Continuous assessment
The National Cryptologic Center carries out security audits in critical organizations, through the use of recognized methodologies, being able to achieve the objective of continuously managing and measuring the evolution of the assets audited with respect to defined levels of security and risk, thus enabling the ability to react and mitigate against possible defects in configuration and vulnerabilities detected through the prioritization of available resources.
In this way, the Incident Response Team of the National Cryptologic Center (CCN-CERT) carries out preliminary analyses through the continuous audit system ANA (Automation and Standardization of Audits) detecting important vulnerabilities in web resources belonging to entities included in the subjective and objective scope of application of Royal Decree 3/2010, of 8 January, recommending the timely treatment of these alerts, in the face of possible repercussions for the security of the organization.