Esquema Nacional de Seguridad (ENS)
Spain's national security scheme for public administrations and the suppliers that serve them.
Public-sector entities and any supplier handling public-sector data.
Continuous evidence pipeline available; audit support included for all customers.
What ENS actually requires.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
Categorisation Low / Medium / High by impact.
75 controls (Low) to 134 controls (High) across operational, organisational, and physical families.
External certification for Medium and High categories.
Pre-mapped controls. Continuous evidence.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
ENS profile selector (Low / Medium / High) with control mapping per CCN-STIC 800 series.
Audit pack export aligned with CCN-STIC 802 (audit methodology).
Artifacts your auditor accepts.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
ENS Declaration of Conformity.
Audit pack per CCN-STIC 802.
One evidence base. Many regulators.
These frameworks share substantial control overlap with ENS. Customers running one assessment typically satisfy the others with the same evidence base.
BSI IT-Grundschutz
European Union
Germany's federal IT baseline protection methodology — the standard for federal administration and KRITIS operators.
ANSSI SecNumCloud
European Union
France's qualification for sovereign cloud providers handling sensitive public-sector or OIV workloads.
ISO/IEC 27001:2022
Cross-jurisdictional
The global Information Security Management System standard, updated in 2022 with 93 Annex A controls in four themes.
Ready for ENS?
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.