Functions of the CCN

Spanish society requires efficient, specialized and modern intelligence services capable of facing the new challenges of the current national and international scenarios. Among the most important elements of this new situation is the advancement in information technologies, the ease and flexibility of their transmission in different formats, the almost universal spread of their use and the global accessibility of a variety of tools and networks. All of this facilitates the agile and flexible exchange of information in modern societies.

The optimization of efficiency, economy and administrative coherence necessitate the establishment of measures to regulate and coordinate the acquisition of the sophisticated equipment required, the homologation of its capacity and compatibility, its employment procedures and the technical training of the Administration personnel specialized in this field. At the same time, rules on the protection of classified information should also be created, constantly updated and enforced in order to prevent access to classified information by unauthorized individuals, groups and States.

The National Cryptologic Centre is the body responsible for responding to these needs, set out in Royal Decree 421/2004, of 12 March, which assigns it the following functions:

1. Regulations. Develop and disseminate standards, instructions, guidelines and recommendations to ensure the security of ICT systems (CCN-STIC Guidelines).
2. Formation: To train public sector personnel specialized in the field of security.
3. Keep an eye out. Ensure compliance with the regulations on the protection of classified information in its field of competence.
4. Desarrollo. Coordinate the promotion, development, procurement, acquisition and operation and use of security technologies.
5. Evaluation. Assess and accredit the ability of encryption products and systems to handle information securely.
6. Certification. To set up the Certification Body for the National Security Evaluation and Certification Framework, for application to products and systems within its scope.
7. Cybersecurity. Contribute to the improvement of Spanish cybersecurity through CCN-CERT, actively addressing threats affecting public sector systems, companies and organizations of strategic interest to the country, in coordination with the National Center for Critical Infrastructure Protection (CNPIC) and any ICT system that processes classified information.
8. Relationships. Establish the necessary relations and sign the relevant agreements with similar organizations in other countries for the development of the aforementioned functions.