Check For Ens High Compliance
Topics on this page
Ensure that all AWS services and resources utilized within your Amazon Web Services account are ENS High-compliant, in order to meet industry best practices by implementing effective controls for security in the cloud, in compliance with EU and Spanish security and privacy requirements. The The Esquema Nacional de Seguridad (National Security Framework – ENS) is an accreditation framework based on Law 11/2007 (a regulatory law which established a legal framework to give Spanish citizens electronic access to government and public services) issued by the Spanish government in 2007, that consists of basic principles and minimum requirements necessary for the adequate protection of government-based information. The purpose of the ENS accreditation scheme is to build trust in the provision of electronic services, and ensure the access, integrity, availability, authenticity, confidentiality and safety of data within the cloud. The accreditation framework applies to all public organizations and government agencies in Spain that use cloud products, as well as to Information and Communications Technologies (ICT) providers. The framework presents guidelines for implementing efficient controls for security in the cloud and on premises, in compliance with Spanish and EU security and privacy standards.
Each government agency is required to adopt a risk-management approach to security, by which they recognize and evaluate security risks, and then apply security controls suitable to those risks. Cloud providers, must comply as well with the rigorous ENS requirements to help ensure that their procedures, their technical capacities, and their operations are secure and enable agencies and organizations to comply with the regulations. To achieve ENS High certification, Amazon Web Services was successfully audited by an accredited and independent auditor. Due to the regional nature of the ENS High security-based certification, the certification scope is limited to the European Union (EU). The AWS regions that are covered by this certification are eu-west-1 (Dublin, Ireland) and eu-central-1 (Frankfurt, Germany).
As a customer who uses AWS components (i.e. services and resources) to store, process or transmit data in EU and Spain, you can rely on AWS cloud infrastructure as this is ENS High-compliant. However, since security and compliance is a shared responsibility between AWS and its customers, you should carefully consider the AWS services you choose to work with, as your responsibilities depend on the AWS services used, the integration of those services into your application environment, and applicable laws and regulations. Therefore, you can achieve ENS High compliance for your cloud applications only using ENS High-eligible AWS components. To obtain and maintain ENS compliance, use only the AWS services and resources listed below:
AWS Services
- Amazon API Gateway
- Amazon DynamoDB
- Amazon ElastiCache
- Amazon Elastic Container Service (ECS) - including both Fargate and EC2 launch types
- Amazon Elastic Block Store (EBS)
- Amazon Elastic Compute Cloud (EC2)
- Amazon Elastic File System (EFS)
- Amazon Elastic MapReduce
- Amazon Glacier
- Amazon Redshift
- Amazon RDS
- Amazon Simple Queue Service (SQS)
- Amazon Simple Storage Service (S3)
- Amazon Simple Workflow Service (SWF)
- Amazon Virtual Private Cloud (VPC)
- Amazon WorkSpaces
- Amazon CloudFormation
- Amazon CloudTrail
- Amazon Config
- Amazon Database Migration Service
- Amazon Direct Connect
- Amazon Directory Service
- Amazon Elastic Beanstalk
- Amazon Key Management Service
- Amazon Lambda
- Amazon Snowball
- Amazon Storage Gateway
- Amazon Elastic Load Balancing
- Amazon VM Import/Export
Check the up-to-date list of AWS services that support ENS High accreditation before you design, create, modify or upgrade your ENS High-compliant environment in your AWS account.
An example of non-compliant ENS High service is Amazon Athena, an interactive query service managed by AWS that lets you use standard SQL to analyze data directly in Amazon S3. Because this AWS service is not yet eligible, your cloud application will fail to achieve ENS compliance in Spain as long as is processing data using Amazon Athena. Having said that, Cloud Conformity strongly recommends to terminate any non-compliant ENS High AWS resources in order to meet ENS compliance requirements within your AWS account. To help you and your organization maintain ENS High compliance, Cloud Conformity monitors your AWS account in real time and sends notification alerts as soon as a resource is created outside the ENS High standard.
Rationale
Amazon Web Services is Esquema Nacional de Seguridad (ENS) High certified. This certification establishes security standards that apply to all government agencies and public organizations in Spain, and service providers on which the public services are dependent on. Also, having ENS accreditation, AWS can provide the necessary protections to satisfy the ENS High security requirements, so that you can use ENS High-compliant AWS services and resources to build cloud applications that store, process or transmit government data in Spain. Nevertheless, because that not all AWS components are ENS High-eligible, using cloud services and resources that fail to comply with the Esquema Nacional de Seguridad (ENS) regulations can raise concerns about the security and confidentiality of government-based data used, and even expose your organization to legal actions.