🇪🇸 Spain

ENS — Spain's National Security Framework

The mandatory security framework for the Spanish public sector and its suppliers, with three categories matched to risk.

What is ENS?

The Esquema Nacional de Seguridad (ENS), updated by Royal Decree 311/2022, establishes the security policy for the use of electronic means by Spanish public administrations and the private entities that provide them services.

ENS classifies systems into Basic, Medium and High categories and structures controls across the security dimensions of confidentiality, integrity, availability, authenticity and traceability.

ENS structure

Three categories

Basic, Medium and High, based on the impact of a security breach.

Security dimensions

Confidentiality, integrity, availability, authenticity, traceability.

Control framework

Organisational, operational and protection measures.

ENS with ResiPlan

ResiPlan includes a structured ENS baseline and runs a maturity GAP analysis with evidence and reporting.

Cross-mapping links ENS to ISO 27001 and NIS2, so a single assessment supports your Spanish and European obligations.

See all 10 covered frameworks The cross-mapping engine

Frequently asked questions

What is the ENS?

The Esquema Nacional de Seguridad: Spain's National Security Framework (RD 311/2022) for the public sector and its suppliers, with Basic, Medium and High categories.

Who must comply with ENS?

Spanish public administrations and private organisations that provide them services or solutions.

Other frameworks

ResiPlan covers 10 frameworks with cross-mapping: assess once, prove everywhere.

ISO 27001 NIS2 DORA 🇳🇱 CYRA 🇧🇪 CyFun 🇩🇪 BSI IT-Grundschutz 🇳🇱 BIO 🇫🇷 ANSSI 🇮🇹 FNCS

Assess your ENS compliance

Run a maturity gap analysis, attach your evidence and generate a report — with cross-mapping to the other frameworks.