCatalonia Cybersecurity Agency, which acts as a technical audit body for the ENS, and the Localret Consortium, which facilitates the procurement through a Framework Agreement of cybersecurity services. These initiatives are essential to help municipalities comply with legal and security requirements, reducing the burden that would arise from doing so individually.
The lack of comprehensive compliance with the ENS: a reality shared throughout the State
The situation at the national level is similar. Only about 41 municipalities in Spain have achieved full ENS certification or through the profile, including only 8 of the 52 provincial capitals. It is noteworthy that, despite having more resources, large municipalities such as Madrid or Valencia still do not have valid ENS certification for most of their services.
The situation is very similar in the autonomous communities and the bodies of the General State Administration. This shows that the challenge of cybersecurity and the ENS affects both large and small organizations, and is a transversal challenge for the entire public sector.
The AOC's commitment to local cybersecurity
At AOC, we maintain a firm commitment to the ENS and to facilitating compliance for local entities. Since 2024, we have been deploying a cybersecurity strategy aimed at obtaining full certification in accordance with the National Security Scheme for all the services we offer. This certification is key to guaranteeing maximum security and trust for public administrations and citizens.
Currently, we already have three services certified in the High category (DESA'L, VALID and PSIS). Our roadmap for 2025 and 2026 foresees the preparation and obtaining of certification for the rest of our catalogue of services. We are working hard to be a secure pillar of the digital ecosystem of the Catalan local administration.