diff --git a/backend/library/libraries/annex-implementing-regulation-of-nis2-on-t-m.yaml b/backend/library/libraries/annex-implementing-regulation-of-nis2-on-t-m.yaml index 654930636..ff19588eb 100644 --- a/backend/library/libraries/annex-implementing-regulation-of-nis2-on-t-m.yaml +++ b/backend/library/libraries/annex-implementing-regulation-of-nis2-on-t-m.yaml @@ -11,9 +11,19 @@ description: ANNEX to the Commission Implementing Regulation laying down rules f managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers copyright: EUROPEAN COMMISSION -version: 2 +version: 3 provider: EUROPEAN COMMISSION packager: intuitem +translations: + es: + name: "NIS2: Requisitos t\xE9cnicos y metodol\xF3gicos - ANEXO REGLAMENTO DE EJECUCI\xD3\ + N (UE) 2024/2690" + description: "ANEXO del Reglamento de Ejecuci\xF3n de la Comisi\xF3n por el que\ + \ se establecen -seg\xFAn el art\xEDculo 2- las disposiciones de aplicaci\xF3\ + n de la Directiva (UE) 2022/2555 en lo que respecta a los requisitos t\xE9cnicos\ + \ y metodol\xF3gicos de las medidas para la gesti\xF3n de riesgos de ciberseguridad.\ + \ Link: https://eur-lex.europa.eu/legal-content/ES/TXT/HTML/?uri=OJ:L_202402690" + copyright: COMISION EUROPEA objects: framework: urn: urn:intuitem:risk:framework:annex-technical-and-methodological-requirements-nis2 @@ -28,6 +38,15 @@ objects: providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers + translations: + es: + name: "NIS2: Requisitos t\xE9cnicos y metodol\xF3gicos - ANEXO REGLAMENTO\ + \ DE EJECUCI\xD3N (UE) 2024/2690" + description: "ANEXO del Reglamento de Ejecuci\xF3n de la Comisi\xF3n por el\ + \ que se establecen -seg\xFAn el art\xEDculo 2- las disposiciones de aplicaci\xF3\ + n de la Directiva (UE) 2022/2555 en lo que respecta a los requisitos t\xE9\ + cnicos y metodol\xF3gicos de las medidas para la gesti\xF3n de riesgos de\ + \ ciberseguridad. Link: https://eur-lex.europa.eu/legal-content/ES/TXT/HTML/?uri=OJ:L_202402690" requirement_nodes: - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1 assessable: false @@ -35,12 +54,22 @@ objects: ref_id: '1' name: POLICY ON THE SECURITY OF NETWORK AND INFORMATION SYSTEMS (ARTICLE 21(2), POINT (A) OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "POL\xCDTICA SOBRE LA SEGURIDAD DE LOS SISTEMAS DE REDES Y DE INFORMACI\xD3\ + N [Art\xEDculo 21, Apartado 2, Letra A), de la directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1 ref_id: '1.1' name: Policy on the security of network and information systems + translations: + es: + name: "Pol\xEDtica sobre la seguridad de las redes y sistemas de informaci\xF3\ + n" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1 assessable: false depth: 3 @@ -48,6 +77,12 @@ objects: ref_id: 1.1.1 description: 'For the purpose of Article 21(2), point (a) of Directive (EU) 2022/2555, the policy on the security of network and information systems shall:' + translations: + es: + name: null + description: "A efectos del art\xEDculo 21, apartado 2, letra a), de la\ + \ Directiva (UE) 2022/2555, la pol\xEDtica de seguridad de los sistemas\ + \ de redes y de informaci\xF3n:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.a assessable: true depth: 4 @@ -55,6 +90,11 @@ objects: ref_id: 1.1.1.a description: "set out the relevant entities\u2019 approach to managing the security\ \ of their network and information systems;" + translations: + es: + name: null + description: "determinar\xE1 el enfoque de las entidades pertinentes para\ + \ gestionar la seguridad de sus sistemas de redes y de informaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.b assessable: true depth: 4 @@ -62,12 +102,22 @@ objects: ref_id: 1.1.1.b description: "be appropriate to and complementary with the relevant entities\u2019\ \ business strategy and objectives;" + translations: + es: + name: null + description: "se adecuar\xE1 a la estrategia y los objetivos operativos\ + \ de las entidades pertinentes y los completar\xE1;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.c assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1 ref_id: 1.1.1.c description: set out network and information security objectives; + translations: + es: + name: null + description: "establecer\xE1 los objetivos de seguridad de las redes y de\ + \ la informaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.d assessable: true depth: 4 @@ -75,6 +125,11 @@ objects: ref_id: 1.1.1.d description: include a commitment to continual improvement of the security of network and information systems; + translations: + es: + name: null + description: "se comprometer\xE1 a mejorar constantemente la seguridad de\ + \ los sistemas de redes y de informaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.e assessable: true depth: 4 @@ -83,6 +138,12 @@ objects: description: include a commitment to provide the appropriate resources needed for its implementation, including the necessary staff, financial resources, processes, tools and technologies; + translations: + es: + name: null + description: "se comprometer\xE1 a facilitar los recursos oportunos para\ + \ su aplicaci\xF3n, incluidos el personal, los recursos financieros, los\ + \ procedimientos, las herramientas y las tecnolog\xEDas que se necesiten;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.f assessable: true depth: 4 @@ -90,12 +151,22 @@ objects: ref_id: 1.1.1.f description: be communicated to and acknowledged by relevant employees and relevant interested external parties; + translations: + es: + name: null + description: "ser\xE1 comunicada a los empleados y partes externas que proceda,\ + \ que deber\xE1n aprobarla;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.g assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1 ref_id: 1.1.1.g description: lay down roles and responsibilities pursuant to point 1.2.; + translations: + es: + name: null + description: "presentar\xE1 los roles y responsabilidades con arreglo al\ + \ punto 1.2;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.h assessable: true depth: 4 @@ -103,12 +174,21 @@ objects: ref_id: 1.1.1.h description: list the documentation to be kept and the duration of retention of the documentation; + translations: + es: + name: null + description: "detallar\xE1 la documentaci\xF3n que debe conservarse y la\ + \ duraci\xF3n del per\xEDodo de conservaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.i assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1 ref_id: 1.1.1.i description: list the topic-specific policies; + translations: + es: + name: null + description: "enumerar\xE1 las pol\xEDticas espec\xEDficas;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.j assessable: true depth: 4 @@ -117,6 +197,12 @@ objects: description: "lay down indicators and measures to monitor its implementation\ \ and the current status of relevant entities\u2019 maturity level of network\ \ and information security;" + translations: + es: + name: null + description: "fijar\xE1 indicadores y medidas para supervisar su aplicaci\xF3\ + n y el estado actual del nivel de madurez de la seguridad de las redes\ + \ y de la informaci\xF3n de las entidades pertinentes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.k assessable: true depth: 4 @@ -124,6 +210,12 @@ objects: ref_id: 1.1.1.k description: "indicate the date of the formal approval by the management bodies\ \ of the relevant entities (the \u2018management bodies\u2019)." + translations: + es: + name: null + description: "indicar\xE1 la fecha de la aprobaci\xF3n formal por parte\ + \ de los \xF3rganos de direcci\xF3n de las entidades pertinentes [en adelante,\ + \ \xAB\xF3rgano(s) de direcci\xF3n\xBB]." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.2 assessable: true depth: 3 @@ -133,12 +225,25 @@ objects: and, where appropriate, updated by management bodies at least annually and when significant incidents or significant changes to operations or risks occur. The result of the reviews shall be documented. + translations: + es: + name: null + description: "El \xF3rgano de direcci\xF3n revisar\xE1 y, cuando proceda,\ + \ actualizar\xE1 la pol\xEDtica de seguridad de los sistemas de redes\ + \ y de informaci\xF3n al menos una vez al a\xF1o, as\xED como cuando se\ + \ produzcan incidentes significativos o cambios significativos en las\ + \ operaciones o los riesgos. Los resultados de las revisiones quedar\xE1\ + n documentados." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1 ref_id: '1.2' name: Roles, responsibilities and authorities + translations: + es: + name: Roles, responsabilidades y autoridades + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.1 assessable: true depth: 3 @@ -149,6 +254,16 @@ objects: \ responsibilities and authorities for network and information system security\ \ and assign them to roles, allocate them according to the relevant entities\u2019\ \ needs, and communicate them to the management bodies." + translations: + es: + name: null + description: "Como parte de la pol\xEDtica de seguridad de los sistemas\ + \ de redes y de informaci\xF3n a que hace referencia el punto 1.1, las\ + \ entidades pertinentes determinar\xE1n las responsabilidades y autoridades\ + \ en materia de seguridad de los sistemas de redes y de informaci\xF3\ + n y las asignar\xE1n a distintos roles, las repartir\xE1n en funci\xF3\ + n de las necesidades de la entidad y se las comunicar\xE1n a los \xF3\ + rganos de direcci\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.2 assessable: true depth: 3 @@ -158,6 +273,14 @@ objects: to apply network and information system security in accordance with the established network and information security policy, topic-specific policies and procedures of the relevant entities. + translations: + es: + name: null + description: "Las entidades pertinentes exigir\xE1n a todo el personal y\ + \ a terceros que apliquen la seguridad de los sistemas de redes y de informaci\xF3\ + n de conformidad con la pol\xEDtica de seguridad de las redes y la informaci\xF3\ + n y las pol\xEDticas espec\xEDficas existentes, as\xED como con los procedimientos\ + \ de las entidades pertinentes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.3 assessable: true depth: 3 @@ -165,6 +288,12 @@ objects: ref_id: 1.2.3 description: At least one person shall report directly to the management bodies on matters of network and information system security. + translations: + es: + name: null + description: "Al menos una persona informar\xE1 directamente a los \xF3\ + rganos de direcci\xF3n sobre cuestiones de seguridad de los sistemas de\ + \ redes y de informaci\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.4 assessable: true depth: 3 @@ -173,6 +302,13 @@ objects: description: Depending on the size of the relevant entities, network and information system security shall be covered by dedicated roles or duties carried out in addition to existing roles. + translations: + es: + name: null + description: "En funci\xF3n del tama\xF1o de las entidades pertinentes,\ + \ la seguridad de las redes y los sistemas de informaci\xF3n corresponder\xE1\ + \ a roles o funciones espec\xEDficos que se desempe\xF1ar\xE1n adem\xE1\ + s de los roles existentes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.5 assessable: true depth: 3 @@ -180,6 +316,11 @@ objects: ref_id: 1.2.5 description: Conflicting duties and conflicting areas of responsibility shall be segregated, where applicable. + translations: + es: + name: null + description: "Aquellos cargos o \xE1reas de responsabilidad que entren en\ + \ conflicto se separar\xE1n, cuando proceda." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.6 assessable: true depth: 3 @@ -188,17 +329,33 @@ objects: description: Roles, responsibilities and authorities shall be reviewed and, where appropriate, updated by management bodies at planned intervals and when significant incidents or significant changes to operations or risks occur. + translations: + es: + name: null + description: "Los \xF3rganos de direcci\xF3n revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n los roles, responsabilidades y autoridades a intervalos\ + \ planificados, as\xED como cuando se produzcan incidentes significativos\ + \ o cambios significativos en las operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2 assessable: false depth: 1 ref_id: '2' name: RISK MANAGEMENT POLICY (ARTICLE 21(2), POINT (A) OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "POL\xCDTICA DE GESTI\xD3N DE RIESGOS [Art\xEDculo 21, Apartado 2,\ + \ Letra A), de la directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2 ref_id: '2.1' name: Risk management framework + translations: + es: + name: "Marco de la gesti\xF3n de riesgos" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.1 assessable: true depth: 3 @@ -213,6 +370,21 @@ objects: accepted by management bodies or, where applicable, by persons who are accountable and have the authority to manage risks, provided that the relevant entities ensure adequate reporting to the management bodies. + translations: + es: + name: null + description: "A efectos del art\xEDculo 21, apartado 2, letra a), de la\ + \ Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1n\ + \ y mantendr\xE1n un marco de la gesti\xF3n de riesgos adecuado para detectar\ + \ y abordar los riesgos que se planteen para la seguridad de los sistemas\ + \ de redes y de informaci\xF3n. Las entidades pertinentes realizar\xE1\ + n evaluaciones de riesgos cuyos resultados documentar\xE1n y, a partir\ + \ de estos \xFAltimos, establecer\xE1n un plan de tratamiento de riesgos,\ + \ que aplicar\xE1n y supervisar\xE1n. Siempre que las entidades pertinentes\ + \ garanticen una informaci\xF3n adecuada a los \xF3rganos de direcci\xF3\ + n, estos \xFAltimos o, cuando proceda, las personas que sean responsables\ + \ y tengan autoridad para gestionar los riesgos, aprobar\xE1n los resultados\ + \ de la evaluaci\xF3n de riesgos y los riesgos residuales." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2 assessable: true depth: 3 @@ -224,12 +396,26 @@ objects: \ management process shall be an integral part of the relevant entities\u2019\ \ overall risk management process, where applicable. As part of the cybersecurity\ \ risk management process, the relevant entities shall:" + translations: + es: + name: null + description: "A los efectos del punto 2.1.1, las entidades pertinentes establecer\xE1\ + n procedimientos para detectar, analizar, evaluar y tratar los riesgos\ + \ (\xABproceso de gesti\xF3n de riesgos de ciberseguridad\xBB). El proceso\ + \ de gesti\xF3n de riesgos de ciberseguridad formar\xE1 parte del proceso\ + \ de gesti\xF3n de riesgos general de la entidad pertinente, seg\xFAn\ + \ proceda. Como parte del proceso de gesti\xF3n de riesgos de ciberseguridad,\ + \ las entidades pertinentes:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.a assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2 ref_id: 2.1.2.a description: follow a risk management methodology; + translations: + es: + name: null + description: "seguir\xE1n una metodolog\xEDa de gesti\xF3n de riesgos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.b assessable: true depth: 4 @@ -237,12 +423,21 @@ objects: ref_id: 2.1.2.b description: establish the risk tolerance level in accordance with the risk appetite of the relevant entities; + translations: + es: + name: null + description: "establecer\xE1n un nivel de tolerancia al riesgo conforme\ + \ con la propensi\xF3n al riesgo de la entidad;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.c assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2 ref_id: 2.1.2.c description: establish and maintain relevant risk criteria; + translations: + es: + name: null + description: "establecer\xE1n y mantendr\xE1n criterios de riesgo pertinentes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.d assessable: true depth: 4 @@ -253,6 +448,16 @@ objects: in relation to third parties and risks that could lead to disruptions in the availability, integrity, authenticity and confidentiality of the network and information systems, including the identification of single point of failures; + translations: + es: + name: null + description: "de conformidad con un enfoque que abarque todos los riesgos,\ + \ determinar\xE1n y registrar\xE1n todos los riesgos existentes para la\ + \ seguridad de los sistemas de redes y de informaci\xF3n, en especial\ + \ con relaci\xF3n a terceros o a aquellos riesgos que puedan generar alteraciones\ + \ en la disponibilidad, integridad, autenticidad y confidencialidad de\ + \ los sistemas de redes y de informaci\xF3n, incluida la detecci\xF3n\ + \ de puntos \xFAnicos de fallo;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.e assessable: true depth: 4 @@ -261,12 +466,24 @@ objects: description: analyse the risks posed to the security of network and information systems, including threat, likelihood, impact, and risk level, taking into account cyber threat intelligence and vulnerabilities; + translations: + es: + name: null + description: "analizar\xE1n los riesgos que se planteen para la seguridad\ + \ de los sistemas de redes y de informaci\xF3n, especialmente la amenaza,\ + \ la probabilidad, el impacto y el nivel de riesgo, teniendo en cuenta\ + \ la inteligencia sobre ciberamenazas y las vulnerabilidades;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.f assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2 ref_id: 2.1.2.f description: evaluate the identified risks based on the risk criteria; + translations: + es: + name: null + description: "evaluar\xE1n los riesgos detectados a partir de los criterios\ + \ de riesgo;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2;g assessable: true depth: 4 @@ -274,12 +491,22 @@ objects: ref_id: 2.1.2;g description: identify and prioritise appropriate risk treatment options and measures; + translations: + es: + name: null + description: "determinar\xE1n y priorizar\xE1n las opciones y medidas adecuadas\ + \ de tratamiento de riesgos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.h assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2 ref_id: 2.1.2.h description: continuously monitor the implementation of the risk treatment measures; + translations: + es: + name: null + description: "supervisar\xE1n constantemente la aplicaci\xF3n de las medidas\ + \ de tratamiento de riesgos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.i assessable: true depth: 4 @@ -287,6 +514,12 @@ objects: ref_id: 2.1.2.i description: identify who is responsible for implementing the risk treatment measures and when they should be implemented; + translations: + es: + name: null + description: "determinar\xE1n qui\xE9n es responsable de la aplicaci\xF3\ + n de las medidas de tratamiento de riesgos y cu\xE1ndo deben aplicarse\ + \ estas;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.j assessable: true depth: 4 @@ -295,6 +528,12 @@ objects: description: document the chosen risk treatment measures in a risk treatment plan and the reasons justifying the acceptance of residual risks in a comprehensible manner. + translations: + es: + name: null + description: "informar\xE1n de manera comprensible de las medidas de tratamiento\ + \ de riesgos elegidas en un plan de tratamiento de riesgos y de las razones\ + \ que justifiquen la aceptaci\xF3n de los riesgos residuales." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.3 assessable: true depth: 3 @@ -306,6 +545,17 @@ objects: risk-management measures, the cost of implementation in relation to the expected benefit, the asset classification referred to in point 12.1., and the business impact analysis referred to in point 4.1.3. + translations: + es: + name: null + description: "Cuando detecten y prioricen las opciones y medidas adecuadas\ + \ para el tratamiento de los riesgos, las entidades pertinentes tendr\xE1\ + n en cuenta los resultados de la evaluaci\xF3n de riesgos, los resultados\ + \ del procedimiento para evaluar la eficacia de las medidas para la gesti\xF3\ + n de riesgos de ciberseguridad, el coste de su aplicaci\xF3n en relaci\xF3\ + n con los beneficios previstos, la clasificaci\xF3n de activos contemplada\ + \ en el punto 12.1 y el an\xE1lisis de impacto operativo a que se refiere\ + \ el punto 4.1.3." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.4 assessable: true depth: 3 @@ -315,12 +565,24 @@ objects: the risk assessment results and the risk treatment plan at planned intervals and at least annually, and when significant changes to operations or risks or significant incidents occur. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n los resultados de la evaluaci\xF3n de riesgos y el plan\ + \ de tratamiento de riesgos a intervalos planificados y como m\xEDnimo\ + \ anualmente, as\xED como cuando se produzcan incidentes significativos\ + \ o cambios significativos en las operaciones o los riegos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2 ref_id: '2.2' name: Compliance monitoring + translations: + es: + name: Control del cumplimiento + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.2.1 assessable: true depth: 3 @@ -331,6 +593,15 @@ objects: policies, rules, and standards. The management bodies shall be informed of the status of network and information security on the basis of the compliance reviews by means of regular reporting. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n peri\xF3dicamente el\ + \ cumplimiento de sus pol\xEDticas en materia de seguridad de los sistemas\ + \ de redes y de informaci\xF3n, pol\xEDticas espec\xEDficas, reglas y\ + \ normas. Los \xF3rganos de direcci\xF3n ser\xE1n informados, mediante\ + \ informes peri\xF3dicos, del estado de seguridad de las redes y la informaci\xF3\ + n a partir de las revisiones del cumplimiento." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.2.2 assessable: true depth: 3 @@ -341,6 +612,15 @@ objects: \ environments and threat landscapes. The compliance reporting system shall\ \ be capable to provide to the management bodies an informed view of the current\ \ state of the relevant entities\u2019 management of risks." + translations: + es: + name: null + description: "Las entidades pertinentes pondr\xE1n en marcha un sistema\ + \ eficaz de notificaci\xF3n del cumplimiento que ser\xE1 adecuado a sus\ + \ estructuras, sus entornos operativos y su panorama de amenazas. El sistema\ + \ de notificaci\xF3n del cumplimiento podr\xE1 ofrecer a los \xF3rganos\ + \ de direcci\xF3n una visi\xF3n informada del estado en que se encuentre\ + \ la gesti\xF3n de riesgos de las entidades pertinentes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.2.3 assessable: true depth: 3 @@ -349,12 +629,23 @@ objects: description: The relevant entities shall perform the compliance monitoring at planned intervals and when significant incidents or significant changes to operations or risks occur. + translations: + es: + name: null + description: "Las entidades pertinentes realizar\xE1n el control del cumplimiento\ + \ a intervalos planificados, as\xED como cuando se produzcan incidentes\ + \ significativos o cambios significativos en las operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2 ref_id: '2.3' name: Independent review of information and network security + translations: + es: + name: "Revisi\xF3n independiente de la seguridad de la informaci\xF3n y\ + \ las redes" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3.1 assessable: true depth: 3 @@ -363,6 +654,13 @@ objects: description: The relevant entities shall review independently their approach to managing network and information system security and its implementation including people, processes and technologies. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n de forma independiente\ + \ su enfoque de gesti\xF3n de la seguridad de los sistemas de redes y\ + \ de informaci\xF3n y su aplicaci\xF3n, incluidas las personas, los procesos\ + \ y las tecnolog\xEDas." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3.2 assessable: true depth: 3 @@ -376,6 +674,18 @@ objects: of the relevant entities does not allow such separation of line of authority, the relevant entities shall put in place alternative measures to guarantee the impartiality of the reviews. + translations: + es: + name: null + description: "Las entidades pertinentes desarrollar\xE1n y mantendr\xE1\ + n procedimientos para llevar a cabo revisiones independientes que ser\xE1\ + n ejecutados por personas con las debidas competencias en materia de auditor\xED\ + a. Cuando miembros del personal de la entidad pertinente realicen una\ + \ revisi\xF3n independiente, las personas encargadas de la misma no podr\xE1\ + n ejercer poder jer\xE1rquico sobre el personal de la zona objeto de la\ + \ revisi\xF3n. Si el tama\xF1o de la entidad pertinente no permite esta\ + \ separaci\xF3n del poder jer\xE1rquico, la entidad pondr\xE1 en marcha\ + \ medidas alternativas para garantizar la imparcialidad de las revisiones." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3.3 assessable: true depth: 3 @@ -386,6 +696,15 @@ objects: \ and measurement pursuant to point 7, shall be reported to the management\ \ bodies. Corrective actions shall be taken or residual risk accepted according\ \ to the relevant entities\u2019 risk acceptance criteria." + translations: + es: + name: null + description: "Los resultados de las revisiones independientes, especialmente\ + \ los resultados del control del cumplimiento de conformidad con el punto\ + \ 2.2 y del control y la medici\xF3n con arreglo al punto 7, se notificar\xE1\ + n a los \xF3rganos de control. De acuerdo con los criterios de aceptaci\xF3\ + n del riesgo de las entidades pertinentes, se adoptar\xE1n medidas correctoras\ + \ o se aceptar\xE1 el riesgo residual." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3.4 assessable: true depth: 3 @@ -393,17 +712,32 @@ objects: ref_id: 2.3.4 description: The independent reviews shall take place at planned intervals and when significant incidents or significant changes to operations or risks occur. + translations: + es: + name: null + description: "Las revisiones independientes tendr\xE1n lugar a intervalos\ + \ planificados, as\xED como cuando se produzcan incidentes significativos\ + \ o cambios significativos en las operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3 assessable: false depth: 1 ref_id: '3' name: INCIDENT HANDLING (ARTICLE 21(2), POINT (B), OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "GESTI\xD3N DE INCIDENTES [Art\xEDculo 21, Apartado 2, Letra B), de\ + \ la directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3 ref_id: '3.1' name: Incident handling policy + translations: + es: + name: "Pol\xEDtica de gesti\xF3n de incidentes" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.1 assessable: true depth: 3 @@ -414,6 +748,16 @@ objects: laying down the roles, responsibilities, and procedures for detecting, analysing, containing or responding to, recovering from, documenting and reporting of incidents in a timely manner. + translations: + es: + name: null + description: "A los efectos del art\xEDculo 21, apartado 2, letra b), de\ + \ la Directiva (UE) 2022/2555, las entidades pertinentes elaborar\xE1\ + n y pondr\xE1n en marcha una pol\xEDtica de gesti\xF3n de incidentes por\ + \ la que se establezcan los roles, responsabilidades y procedimientos\ + \ para la detecci\xF3n, el an\xE1lisis, la contenci\xF3n y la gesti\xF3\ + n de los incidentes, as\xED como la posterior recuperaci\xF3n, documentaci\xF3\ + n y notificaci\xF3n de los mismos a su debido tiempo." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2 assessable: true depth: 3 @@ -422,6 +766,13 @@ objects: description: 'The policy referred to in point 3.1.1 shall be coherent with the business continuity and disaster recovery plan referred to in point 4.1. The policy shall include:' + translations: + es: + name: null + description: "La pol\xEDtica prevista en el punto 3.1.1 ser\xE1 coherente\ + \ con el plan de continuidad de las actividades y de recuperaci\xF3n en\ + \ caso de cat\xE1strofe a que hace referencia el punto 4.1. La pol\xED\ + tica incluir\xE1:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2.a assessable: true depth: 4 @@ -429,12 +780,24 @@ objects: ref_id: 3.1.2.a description: a categorisation system for incidents that is consistent with the event assessment and classification carried out pursuant to point 3.4.1.; + translations: + es: + name: null + description: "un sistema de clasificaci\xF3n de incidentes que sea coherente\ + \ con la evaluaci\xF3n y clasificaci\xF3n de sucesos realizada de conformidad\ + \ con el punto 3.4.1;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2.b assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2 ref_id: 3.1.2.b description: effective communication plans including for escalation and reporting; + translations: + es: + name: null + description: "planes de comunicaci\xF3n eficaces, especialmente en lo relativo\ + \ a la activaci\xF3n de los niveles sucesivos de intervenci\xF3n y la\ + \ presentaci\xF3n de informes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2.c assessable: true depth: 4 @@ -442,6 +805,11 @@ objects: ref_id: 3.1.2.c description: assignment of roles to detect and appropriately respond to incidents to competent employees; + translations: + es: + name: null + description: "la asignaci\xF3n, a los empleados competentes, de roles para\ + \ detectar y gestionar adecuadamente los incidentes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2.d assessable: true depth: 4 @@ -449,6 +817,13 @@ objects: ref_id: 3.1.2.d description: documents to be used in the course of incident detection and response such as incident response manuals, escalation charts, contact lists and templates. + translations: + es: + name: null + description: "los documentos que han de utilizarse durante el proceso para\ + \ detectar y gestionar los incidentes, como, por ejemplo, manuales de\ + \ respuesta a incidentes, cuadros de activaci\xF3n por niveles, listas\ + \ de contactos y plantillas." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.3 assessable: true depth: 3 @@ -457,12 +832,24 @@ objects: description: The roles, responsibilities and procedures laid down in the policy shall be tested and reviewed and, where appropriate, updated at planned intervals and after significant incidents or significant changes to operations or risks. + translations: + es: + name: null + description: "Los roles, responsabilidades y procedimientos establecidos\ + \ en la pol\xEDtica se probar\xE1n, revisar\xE1n y, cuando proceda, se\ + \ actualizar\xE1n a intervalos planificados, as\xED como cuando se produzcan\ + \ incidentes significativos o cambios significativos en las operaciones\ + \ o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3 ref_id: '3.2' name: Monitoring and logging + translations: + es: + name: "Supervisi\xF3n y registro" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.1 assessable: true depth: 3 @@ -472,6 +859,14 @@ objects: monitor and log activities on their network and information systems to detect events that could be considered as incidents and respond accordingly to mitigate the impact. + translations: + es: + name: null + description: "Las entidades pertinentes establecer\xE1n procedimientos y\ + \ utilizar\xE1n herramientas para supervisar y registrar las actividades\ + \ en sus sistemas de redes y de informaci\xF3n a fin de detectar sucesos\ + \ que puedan considerarse incidentes y dar una respuesta consecuente para\ + \ mitigar su impacto." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.2 assessable: true depth: 3 @@ -481,6 +876,14 @@ objects: out either continuously or in periodic intervals, subject to business capabilities. The relevant entities shall implement their monitoring activities in a way which minimises false positives and false negatives. + translations: + es: + name: null + description: "En la medida de lo posible, la supervisi\xF3n se automatizar\xE1\ + \ y se llevar\xE1 a cabo bien de forma continua bien a intervalos peri\xF3\ + dicos, en funci\xF3n de las capacidades operativas. Las entidades pertinentes\ + \ pondr\xE1n en marcha sus actividades de seguimiento de manera que se\ + \ minimicen los falsos positivos y falsos negativos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3 assessable: true depth: 3 @@ -491,12 +894,25 @@ objects: shall establish a list of assets to be subject to logging based on the results of the risk assessment carried out pursuant to point 2.1. Where appropriate, logs shall include:' + translations: + es: + name: null + description: "A partir de los procedimientos contemplados en el punto 3.2.1,\ + \ las entidades pertinentes mantendr\xE1n, completar\xE1n y revisar\xE1\ + n sus registros. Las entidades pertinentes establecer\xE1n una lista de\ + \ los activos que deban registrarse teniendo en cuenta los resultados\ + \ de la evaluaci\xF3n de riesgos efectuada conforme al punto 2.1. Cuando\ + \ proceda, los registros incluir\xE1n informaci\xF3n sobre:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.a assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3 ref_id: 3.2.3.a description: relevant outbound and inbound network traffic; + translations: + es: + name: null + description: "el tr\xE1fico de entrada y salida de la red;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.b assessable: true depth: 4 @@ -504,18 +920,32 @@ objects: ref_id: 3.2.3.b description: "creation, modification or deletion of users of the relevant entities\u2019\ \ network and information systems and extension of the permissions;" + translations: + es: + name: null + description: "la creaci\xF3n, modificaci\xF3n o supresi\xF3n de usuarios\ + \ de los sistemas de redes y de informaci\xF3n de las entidades pertinentes\ + \ y la ampliaci\xF3n de los permisos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.c assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3 ref_id: 3.2.3.c description: access to systems and applications; + translations: + es: + name: null + description: el acceso a los sistemas y aplicaciones; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.d assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3 ref_id: 3.2.3.d description: authentication-related events; + translations: + es: + name: null + description: "los sucesos relacionados con la autenticaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.e assessable: true depth: 4 @@ -523,12 +953,23 @@ objects: ref_id: 3.2.3.e description: all privileged access to systems and applications, and activities performed by administrative accounts; + translations: + es: + name: null + description: "todo acceso privilegiado a los sistemas y aplicaciones, as\xED\ + \ como las actividades realizadas por las cuentas de administraci\xF3\ + n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.f assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3 ref_id: 3.2.3.f description: access or changes to critical configuration and backup files; + translations: + es: + name: null + description: "el acceso a los archivos cr\xEDticos de configuraci\xF3n y\ + \ a las copias de seguridad y todo cambio en los mismos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.g assessable: true depth: 4 @@ -536,36 +977,64 @@ objects: ref_id: 3.2.3.g description: event logs and logs from security tools, such as antivirus, intrusion detection systems or firewalls; + translations: + es: + name: null + description: "los registros de sucesos y los registros de las herramientas\ + \ de seguridad, como antivirus, sistemas de detecci\xF3n de intrusiones\ + \ o cortafuegos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.h assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3 ref_id: 3.2.3.h description: use of system resources, as well as their performance; + translations: + es: + name: null + description: "el uso de los recursos del sistema, as\xED como su rendimiento;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.i assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3 ref_id: 3.2.3.i description: physical access to facilities; + translations: + es: + name: null + description: "el acceso f\xEDsico a las instalaciones;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.j assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3 ref_id: 3.2.3.j description: access to and use of their network equipment and devices; + translations: + es: + name: null + description: "el acceso a los equipos y dispositivos de red y su utilizaci\xF3\ + n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.k assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3 ref_id: 3.2.3.k description: activation, stopping and pausing of the various logs; + translations: + es: + name: null + description: "la activaci\xF3n, detenci\xF3n e interrupci\xF3n de los distintos\ + \ registros;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.l assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3 ref_id: 3.2.3.l description: environmental events. + translations: + es: + name: null + description: los sucesos medioambientales. - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.4 assessable: true depth: 3 @@ -577,6 +1046,16 @@ objects: exceeded, an alarm shall be triggered, where appropriate, automatically. The relevant entities shall ensure that, in case of an alarm, a qualified and appropriate response is initiated in a timely manner. + translations: + es: + name: null + description: "Se revisar\xE1 peri\xF3dicamente la existencia de tendencias\ + \ inusuales o indeseadas en los registros. Cuando proceda, las entidades\ + \ pertinentes establecer\xE1n valores adecuados para los umbrales de alerta.\ + \ Cuando se superen los valores establecidos para los umbrales de alerta,\ + \ saltar\xE1 una alarma que ser\xE1, en su caso, autom\xE1tica. Las entidades\ + \ pertinentes se asegurar\xE1n de que, en las situaciones de alerta, se\ + \ adopte a su debido tiempo una respuesta cualificada y adecuada." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.5 assessable: true depth: 3 @@ -584,6 +1063,12 @@ objects: ref_id: 3.2.5 description: The relevant entities shall maintain and back up logs for a predefined period and shall protect them from unauthorised access or changes. + translations: + es: + name: null + description: "Las entidades pertinentes mantendr\xE1n registros, de los\ + \ que har\xE1n copias de seguridad, durante un per\xEDodo predefinido,\ + \ y los proteger\xE1n contra el acceso o los cambios no autorizados." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.6 assessable: true depth: 3 @@ -595,6 +1080,17 @@ objects: a list of all assets that are being logged and ensure that monitoring and logging systems are redundant. The availability of the monitoring and logging systems shall be monitored independent of the systems they are monitoring. + translations: + es: + name: null + description: "En la medida de lo posible, las entidades pertinentes velar\xE1\ + n por que todos los sistemas dispongan de fuentes de informaci\xF3n temporal\ + \ sincronizadas para permitir la vinculaci\xF3n de registros entre sistemas\ + \ de cara a la evaluaci\xF3n de sucesos. Las entidades pertinentes establecer\xE1\ + n y mantendr\xE1n una lista de todos los activos que se registren y velar\xE1\ + n por que los sistemas de seguimiento y registro sean redundantes. La\ + \ disponibilidad de los sistemas de supervisi\xF3n y registro se controlar\xE1\ + \ con independencia de los sistemas que est\xE9n supervisando." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.7 assessable: true depth: 3 @@ -603,12 +1099,22 @@ objects: description: The procedures as well as the list of assets that are being logged shall be reviewed and, where appropriate, updated at regular intervals and after significant incidents. + translations: + es: + name: null + description: "Tanto los procedimientos como la lista de activos que se registren\ + \ se revisar\xE1n y, cuando proceda, se actualizar\xE1n a intervalos regulares\ + \ y despu\xE9s de incidentes significativos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.3 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3 ref_id: '3.3' name: Event reporting + translations: + es: + name: "Notificaci\xF3n de sucesos" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.3.1 assessable: true depth: 3 @@ -616,6 +1122,12 @@ objects: ref_id: 3.3.1 description: The relevant entities shall put in place a simple mechanism allowing their employees, suppliers, and customers to report suspicious events. + translations: + es: + name: null + description: "Las entidades pertinentes pondr\xE1n en marcha un mecanismo\ + \ sencillo que permita a sus empleados, proveedores y clientes notificar\ + \ los sucesos sospechosos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.3.2 assessable: true depth: 3 @@ -624,12 +1136,22 @@ objects: description: The relevant entities shall, where appropriate, communicate the event reporting mechanism to their suppliers and customers, and shall regularly train their employees how to use the mechanism. + translations: + es: + name: null + description: "Las entidades pertinentes informar\xE1n, cuando proceda, del\ + \ mecanismo de notificaci\xF3n de sucesos a sus proveedores y clientes,\ + \ y formar\xE1n peri\xF3dicamente a sus empleados en el uso del mismo." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3 ref_id: '3.4' name: Event assessment and classification + translations: + es: + name: "Evaluaci\xF3n y clasificaci\xF3n de sucesos" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.1 assessable: true depth: 3 @@ -637,6 +1159,12 @@ objects: ref_id: 3.4.1 description: The relevant entities shall assess suspicious events to determine whether they constitute incidents and, if so, determine their nature and severity. + translations: + es: + name: null + description: "Las entidades pertinentes evaluar\xE1n los sucesos sospechosos\ + \ para determinar si constituyen incidentes y, en su caso, esclarecer\ + \ su naturaleza y gravedad." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2 assessable: false depth: 3 @@ -644,6 +1172,11 @@ objects: ref_id: 3.4.2 description: 'For the purpose of point 3.4.1, the relevant entities shall act in the following manner:' + translations: + es: + name: null + description: "A los efectos del punto 3.4.1, las entidades pertinentes realizar\xE1\ + n las acciones siguientes:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2.a assessable: true depth: 4 @@ -652,6 +1185,12 @@ objects: description: carry out the assessment based on predefined criteria laid down in advance, and on a triage to determine prioritisation of incident containment and eradication; + translations: + es: + name: null + description: "una evaluaci\xF3n basada en criterios predefinidos fijados\ + \ de antemano y en una clasificaci\xF3n que establezca las prioridades\ + \ de contenci\xF3n y erradicaci\xF3n de incidentes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2.b assessable: true depth: 4 @@ -659,6 +1198,11 @@ objects: ref_id: 3.4.2.b description: assess the existence of recurring incidents as referred to in Article 4 of this Regulation on a quarterly basis; + translations: + es: + name: null + description: "la evaluaci\xF3n trimestral de la existencia de incidentes\ + \ recurrentes tal como contempla el art\xEDculo 4 del presente Reglamento;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2.c assessable: true depth: 4 @@ -666,12 +1210,22 @@ objects: ref_id: 3.4.2.c description: review the appropriate logs for the purposes of event assessment and classification; + translations: + es: + name: null + description: "la revisi\xF3n de los registros adecuados a efectos de la\ + \ evaluaci\xF3n y clasificaci\xF3n de los sucesos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2.d assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2 ref_id: 3.4.2.d description: put in place a process for log correlation and analysis, and + translations: + es: + name: null + description: "la puesta en marcha de un procedimiento para vincular los\ + \ registros y el an\xE1lisis;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2.e assessable: true depth: 4 @@ -679,12 +1233,22 @@ objects: ref_id: 3.4.2.e description: reassess and reclassify events in case of new information becoming available or after analysis of previously available information. + translations: + es: + name: null + description: "y la reevaluaci\xF3n y reclasificaci\xF3n de los sucesos cuando\ + \ se disponga de nueva informaci\xF3n o tras analizar la informaci\xF3\ + n disponible previamente." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3 ref_id: '3.5' name: Incident response + translations: + es: + name: Respuesta ante incidentes + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.1 assessable: true depth: 3 @@ -692,12 +1256,22 @@ objects: ref_id: 3.5.1 description: The relevant entities shall respond to incidents in accordance with documented procedures and in a timely manner. + translations: + es: + name: null + description: "Las entidades pertinentes responder\xE1n a los incidentes\ + \ a su debido tiempo y de conformidad con procedimientos documentados." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5 ref_id: 3.5.2 description: 'The incident response procedures shall include the following stages:' + translations: + es: + name: null + description: "Los procedimientos de respuesta ante los incidentes incluir\xE1\ + n las siguientes fases:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2.a assessable: true depth: 4 @@ -705,18 +1279,32 @@ objects: ref_id: 3.5.2.a description: incident containment, to prevent the consequences of the incident from spreading; + translations: + es: + name: null + description: "contenci\xF3n del incidente, para evitar las consecuencias\ + \ de que se propague;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2.b assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2 ref_id: 3.5.2.b description: eradication, to prevent the incident from continuing or reappearing, + translations: + es: + name: null + description: "erradicaci\xF3n, para evitar que el incidente contin\xFAe\ + \ o reaparezca;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2.c assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2 ref_id: 3.5.2.c description: recovery from the incident, where necessary. + translations: + es: + name: null + description: "recuperaci\xF3n tras el incidente, cuando se requiera." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.3 assessable: true depth: 3 @@ -724,6 +1312,11 @@ objects: ref_id: 3.5.3 description: 'The relevant entities shall establish communication plans and procedures:' + translations: + es: + name: null + description: "Las entidades pertinentes establecer\xE1n procedimientos y\ + \ planes de comunicaci\xF3n:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.3.a assessable: true depth: 4 @@ -731,6 +1324,12 @@ objects: ref_id: 3.5.3.a description: with the Computer Security Incident Response Teams (CSIRTs) or, where applicable, the competent authorities, related to incident notification; + translations: + es: + name: null + description: "con los equipos de respuesta ante incidentes de seguridad\ + \ inform\xE1tica (CSIRT) o, cuando proceda, las autoridades competentes,\ + \ en materia de notificaci\xF3n de incidentes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.3.b assessable: true depth: 4 @@ -738,6 +1337,12 @@ objects: ref_id: 3.5.3.b description: for communication among staff members of the relevant entity, and for communication with relevant stakeholders external to the relevant entity. + translations: + es: + name: null + description: "para la comunicaci\xF3n entre los miembros del personal de\ + \ la entidad pertinente, y para la comunicaci\xF3n con las partes interesadas\ + \ ajenas a la entidad." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.4 assessable: true depth: 3 @@ -745,6 +1350,12 @@ objects: ref_id: 3.5.4 description: The relevant entities shall log incident response activities in accordance with the procedures referred to in point 3.2.1., and record evidence. + translations: + es: + name: null + description: "Las entidades pertinentes registrar\xE1n tanto las actividades\ + \ de respuesta ante incidentes de conformidad con los procedimientos contemplados\ + \ en el punto 3.2.1 como las pruebas correspondientes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.5 assessable: true depth: 3 @@ -752,12 +1363,21 @@ objects: ref_id: 3.5.5 description: The relevant entities shall test at planned intervals their incident response procedures. + translations: + es: + name: null + description: "Las entidades pertinentes probar\xE1n a intervalos planificados\ + \ sus procedimientos de respuesta ante los incidentes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.6 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3 ref_id: '3.6' name: Post-incident reviews + translations: + es: + name: Revisiones posteriores al incidente + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.6.1 assessable: true depth: 3 @@ -767,6 +1387,15 @@ objects: reviews after recovery from incidents. The post-incident reviews shall identify, where possible, the root cause of the incident and result in documented lessons learned to reduce the occurrence and consequences of future incidents. + translations: + es: + name: null + description: "Cuando proceda, y una vez se hayan recuperado del incidente,\ + \ las entidades pertinentes llevar\xE1n a cabo revisiones posteriores\ + \ al mismo. Las revisiones posteriores al incidente identificar\xE1n,\ + \ cuando se pueda, la causa subyacente y se traducir\xE1n en conclusiones\ + \ documentadas para reducir la ocurrencia y las consecuencias de futuros\ + \ incidentes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.6.2 assessable: true depth: 3 @@ -775,6 +1404,14 @@ objects: description: The relevant entities shall ensure that post-incident reviews contribute to improving their approach to network and information security, to risk treatment measures, and to incident handling, detection and response procedures. + translations: + es: + name: null + description: "Las entidades pertinentes velar\xE1n por que las revisiones\ + \ posteriores a los incidentes contribuyan a mejorar su enfoque en materia\ + \ de seguridad de las redes y de la informaci\xF3n, de medidas de tratamiento\ + \ de riesgos y de procedimientos de gesti\xF3n, detecci\xF3n y respuesta\ + \ ante incidentes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.6.3 assessable: false depth: 3 @@ -782,18 +1419,33 @@ objects: ref_id: 3.6.3 description: The relevant entities shall review at planned intervals if incidents led to post-incident reviews. + translations: + es: + name: null + description: "Las entidades pertinentes comprobar\xE1n a intervalos planificados\ + \ si los incidentes condujeron a revisiones posteriores al incidente." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4 assessable: false depth: 1 ref_id: '4' name: BUSINESS CONTINUITY AND CRISIS MANAGEMENT (ARTICLE 21(2), POINT (C), OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "CONTINUIDAD DE LAS ACTIVIDADES Y GESTI\xD3N DE LAS CRISIS [Art\xED\ + culo 21, Apartado 2, Letra C), de la directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4 ref_id: '4.1' name: Business continuity and disaster recovery plan + translations: + es: + name: "Plan de continuidad de las actividades y de recuperaci\xF3n en caso\ + \ de cat\xE1strofe" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.1 assessable: true depth: 3 @@ -802,6 +1454,13 @@ objects: description: For the purpose of Article 21(2), point (c) of Directive (EU) 2022/2555, the relevant entities shall lay down and maintain a business continuity and disaster recovery plan to apply in the case of incidents. + translations: + es: + name: null + description: "A efectos del art\xEDculo 21, apartado 2, letra c), de la\ + \ Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1n\ + \ y mantendr\xE1n un plan de continuidad de las actividades y de recuperaci\xF3\ + n en caso de cat\xE1strofe que pondr\xE1n en marcha si se producen incidentes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2 assessable: true depth: 3 @@ -811,54 +1470,97 @@ objects: \ to the business continuity and disaster recovery plan. The plan shall be\ \ based on the results of the risk assessment carried out pursuant to point\ \ 2.1 and shall include, where appropriate, the following:" + translations: + es: + name: null + description: "Las operaciones de las entidades pertinentes se restablecer\xE1\ + n de acuerdo con el plan de continuidad de las actividades y de recuperaci\xF3\ + n en caso de cat\xE1strofe. El plan se basar\xE1 en los resultados de\ + \ la evaluaci\xF3n de riesgos realizada con arreglo al punto 2.1 e incluir\xE1\ + , seg\xFAn proceda, lo siguiente:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.a assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2 ref_id: 4.1.2.a description: purpose, scope and audience; + translations: + es: + name: null + description: "objetivos, \xE1mbito de aplicaci\xF3n y p\xFAblico destinatario;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.b assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2 ref_id: 4.1.2.b description: roles and responsibilities; + translations: + es: + name: null + description: roles y responsabilidades; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.c assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2 ref_id: 4.1.2.c description: key contacts and (internal and external) communication channels; + translations: + es: + name: null + description: "contactos clave y canales de comunicaci\xF3n (internos y externos);" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.d assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2 ref_id: 4.1.2.d description: conditions for plan activation and deactivation; + translations: + es: + name: null + description: "condiciones de activaci\xF3n y desactivaci\xF3n del plan;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.e assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2 ref_id: 4.1.2.e description: order of recovery for operations; + translations: + es: + name: null + description: "orden de recuperaci\xF3n de las operaciones;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.f assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2 ref_id: 4.1.2.f description: recovery plans for specific operations, including recovery objectives; + translations: + es: + name: null + description: "planes de recuperaci\xF3n de operaciones espec\xEDficas, incluidos\ + \ los objetivos de recuperaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.g assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2 ref_id: 4.1.2.g description: required resources, including backups and redundancies; + translations: + es: + name: null + description: recursos necesarios, incluidas las copias de seguridad y las + redundancias; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.h assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2 ref_id: 4.1.2.h description: restoring and resuming activities from temporary measures. + translations: + es: + name: null + description: "restablecimiento y reanudaci\xF3n de las actividades a partir\ + \ de medidas temporales." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.3 assessable: true depth: 3 @@ -868,6 +1570,14 @@ objects: to assess the potential impact of severe disruptions to their business operations and shall, based on the results of the business impact analysis, establish continuity requirements for the network and information systems. + translations: + es: + name: null + description: "Las entidades pertinentes realizar\xE1n un an\xE1lisis de\ + \ impacto operativo para evaluar el posible impacto de las perturbaciones\ + \ graves en sus operaciones y establecer\xE1n, a partir de los resultados\ + \ de dicho an\xE1lisis, requisitos de continuidad para los sistemas de\ + \ redes y de informaci\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.4 assessable: true depth: 3 @@ -878,12 +1588,25 @@ objects: following significant incidents or significant changes to operations or risks. The relevant entities shall ensure that the plans incorporate lessons learnt from such tests. + translations: + es: + name: null + description: "El plan de continuidad de las actividades y el plan de recuperaci\xF3\ + n en caso de cat\xE1strofe se probar\xE1n, revisar\xE1n y, cuando proceda,\ + \ se actualizar\xE1n a intervalos planificados o tras incidentes significativos\ + \ o cambios significativos en las operaciones o los riesgos. Las entidades\ + \ pertinentes velar\xE1n por que dichos planes engloben las conclusiones\ + \ extra\xEDdas en las pruebas." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4 ref_id: '4.2' name: Backup and redundancy management + translations: + es: + name: "Gesti\xF3n de las copias de seguridad y las redundancias" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.1 assessable: true depth: 3 @@ -892,6 +1615,13 @@ objects: description: The relevant entities shall maintain backup copies of data and provide sufficient available resources, including facilities, network and information systems and staff, to ensure an appropriate level of redundancy. + translations: + es: + name: null + description: "Las entidades pertinentes mantendr\xE1n copias de seguridad\ + \ de los datos y pondr\xE1n a disposici\xF3n recursos suficientes, como\ + \ instalaciones, sistemas de redes y de informaci\xF3n y personal, para\ + \ velar por un nivel de redundancia adecuado." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2 assessable: true depth: 3 @@ -900,12 +1630,23 @@ objects: description: 'Based on the results of the risk assessment carried out pursuant to point 2.1 and the business continuity plan, the relevant entities shall lay down backup plans which include the following:' + translations: + es: + name: null + description: "A partir de los resultados de la evaluaci\xF3n de riesgos\ + \ realizada seg\xFAn el punto 2.1 y el plan de continuidad de las actividades,\ + \ las entidades pertinentes establecer\xE1n planes de copia de seguridad\ + \ que incluir\xE1n lo siguiente:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.a assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2 ref_id: 4.2.2.a description: recovery times; + translations: + es: + name: null + description: "plazos de recuperaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.b assessable: true depth: 4 @@ -913,6 +1654,13 @@ objects: ref_id: 4.2.2.b description: assurance that backup copies are complete and accurate, including configuration data and data stored in cloud computing service environment; + translations: + es: + name: null + description: "garant\xEDas de que las copias de seguridad sean completas\ + \ y precisas, especialmente los datos de configuraci\xF3n y la informaci\xF3\ + n almacenada en el entorno de proveedores de servicios de computaci\xF3\ + n en nube;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.c assessable: true depth: 4 @@ -921,6 +1669,14 @@ objects: description: storing backup copies (online or offline) in a safe location or locations, which are not in the same network as the system, and are at sufficient distance to escape any damage from a disaster at the main site; + translations: + es: + name: null + description: "almacenamiento de copias de seguridad (en l\xEDnea o fuera\ + \ de l\xEDnea) en uno o varios lugares seguros, que no est\xE9n en la\ + \ misma red que el sistema y que est\xE9n a una distancia suficiente para\ + \ escapar de cualquier da\xF1o provocado por una cat\xE1strofe en el emplazamiento\ + \ principal;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.d assessable: true depth: 4 @@ -928,18 +1684,33 @@ objects: ref_id: 4.2.2.d description: appropriate physical and logical access controls to backup copies, in accordance with the asset classification level; + translations: + es: + name: null + description: "controles adecuados de acceso l\xF3gico y f\xEDsico a las\ + \ copias de seguridad, de conformidad con el nivel de clasificaci\xF3\ + n de activos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.e assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2 ref_id: 4.2.2.e description: restoring data from backup copies; + translations: + es: + name: null + description: "recuperaci\xF3n de datos de las copias de seguridad;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.f assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2 ref_id: 4.2.2.f description: retention periods based on business and regulatory requirements. + translations: + es: + name: null + description: "plazos de conservaci\xF3n sustentados en los requisitos operativos\ + \ y reglamentarios." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.3 assessable: true depth: 3 @@ -947,6 +1718,11 @@ objects: ref_id: 4.2.3 description: The relevant entities shall perform regular integrity checks on the backup copies. + translations: + es: + name: null + description: "Las entidades pertinentes verificar\xE1n regularmente la integridad\ + \ de las copias de seguridad." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4 assessable: true depth: 3 @@ -956,30 +1732,56 @@ objects: to point 2.1 and the business continuity plan, the relevant entities shall ensure sufficient availability of resources by at least partial redundancy of the following:' + translations: + es: + name: null + description: "A partir de los resultados de la evaluaci\xF3n de riesgos\ + \ realizada con arreglo al punto 2.1 y el plan de continuidad de las actividades,\ + \ las entidades pertinentes garantizar\xE1n una disponibilidad suficiente\ + \ de los recursos mediante, como m\xEDnimo, la redundancia parcial de\ + \ lo siguiente:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4.a assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4 ref_id: 4.2.4.a description: network and information systems; + translations: + es: + name: null + description: "los sistemas de redes y de informaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4.b assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4 ref_id: 4.2.4.b description: assets, including facilities, equipment and supplies; + translations: + es: + name: null + description: los activos, incluidos las instalaciones, los equipos y los + suministros; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4.c assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4 ref_id: 4.2.4.c description: personnel with the necessary responsibility, authority and competence; + translations: + es: + name: null + description: el personal con la responsabilidad, la autoridad y las competencias + necesarias; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4.d assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4 ref_id: 4.2.4.d description: appropriate communication channels. + translations: + es: + name: null + description: "los canales de comunicaci\xF3n adecuados." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.5 assessable: true depth: 3 @@ -988,6 +1790,13 @@ objects: description: Where appropriate, the relevant entities shall ensure that monitoring and adjustment of resources, including facilities, systems and personnel, is duly informed by backup and redundancy requirements. + translations: + es: + name: null + description: "Cuando proceda, las entidades pertinentes velar\xE1n por que\ + \ la supervisi\xF3n y el ajuste de los recursos, incluidas las instalaciones,\ + \ los sistemas y el personal, est\xE9n debidamente fundados en los requisitos\ + \ de copias de seguridad y redundancia." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.6 assessable: true depth: 3 @@ -998,18 +1807,37 @@ objects: they can be relied upon and cover the copies, processes and knowledge to perform an effective recovery. The relevant entities shall document the results of the tests and, where needed, take corrective action. + translations: + es: + name: null + description: "Las entidades pertinentes llevar\xE1n a cabo pruebas peri\xF3\ + dicas de la recuperaci\xF3n de copias de seguridad y las redundancias\ + \ para asegurarse de que, en condiciones de recuperaci\xF3n, es posible\ + \ depender de ellas y que engloban las copias, los procesos y los conocimientos\ + \ necesarios para llevar a cabo una recuperaci\xF3n eficaz. Las entidades\ + \ pertinentes documentar\xE1n los resultados de las pruebas y, cuando\ + \ sea necesario, adoptar\xE1n medidas correctoras." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4 ref_id: '4.3' name: Crisis management + translations: + es: + name: "Gesti\xF3n de crisis" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.1 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3 ref_id: 4.3.1 description: The relevant entities shall put in place a process for crisis management. + translations: + es: + name: null + description: "Las entidades pertinentes pondr\xE1n en marcha procesos de\ + \ gesti\xF3n de crisis." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2 assessable: true depth: 3 @@ -1017,6 +1845,11 @@ objects: ref_id: 4.3.2 description: 'The relevant entities shall ensure that the crisis management process addresses at least the following elements:' + translations: + es: + name: null + description: "Las entidades pertinentes velar\xE1n por que los procesos\ + \ de gesti\xF3n de crisis aborden al menos los siguientes elementos:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2.a assessable: true depth: 4 @@ -1025,6 +1858,13 @@ objects: description: roles and responsibilities for personnel and, where appropriate, suppliers and service providers, specifying the allocation of roles in crisis situations, including specific steps to follow; + translations: + es: + name: null + description: "los roles y responsabilidades del personal y, cuando proceda,\ + \ los proveedores y los prestadores de servicios, especificando la asignaci\xF3\ + n de roles en situaciones de crisis y los pasos espec\xEDficos que deben\ + \ seguirse;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2.b assessable: true depth: 4 @@ -1032,6 +1872,11 @@ objects: ref_id: 4.3.2.b description: appropriate communication means between the relevant entities and relevant competent authorities; + translations: + es: + name: null + description: "los medios de comunicaci\xF3n adecuados entre las entidades\ + \ pertinentes y las autoridades competentes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2.c assessable: true depth: 4 @@ -1039,7 +1884,13 @@ objects: ref_id: 4.3.2.c description: application of appropriate measures to ensure the maintenance of network and information system security in crisis situations. - - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:node141 + translations: + es: + name: null + description: "la aplicaci\xF3n de medidas adecuadas para garantizar el mantenimiento\ + \ de la seguridad de los sistemas de redes y de informaci\xF3n en situaciones\ + \ de crisis." + - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2:1 assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2 @@ -1047,6 +1898,13 @@ objects: relevant entities and relevant competent authorities shall include both obligatory communications, such as incident reports and related timelines, and non- obligatory communications. + translations: + es: + name: null + description: "A efectos de la letra b), el flujo de informaci\xF3n entre\ + \ las entidades pertinentes y las autoridades competentes incluir\xE1\ + \ comunicaciones obligatorias, como informes de incidentes y los plazos\ + \ correspondientes, as\xED como comunicaciones facultativas." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.3 assessable: true depth: 3 @@ -1056,6 +1914,13 @@ objects: making use of information received from the CSIRTs or, where applicable, the competent authorities, concerning incidents, vulnerabilities, threats or possible mitigation measures. + translations: + es: + name: null + description: "Las entidades pertinentes pondr\xE1n en marcha procesos para\ + \ gestionar y usar la informaci\xF3n recibida de los CSIRT o, cuando proceda,\ + \ las autoridades competentes, en relaci\xF3n con incidentes, vulnerabilidades,\ + \ amenazas o posibles medidas de mitigaci\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.4 assessable: true depth: 3 @@ -1064,17 +1929,33 @@ objects: description: The relevant entities shall test, review and, where appropriate, update the crisis management plan on a regular basis or following significant incidents or significant changes to operations or risks. + translations: + es: + name: null + description: "Las entidades pertinentes comprobar\xE1n, revisar\xE1n y,\ + \ cuando proceda, actualizar\xE1n los planes de gesti\xF3n de la crisis\ + \ de forma peri\xF3dica o despu\xE9s de incidentes significativos o cambios\ + \ significativos en las operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5 assessable: false depth: 1 ref_id: '5' name: SUPPLY CHAIN SECURITY (ARTICLE 21(2), POINT (D), OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "SEGURIDAD DE LAS CADENAS DE SUMINISTRO [Art\xEDculo 21, Apartado\ + \ 2, Letra D), de la directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5 ref_id: '5.1' name: Supply chain security policy + translations: + es: + name: "Pol\xEDtica de seguridad de las cadenas de suministros" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.1 assessable: true depth: 3 @@ -1087,6 +1968,18 @@ objects: of network and information systems. In the supply chain security policy, the relevant entities shall identify their role in the supply chain and communicate it to their direct suppliers and service providers. + translations: + es: + name: null + description: "A efectos del art\xEDculo 21, apartado 2, letra d), de la\ + \ Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1n,\ + \ pondr\xE1n en marcha y aplicar\xE1n una pol\xEDtica de seguridad de\ + \ las cadenas de suministros que rija las relaciones con sus proveedores\ + \ y prestadores de servicios directos con el fin de mitigar los riesgos\ + \ detectados para la seguridad de los sistemas de redes y de informaci\xF3\ + n. En la pol\xEDtica de seguridad de las cadenas de suministros, las entidades\ + \ pertinentes determinar\xE1n su papel en la cadena de suministro y se\ + \ lo comunicar\xE1n a sus proveedores y prestadores de servicios directos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2 assessable: true depth: 3 @@ -1095,6 +1988,13 @@ objects: description: 'As part of the supply chain security policy referred to in point 5.1.1, the relevant entities shall lay down criteria to select and contract suppliers and service providers. Those criteria shall include the following:' + translations: + es: + name: null + description: "Como parte de la pol\xEDtica de la cadena de suministro contemplada\ + \ en el punto 5.1.1, las entidades pertinentes establecer\xE1n criterios\ + \ para seleccionar y contratar a los proveedores y prestadores de servicios.\ + \ Dichos criterios incluir\xE1n lo siguiente:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2.a assessable: true depth: 4 @@ -1102,6 +2002,11 @@ objects: ref_id: 5.1.2.a description: the cybersecurity practices of the suppliers and service providers, including their secure development procedures; + translations: + es: + name: null + description: "las pr\xE1cticas de ciberseguridad de sus proveedores y prestadores\ + \ de servicios, incluidos sus procedimientos de desarrollo seguro;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2.b assessable: true depth: 4 @@ -1109,6 +2014,12 @@ objects: ref_id: 5.1.2.b description: the ability of the suppliers and service providers to meet cybersecurity specifications set by the relevant entities; + translations: + es: + name: null + description: la capacidad de los proveedores y prestadores de servicios + para cumplir las especificaciones de ciberseguridad establecidas por las + entidades pertinentes; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2.c assessable: true depth: 4 @@ -1117,6 +2028,13 @@ objects: description: the overall quality and resilience of ICT products and ICT services and the cybersecurity risk-management measures embedded in them, including the risks and classification level of the ICT products and ICT services; + translations: + es: + name: null + description: "la calidad general y la resiliencia de los productos y servicios\ + \ TIC y las medidas para la gesti\xF3n de riesgos de ciberseguridad integradas\ + \ en ellos, incluidos los riesgos y el nivel de clasificaci\xF3n de los\ + \ productos y servicios TIC;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2.d assessable: true depth: 4 @@ -1124,6 +2042,12 @@ objects: ref_id: 5.1.2.d description: the ability of the relevant entities to diversify sources of supply and limit vendor lock-in, where applicable. + translations: + es: + name: null + description: la capacidad de las entidades pertinentes de diversificar las + fuentes de suministro y limitar la dependencia de un proveedor, cuando + proceda. - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.3 assessable: true depth: 3 @@ -1133,6 +2057,14 @@ objects: entities shall take into account the results of the coordinated security risk assessments of critical supply chains carried out in accordance with Article 22(1) of Directive (EU) 2022/2555, where applicable. + translations: + es: + name: null + description: "Cuando establezcan su pol\xEDtica de seguridad de la cadena\ + \ de suministro, las entidades pertinentes tendr\xE1n en cuenta los resultados\ + \ de las evaluaciones coordinadas de riesgos para la seguridad de las\ + \ cadenas de suministro cr\xEDticas realizadas de conformidad con el art\xED\ + culo 22, apartado 1, de la Directiva (UE) 2022/2555, seg\xFAn proceda." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4 assessable: true depth: 3 @@ -1143,6 +2075,16 @@ objects: of this Annex, the relevant entities shall ensure that their contracts with the suppliers and service providers specify, where appropriate through service level agreements, the following, where appropriate:' + translations: + es: + name: null + description: "A partir de la pol\xEDtica de seguridad de las cadenas de\ + \ suministro y teniendo en cuenta los resultados de la evaluaci\xF3n de\ + \ riesgos realizada de conformidad con el punto 2.1 del presente anexo,\ + \ las entidades pertinentes se asegurar\xE1n de que sus contratos con\ + \ los proveedores y prestadores de servicios especifiquen, cuando proceda\ + \ mediante acuerdos de nivel de servicio, los siguientes elementos, seg\xFA\ + n se requiera:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.a assessable: true depth: 4 @@ -1151,6 +2093,13 @@ objects: description: cybersecurity requirements for the suppliers or service providers, including requirements as regards the security in acquisition of ICT services or ICT products set out in point 6.1.; + translations: + es: + name: null + description: "los requisitos de ciberseguridad correspondientes a los proveedores\ + \ y prestadores de servicios, incluidos los requisitos relativos a la\ + \ seguridad en la adquisici\xF3n de productos y servicios TIC establecidos\ + \ en el punto 6.1;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.b assessable: true depth: 4 @@ -1159,6 +2108,12 @@ objects: description: "requirements regarding awareness, skills and training, and where\ \ appropriate certifications, required from the suppliers\u2019 or service\ \ providers\u2019 employees;" + translations: + es: + name: null + description: "los requisitos relativos a la sensibilizaci\xF3n, las capacidades\ + \ y la formaci\xF3n y, cuando proceda, los certificados requeridos de\ + \ los empleados de los proveedores o prestadores de servicios;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.c assessable: true depth: 4 @@ -1166,6 +2121,11 @@ objects: ref_id: 5.1.4.c description: "requirements regarding the verification of the background of the\ \ suppliers\u2019 and service providers\u2019 employees;" + translations: + es: + name: null + description: los requisitos relativos a los controles de los antecedentes + personales de los empleados de los proveedores y prestadores de servicios; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.d assessable: true depth: 4 @@ -1174,12 +2134,24 @@ objects: description: an obligation on suppliers and service providers to notify, without undue delay, the relevant entities of incidents that present a risk to the security of the network and information systems of those entities; + translations: + es: + name: null + description: "la obligaci\xF3n de los proveedores y prestadores de servicios\ + \ de informar, sin demora indebida, a las entidades pertinentes de aquellos\ + \ incidentes que presenten un riesgo para la seguridad de los sistemas\ + \ de redes y de informaci\xF3n de dichas entidades;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.e assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4 ref_id: 5.1.4.e description: the right to audit or right to receive audit reports; + translations: + es: + name: null + description: "el derecho de auditor\xEDa o el derecho a recibir informes\ + \ de auditor\xEDa;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.f assessable: true depth: 4 @@ -1188,6 +2160,13 @@ objects: description: an obligation on suppliers and service providers to handle vulnerabilities that present a risk to the security of the network and information systems of the relevant entities; + translations: + es: + name: null + description: "la obligaci\xF3n de los proveedores y prestadores de servicios\ + \ de hacerse cargo de las vulnerabilidades que presenten un riesgo para\ + \ la seguridad de los sistemas de redes y de informaci\xF3n de las entidades\ + \ pertinentes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.g assessable: true depth: 4 @@ -1196,6 +2175,13 @@ objects: description: requirements regarding subcontracting and, where the relevant entities allow subcontracting, cybersecurity requirements for subcontractors in accordance with the cybersecurity requirements referred to in point (a); + translations: + es: + name: null + description: "los requisitos relativos a la subcontrataci\xF3n y, cuando\ + \ las entidades pertinentes permitan esta \xFAltima, los requisitos de\ + \ ciberseguridad de los subcontratistas de conformidad con los requisitos\ + \ de seguridad contemplados en la letra a);" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.h assessable: true depth: 4 @@ -1204,6 +2190,12 @@ objects: description: obligations on the suppliers and service providers at the termination of the contract, such as retrieval and disposal of the information obtained by the suppliers and service providers in the exercise of their tasks. + translations: + es: + name: null + description: "las obligaciones de los proveedores y prestadores de servicios\ + \ al finalizar el contrato, tales como la recuperaci\xF3n y eliminaci\xF3\ + n de informaci\xF3n que hayan obtenido en el ejercicio de sus funciones." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.5 assessable: true depth: 3 @@ -1213,6 +2205,13 @@ objects: to in point 5.1.2 and 5.1.3. as part of the selection process of new suppliers and service providers, as well as part of the procurement process referred to in point 6.1. + translations: + es: + name: null + description: "Las entidades pertinentes tendr\xE1n en cuenta los elementos\ + \ a que se refieren los puntos 5.1.2 y 5.1.3 como parte del proceso de\ + \ selecci\xF3n de nuevos proveedores o prestadores de servicios, y como\ + \ parte del proceso de contrataci\xF3n a que se refiere el punto 6.1." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.6 assessable: true depth: 3 @@ -1224,12 +2223,27 @@ objects: significant changes to operations or risks or significant incidents related to the provision of ICT services or having impact on the security of the ICT products from suppliers and service providers occur. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n la pol\xEDtica de seguridad\ + \ de la cadena de suministro y supervisar\xE1n, evaluar\xE1n y, cuando\ + \ proceda, tomar\xE1n medidas acordes con los cambios en las pr\xE1cticas\ + \ de ciberseguridad de los proveedores y prestadores de servicios, a intervalos\ + \ planificados o cuando se produzcan cambios significativos en las operaciones\ + \ o en los riesgos, o acontezcan incidentes significativos relativos a\ + \ la prestaci\xF3n de servicios TIC o que tengan repercusiones en la seguridad\ + \ del producto TIC de los proveedores y prestadores de servicios." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1 ref_id: 5.1.7 description: 'For the purpose of point 5.1.6., the relevant entities shall:' + translations: + es: + name: null + description: 'A los efectos del punto 5.1.6, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7.a assessable: true depth: 4 @@ -1237,6 +2251,11 @@ objects: ref_id: 5.1.7.a description: regularly monitor reports on the implementation of the service level agreements, where applicable; + translations: + es: + name: null + description: "supervisar\xE1n peri\xF3dicamente los informes relativos a\ + \ la aplicaci\xF3n de los acuerdos de nivel de servicio, cuando proceda;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7.b assessable: true depth: 4 @@ -1244,6 +2263,11 @@ objects: ref_id: 5.1.7.b description: review incidents related to ICT products and ICT services from suppliers and service providers; + translations: + es: + name: null + description: "revisar\xE1n los incidentes relacionados con los productos\ + \ y servicios TIC de los proveedores y prestadores de servicios;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7.c assessable: true depth: 4 @@ -1251,6 +2275,11 @@ objects: ref_id: 5.1.7.c description: assess the need for unscheduled reviews and document the findings in a comprehensible manner; + translations: + es: + name: null + description: "evaluar\xE1n la necesidad de revisiones no programadas y recopilar\xE1\ + n las conclusiones de manera comprensible;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7.d assessable: true depth: 4 @@ -1259,43 +2288,80 @@ objects: description: analyse the risks presented by changes related to ICT products and ICT services from suppliers and service providers and, where appropriate, take mitigating measures in a timely manner. + translations: + es: + name: null + description: "analizar\xE1n los riesgos que planteen los cambios relativos\ + \ a los productos y servicios TIC de los proveedores y prestadores de\ + \ servicios y, cuando proceda, adoptar\xE1n medidas de mitigaci\xF3n a\ + \ su debido tiempo." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5 ref_id: '5.2' name: Directory of suppliers and service providers - - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:node170 + translations: + es: + name: Directorio de proveedores y prestadores de servicios + description: null + - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2:1 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2 description: 'The relevant entities shall maintain and keep up to date a registry of their direct suppliers and service providers, including:' + translations: + es: + name: null + description: "Las entidades pertinentes mantendr\xE1n y actualizar\xE1n\ + \ un registro de sus proveedores y prestadores de servicios directos,\ + \ en el que incluir\xE1n:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2.a assessable: true depth: 4 - parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:node170 + parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2:1 ref_id: 5.2.a description: contact points for each direct supplier and service provider; + translations: + es: + name: null + description: los puntos de contacto correspondientes a cada proveedor o + prestador de servicios directo; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2.b assessable: true depth: 4 - parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:node170 + parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2:1 ref_id: 5.2.b description: a list of ICT products, ICT services, and ICT processes provided by the direct supplier or service provider to the relevant entities. + translations: + es: + name: null + description: una lista de productos TIC, servicios TIC y procesos TIC proporcionados + por el proveedor o prestador de servicios directo a las entidades pertinentes. - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6 assessable: false depth: 1 ref_id: '6' name: SECURITY IN NETWORK AND INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE (ARTICLE 21(2), POINT (E), OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "SEGURIDAD EN LA ADQUISICI\xD3N, EL DESARROLLO Y EL MANTENIMIENTO\ + \ DE SISTEMAS DE REDES Y DE INFORMACI\xD3N [Art\xEDculo 21, Apartado 2,\ + \ Letra E), de la directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6 ref_id: '6.1' name: Security in acquisition of ICT services or ICT products + translations: + es: + name: "Seguridad en la adquisici\xF3n de servicios TIC o productos TIC" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.1 assessable: true depth: 3 @@ -1308,6 +2374,17 @@ objects: \ network and information systems, based on the risk assessment carried out\ \ pursuant to point 2.1, from suppliers or service providers throughout their\ \ life cycle." + translations: + es: + name: null + description: "A los efectos del art\xEDculo 21, apartado 2, letra e), de\ + \ la Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1\ + n y pondr\xE1n en marcha procedimientos para gestionar los riesgos derivados\ + \ de la adquisici\xF3n de servicios o productos TIC para componentes que\ + \ sean cr\xEDticos para la seguridad de los sistemas de redes y de informaci\xF3\ + n de las entidades pertinentes, de acuerdo con la evaluaci\xF3n de riesgos\ + \ realizada con arreglo al punto 2.1, de los proveedores o prestadores\ + \ de servicios a lo largo de su vida \xFAtil." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2 assessable: false depth: 3 @@ -1315,6 +2392,11 @@ objects: ref_id: 6.1.2 description: 'For the purpose of point 6.1.1., the processes referred to in point 6.1.1. shall include:' + translations: + es: + name: null + description: "A los efectos del punto 6.1.1, los procedimientos contemplados\ + \ en el mismo incluir\xE1n:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.a assessable: true depth: 4 @@ -1322,6 +2404,11 @@ objects: ref_id: 6.1.2.a description: security requirements to apply to the ICT services or ICT products to be acquired; + translations: + es: + name: null + description: requisitos de seguridad aplicables a los servicios o productos + TIC que vayan a adquirirse; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.b assessable: true depth: 4 @@ -1330,6 +2417,12 @@ objects: description: requirements regarding security updates throughout the entire lifetime of the ICT services or ICT products, or replacement after the end of the support period; + translations: + es: + name: null + description: "requisitos relativos a las actualizaciones de seguridad a\ + \ lo largo de toda la vida \xFAtil de los productos o servicios TIC o\ + \ a su sustituci\xF3n tras el final del per\xEDodo de soporte;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.c assessable: true depth: 4 @@ -1337,6 +2430,11 @@ objects: ref_id: 6.1.2.c description: information describing the hardware and software components used in the ICT services or ICT products; + translations: + es: + name: null + description: "informaci\xF3n que describa los componentes de hardware y\ + \ software utilizados en los servicios y productos TIC;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.d assessable: true depth: 4 @@ -1345,6 +2443,12 @@ objects: description: information describing the implemented cybersecurity functions of the ICT services or ICT products and the configuration required for their secure operation; + translations: + es: + name: null + description: "informaci\xF3n que describa las funciones de ciberseguridad\ + \ de los servicios o productos TIC puestas en marcha o la configuraci\xF3\ + n necesaria para su funcionamiento seguro;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.e assessable: true depth: 4 @@ -1352,6 +2456,11 @@ objects: ref_id: 6.1.2.e description: assurance that the ICT services or ICT products comply with the security requirements according to point (a); + translations: + es: + name: null + description: "garant\xEDas de que los servicios o productos TIC cumplen\ + \ los requisitos de seguridad con arreglo a la letra a);" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.f assessable: true depth: 4 @@ -1360,6 +2469,13 @@ objects: description: methods for validating that the delivered ICT services or ICT products are compliant to the stated security requirements, as well as documentation of the results of the validation. + translations: + es: + name: null + description: "m\xE9todos para validar el cumplimiento de los requisitos\ + \ de seguridad declarados por parte de los servicios o productos de TIC\ + \ suministrados, y documentaci\xF3n de los resultados de la validaci\xF3\ + n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.3 assessable: true depth: 3 @@ -1367,12 +2483,22 @@ objects: ref_id: 6.1.3 description: The relevant entities shall review and, where appropriate, update the processes at planned intervals and when significant incidents occur. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n los procedimientos a intervalos planificados, as\xED\ + \ como cuando se produzcan incidentes significativos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6 ref_id: '6.2' name: Secure development life cycle + translations: + es: + name: Ciclo de vida del desarrollo seguro + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.1 assessable: true depth: 3 @@ -1384,12 +2510,26 @@ objects: systems in-house, or when outsourcing the development of network and information systems. The rules shall cover all development phases, including specification, design, development, implementation and testing. + translations: + es: + name: null + description: "Antes de desarrollar un sistema de redes y de informaci\xF3\ + n, incluidos los programas inform\xE1ticos, las entidades pertinentes\ + \ establecer\xE1n normas para el desarrollo seguro del mismo, y las aplicar\xE1\ + n al desarrollar estos sistemas de redes y de informaci\xF3n internamente\ + \ o cuando externalicen dicho desarrollo. Las normas englobar\xE1n todas\ + \ las fases de desarrollo, como las especificaciones, el dise\xF1o, la\ + \ creaci\xF3n, la implantaci\xF3n y las pruebas." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2 ref_id: 6.2.2 description: 'For the purpose of point 6.2.1., the relevant entities shall:' + translations: + es: + name: null + description: 'A los efectos del punto 6.2.1, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.a assessable: true depth: 4 @@ -1398,6 +2538,12 @@ objects: description: carry out an analysis of security requirements at the specification and design phases of any development or acquisition project undertaken by the relevant entities or on behalf of those entities; + translations: + es: + name: null + description: "llevar\xE1n a cabo an\xE1lisis de los requisitos de seguridad\ + \ en las fases de especificaci\xF3n y dise\xF1o de cualquier proyecto\ + \ de desarrollo o adquisici\xF3n emprendido por ellas mismas o en su nombre;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.b assessable: true depth: 4 @@ -1406,12 +2552,24 @@ objects: description: apply principles for engineering secure systems and secure coding principles to any information system development activities such as promoting cybersecurity-by-design, zero-trust architectures; + translations: + es: + name: null + description: "aplicar\xE1n los principios para dise\xF1ar sistemas seguros\ + \ y principios de codificaci\xF3n seguros a toda actividad de desarrollo\ + \ de sistemas de informaci\xF3n, tales como la promoci\xF3n de la ciberseguridad\ + \ desde el dise\xF1o o las arquitecturas de confianza cero;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.c assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2 ref_id: 6.2.2.c description: lay down security requirements regarding development environments; + translations: + es: + name: null + description: "establecer\xE1n requisitos de seguridad en relaci\xF3n con\ + \ los entornos de desarrollo;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.d assessable: true depth: 4 @@ -1419,12 +2577,22 @@ objects: ref_id: 6.2.2.d description: establish and implement security testing processes in the development life cycle; + translations: + es: + name: null + description: "establecer\xE1n y aplicar\xE1n procesos de pruebas de seguridad\ + \ en el ciclo de vida del desarrollo;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.e assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2 ref_id: 6.2.2.e description: appropriately select, protect and manage security test data; + translations: + es: + name: null + description: "seleccionar\xE1n, proteger\xE1n y gestionar\xE1n adecuadamente\ + \ los datos de las pruebas de seguridad;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.f assessable: true depth: 4 @@ -1432,6 +2600,12 @@ objects: ref_id: 6.2.2.f description: sanitise and anonymise testing data according to the risk assessment carried out pursuant to point 2.1. + translations: + es: + name: null + description: "sanear\xE1n y anonimizar\xE1n los datos de las pruebas con\ + \ arreglo a la evaluaci\xF3n de riesgos realizada de conformidad con el\ + \ punto 2.1." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.3 assessable: true depth: 3 @@ -1440,6 +2614,12 @@ objects: description: For outsourced development of network and information systems, the relevant entities shall also apply the policies and procedures referred to in points 5 and 6.1. + translations: + es: + name: null + description: "En cuanto a la externalizaci\xF3n del desarrollo de sistemas\ + \ de redes y de informaci\xF3n, las entidades pertinentes tambi\xE9n aplicar\xE1\ + n las pol\xEDticas y procedimientos a que se refieren los puntos 5 y 6.1." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.4 assessable: true depth: 3 @@ -1447,12 +2627,21 @@ objects: ref_id: 6.2.4 description: The relevant entities shall review and, where necessary, update their secure development rules at planned intervals. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n las normas de desarrollo seguro a intervalos planificados." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6 ref_id: '6.3' name: Configuration management + translations: + es: + name: "Gesti\xF3n de configuraciones" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.1 assessable: true depth: 3 @@ -1461,12 +2650,23 @@ objects: description: The relevant entities shall take the appropriate measures to establish, document, implement, and monitor configurations, including security configurations of hardware, software, services and networks. + translations: + es: + name: null + description: "Las entidades pertinentes adoptar\xE1n las medidas adecuadas\ + \ para establecer, documentar, poner en marcha y supervisar las configuraciones,\ + \ incluidas las configuraciones de seguridad del hardware de los equipos\ + \ y programas inform\xE1ticos, los servicios y las redes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3 ref_id: 6.3.2 description: 'For the purpose of point 6.3.1., the relevant entities shall:' + translations: + es: + name: null + description: 'A los efectos del punto 6.3.1, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.2.a assessable: true depth: 4 @@ -1474,6 +2674,12 @@ objects: ref_id: 6.3.2.a description: lay down and ensure security in configurations for their hardware, software, services and networks; + translations: + es: + name: null + description: "crear\xE1n un entorno seguro en las configuraciones de sus\ + \ equipos y programas inform\xE1ticos, servicios y redes y lo mantendr\xE1\ + n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.2.b assessable: true depth: 4 @@ -1483,6 +2689,14 @@ objects: down secure configurations for hardware, software, services and networks, for newly installed systems as well as for systems in operation over their lifetime. + translations: + es: + name: null + description: "establecer\xE1n y pondr\xE1n en marcha procesos y herramientas\ + \ para dar cumplimiento a las configuraciones seguras establecidas para\ + \ los equipos y programas inform\xE1ticos, servicios y redes, para los\ + \ sistemas de nueva instalaci\xF3n y los sistemas en funcionamiento a\ + \ lo largo de todo su ciclo de vida." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.3 assessable: true depth: 3 @@ -1491,12 +2705,23 @@ objects: description: The relevant entities shall review and, where appropriate, update configurations at planned intervals or when significant incidents or significant changes to operations or risks occur. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n las configuraciones a intervalos planificados, as\xED\ + \ como cuando se produzcan incidentes significativos o cambios significativos\ + \ en las operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6 ref_id: '6.4' name: Change management, repairs and maintenance + translations: + es: + name: "Gesti\xF3n de cambios, reparaciones y mantenimiento" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4.1 assessable: true depth: 3 @@ -1506,6 +2731,14 @@ objects: \ to control changes of network and information systems. Where applicable,\ \ the procedures shall be consistent with the relevant entities\u2019 general\ \ policies concerning change management." + translations: + es: + name: null + description: "Las entidades pertinentes aplicar\xE1n procedimientos de gesti\xF3\ + n de cambios para controlar aquellos que se produzcan en los sistemas\ + \ de redes y de informaci\xF3n. Los procedimientos ser\xE1n, seg\xFAn\ + \ proceda, coherentes con las pol\xEDticas generales de las entidades\ + \ pertinentes relativas a la gesti\xF3n de cambios." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4.2 assessable: true depth: 3 @@ -1517,6 +2750,16 @@ objects: that those changes are documented and, based on the risk assessment carried out pursuant to point 2.1, tested and assessed in view of the potential impact before being implemented. + translations: + es: + name: null + description: "Los procedimientos contemplados en el punto 6.4.1 se aplicar\xE1\ + n en el caso de lanzamientos, modificaciones y cambios de emergencia de\ + \ cualquier equipo o programa inform\xE1tico en funcionamiento o de cambios\ + \ en la configuraci\xF3n. Los procedimientos garantizar\xE1n que dichos\ + \ cambios se documenten y, a partir de la evaluaci\xF3n de riesgos realizada\ + \ de acuerdo con el punto 2.1, se prueben y eval\xFAen teniendo en cuenta\ + \ el impacto potencial antes de su aplicaci\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4.3 assessable: true depth: 3 @@ -1526,6 +2769,13 @@ objects: not be followed due to an emergency, the relevant entities shall document the result of the change, and the explanation for why the procedures could not be followed. + translations: + es: + name: null + description: "En caso de que los procedimientos habituales de gesti\xF3\ + n de cambios no puedan seguirse debido a una emergencia, las entidades\ + \ pertinentes documentar\xE1n el resultado del cambio y explicar\xE1n\ + \ por qu\xE9 no pudieron seguirse dichos procedimientos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4.4 assessable: true depth: 3 @@ -1534,12 +2784,23 @@ objects: description: The relevant entities shall review and, where appropriate, update the procedures at planned intervals and when significant incidents or significant changes to operations or risks. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n los procedimientos a intervalos planificados, as\xED\ + \ como cuando se produzcan incidentes significativos o cambios significativos\ + \ en las operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6 ref_id: '6.5' name: Security testing + translations: + es: + name: Pruebas de seguridad + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.1 assessable: true depth: 3 @@ -1547,12 +2808,21 @@ objects: ref_id: 6.5.1 description: The relevant entities shall establish, implement and apply a policy and procedures for security testing. + translations: + es: + name: null + description: "Las entidades pertinentes establecer\xE1n, pondr\xE1n en marcha\ + \ y aplicar\xE1n orientaciones y procedimientos para las pruebas de seguridad." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5 ref_id: 6.5.2 description: 'The relevant entities shall:' + translations: + es: + name: null + description: 'Las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2.a assessable: true depth: 4 @@ -1560,6 +2830,12 @@ objects: ref_id: 6.5.2.a description: establish, based on the risk assessment carried out pursuant to point 2.1, the need, scope, frequency and type of security tests; + translations: + es: + name: null + description: "establecer\xE1n, a partir de la evaluaci\xF3n de riesgos realizada\ + \ de acuerdo con el punto 2.1, la necesidad, el alcance, la frecuencia\ + \ y el tipo de pruebas de seguridad;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2.b assessable: true depth: 4 @@ -1568,6 +2844,12 @@ objects: description: carry out security tests according to a documented test methodology, covering the components identified as relevant for secure operation in a risk analysis; + translations: + es: + name: null + description: "realizar\xE1n pruebas de seguridad de acuerdo con una metodolog\xED\ + a de prueba documentada, que englobe los elementos se\xF1alados como relevantes\ + \ para el funcionamiento seguro en un an\xE1lisis de riesgos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2.c assessable: true depth: 4 @@ -1575,12 +2857,23 @@ objects: ref_id: 6.5.2.c description: document the type, scope, time and results of the tests, including assessment of criticality and mitigating actions for each finding; + translations: + es: + name: null + description: "documentar\xE1n el tipo, el alcance, la fecha y los resultados\ + \ de las pruebas, incluidas la evaluaci\xF3n del car\xE1cter esencial\ + \ y las medidas de mitigaci\xF3n correspondientes a cada hallazgo;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2.d assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2 ref_id: 6.5.2.d description: apply mitigating actions in case of critical findings. + translations: + es: + name: null + description: "aplicar\xE1n medidas de mitigaci\xF3n en caso de que se produzcan\ + \ hallazgos cr\xEDticos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.3 assessable: true depth: 3 @@ -1588,12 +2881,22 @@ objects: ref_id: 6.5.3 description: The relevant entities shall review and, where appropriate, update their security testing policies at planned intervals. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n las pol\xEDticas de pruebas de seguridad a intervalos\ + \ planificados." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6 ref_id: '6.6' name: Security patch management + translations: + es: + name: "Gesti\xF3n de parches de seguridad" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1 assessable: true depth: 3 @@ -1603,6 +2906,14 @@ objects: with the change management procedures referred to in point 6.4.1. as well as with vulnerability management, risk management and other relevant management procedures, for ensuring that:' + translations: + es: + name: null + description: "Las entidades pertinentes detallar\xE1n y aplicar\xE1n procedimientos\ + \ coherentes con los procedimientos de gesti\xF3n de cambios a que se\ + \ refiere el punto 6.4.1, de gesti\xF3n de vulnerabilidades, de gesti\xF3\ + n del riesgo y otros procedimientos de gesti\xF3n pertinentes para garantizar\ + \ que:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1.a assessable: true depth: 4 @@ -1610,6 +2921,11 @@ objects: ref_id: 6.6.1.a description: security patches are applied within a reasonable time after they become available; + translations: + es: + name: null + description: "los parches de seguridad se apliquen en un plazo razonable\ + \ desde el momento en que est\xE9n disponibles;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1.b assessable: true depth: 4 @@ -1617,6 +2933,11 @@ objects: ref_id: 6.6.1.b description: security patches are tested before being applied in production systems; + translations: + es: + name: null + description: "los parches de seguridad se sometan a ensayo antes de ponerlos\ + \ en marcha en los sistemas de producci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1.c assessable: true depth: 4 @@ -1624,6 +2945,11 @@ objects: ref_id: 6.6.1.c description: security patches come from trusted sources and are checked for integrity; + translations: + es: + name: null + description: los parches de seguridad procedan de fuentes de confianza y + se compruebe su integridad; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1.d assessable: true depth: 4 @@ -1631,6 +2957,12 @@ objects: ref_id: 6.6.1.d description: additional measures are implemented and residual risks are accepted in cases where a patch is not available or not applied pursuant to point 6.6.2. + translations: + es: + name: null + description: se adopten medidas adicionales y se acepten los riesgos residuales + en aquellos casos en que no haya un parche disponible o no pueda aplicarse + conforme al punto 6.6.2. - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.2 assessable: true depth: 3 @@ -1640,12 +2972,24 @@ objects: may choose not to apply security patches when the disadvantages of applying the security patches outweigh the cybersecurity benefits. The relevant entities shall duly document and substantiate the reasons for any such decision. + translations: + es: + name: null + description: "Como excepci\xF3n al punto 6.6.1, letra a), las entidades\ + \ pertinentes podr\xE1n optar por no aplicar parches de seguridad cuando\ + \ las desventajas de aplicarlos superen los beneficios de ciberseguridad.\ + \ Las entidades pertinentes documentar\xE1n y justificar\xE1n debidamente\ + \ los motivos de tal decisi\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6 ref_id: '6.7' name: Network security + translations: + es: + name: Seguridad de las redes + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.1 assessable: true depth: 3 @@ -1653,12 +2997,21 @@ objects: ref_id: 6.7.1 description: The relevant entities shall take the appropriate measures to protect their network and information systems from cyber threats. + translations: + es: + name: null + description: "Las entidades pertinentes adoptar\xE1n medidas adecuadas para\ + \ proteger sus sistemas de redes y de informaci\xF3n de las ciberamenazas." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7 ref_id: 6.7.2 description: 'For the purpose of point 6.7.1., the relevant entities shall:' + translations: + es: + name: null + description: 'A los efectos del punto 6.7.1, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.a assessable: true depth: 4 @@ -1666,6 +3019,11 @@ objects: ref_id: 6.7.2.a description: document the architecture of the network in a comprehensible and up to date manner; + translations: + es: + name: null + description: "documentar\xE1n la arquitectura de la red de manera comprensible\ + \ y actualizada;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.b assessable: true depth: 4 @@ -1673,6 +3031,12 @@ objects: ref_id: 6.7.2.b description: "determine and apply controls to protect the relevant entities\u2019\ \ internal network domains from unauthorised access;" + translations: + es: + name: null + description: "establecer\xE1n y aplicar\xE1n controles para proteger los\ + \ dominios de red internos de las entidades pertinentes frente al acceso\ + \ no autorizado;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.c assessable: true depth: 4 @@ -1680,6 +3044,12 @@ objects: ref_id: 6.7.2.c description: configure controls to prevent accesses and network communication not required for the operation of the relevant entities; + translations: + es: + name: null + description: "configurar\xE1n los controles para impedir el acceso y las\ + \ comunicaciones de la red que no sean necesarios para el funcionamiento\ + \ de las entidades pertinentes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.d assessable: true depth: 4 @@ -1687,6 +3057,12 @@ objects: ref_id: 6.7.2.d description: determine and apply controls for remote access to network and information systems, including access by service providers; + translations: + es: + name: null + description: "establecer\xE1n y aplicar\xE1n controles del acceso remoto\ + \ a los sistemas de redes y de informaci\xF3n, incluido el acceso por\ + \ parte de los proveedores de servicios;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.e assessable: true depth: 4 @@ -1694,12 +3070,22 @@ objects: ref_id: 6.7.2.e description: not use systems used for administration of the security policy implementation for other purposes; + translations: + es: + name: null + description: "no utilizar\xE1n los sistemas empleados para gestionar la\ + \ aplicaci\xF3n de la pol\xEDtica de seguridad para otros fines;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.f assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2 ref_id: 6.7.2.f description: explicitly forbid or deactivate unneeded connections and services; + translations: + es: + name: null + description: "prohibir\xE1n de manera expl\xEDcita o desactivar\xE1n las\ + \ conexiones y servicios que no sean necesarios;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.g assessable: true depth: 4 @@ -1707,6 +3093,12 @@ objects: ref_id: 6.7.2.g description: "where appropriate, exclusively allow access to the relevant entities\u2019\ \ network and information systems by devices authorised by those entities;" + translations: + es: + name: null + description: "cuando proceda, \xFAnicamente permitir\xE1n el acceso a los\ + \ sistemas de redes y de informaci\xF3n de las entidades pertinentes a\ + \ los dispositivos autorizados por estas \xFAltimas;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.h assessable: true depth: 4 @@ -1714,6 +3106,12 @@ objects: ref_id: 6.7.2.h description: allow connections of service providers only after an authorisation request and for a set time period, such as the duration of a maintenance operation; + translations: + es: + name: null + description: "permitir\xE1n la conexi\xF3n de los proveedores de servicios\ + \ previa solicitud de autorizaci\xF3n \xFAnicamente y durante un per\xED\ + odo de tiempo limitado, como la duraci\xF3n de una operaci\xF3n de mantenimiento;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.i assessable: true depth: 4 @@ -1723,6 +3121,15 @@ objects: channels that are isolated using logical, cryptographic or physical separation from other communication channels and provide assured identification of their end points and protection of the channel data from modification or disclosure; + translations: + es: + name: null + description: "establecer\xE1n la comunicaci\xF3n entre distintos sistemas\ + \ \xFAnicamente a trav\xE9s de canales de confianza que est\xE9n aislados\ + \ mediante separaci\xF3n l\xF3gica, criptogr\xE1fica o f\xEDsica de otros\ + \ canales de comunicaci\xF3n, y facilitar\xE1n la identificaci\xF3n segura\ + \ de su punto final y la protecci\xF3n de sus datos frente a la modificaci\xF3\ + n o la revelaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.j assessable: true depth: 4 @@ -1731,6 +3138,13 @@ objects: description: adopt an implementation plan for the full transition towards latest generation network layer communication protocols in a secure, appropriate and gradual way and establish measures to accelerate such transition; + translations: + es: + name: null + description: "adoptar\xE1n un plan de ejecuci\xF3n para realizar la transici\xF3\ + n hacia protocolos de comunicaci\xF3n de la capa de red de \xFAltima generaci\xF3\ + n de manera segura, adecuada y gradual, y establecer\xE1n medidas para\ + \ acelerar dicha transici\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.k assessable: true depth: 4 @@ -1740,6 +3154,15 @@ objects: agreed and interoperable modern e-mail communications standards to secure e-mail communications to mitigate vulnerabilities linked to e-mail-related threats and establish measures to accelerate such deployment; + translations: + es: + name: null + description: "adoptar\xE1n un plan de ejecuci\xF3n relativo a la implantaci\xF3\ + n de normas sobre las comunicaciones por correo electr\xF3nico modernas,\ + \ interoperables y aprobadas a escala internacional para proteger las\ + \ comunicaciones por correo electr\xF3nico y mitigar las vulnerabilidades\ + \ vinculadas a las amenazas relativas a este \xFAltimo, y establecer\xE1\ + n medidas para acelerar dicha implantaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.l assessable: true depth: 4 @@ -1748,6 +3171,13 @@ objects: description: apply best practices for the security of the DNS, and for Internet routing security and routing hygiene of traffic originating from and destined to the network. + translations: + es: + name: null + description: "aplicar\xE1n las mejores pr\xE1cticas sobre seguridad del\ + \ sistema de nombres de dominio, la seguridad del enrutamiento de internet\ + \ y la higiene del enrutamiento del tr\xE1fico con origen en la red o\ + \ destinado a ella." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.3 assessable: true depth: 3 @@ -1756,12 +3186,23 @@ objects: description: The relevant entities shall review and, where appropriate, update these measures at planned intervals and when significant incidents or significant changes to operations or risks occur. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n estas medidas a intervalos planificados o cuando se\ + \ produzcan incidentes significativos o cambios significativos en las\ + \ operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6 ref_id: '6.8' name: Network segmentation + translations: + es: + name: "Segmentaci\xF3n de la red" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.1 assessable: true depth: 3 @@ -1771,12 +3212,23 @@ objects: \ in accordance with the results of the risk assessment referred to in point\ \ 2.1. They shall segment their systems and networks from third parties\u2019\ \ systems and networks." + translations: + es: + name: null + description: "Las entidades pertinentes segmentar\xE1n los sistemas en redes\ + \ o zonas de acuerdo con los resultados de la evaluaci\xF3n de riesgos\ + \ a que se refiere el punto 2.1. Segmentar\xE1n sus sistemas y redes de\ + \ los sistemas y redes de terceros." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8 ref_id: 6.8.2 description: 'For that purpose, the relevant entities shall:' + translations: + es: + name: null + description: 'A tal efecto, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.a assessable: true depth: 4 @@ -1784,6 +3236,11 @@ objects: ref_id: 6.8.2.a description: consider the functional, logical and physical relationship, including location, between trustworthy systems and services; + translations: + es: + name: null + description: "considerar\xE1n la relaci\xF3n funcional, l\xF3gica y f\xED\ + sica, incluida la ubicaci\xF3n, entre sistemas y servicios fiables;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.b assessable: true depth: 4 @@ -1791,6 +3248,11 @@ objects: ref_id: 6.8.2.b description: grant access to a network or zone based on an assessment of its security requirements; + translations: + es: + name: null + description: "conceder\xE1n acceso a una red o zona sobre la base de una\ + \ evaluaci\xF3n de sus requisitos de seguridad;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.c assessable: true depth: 4 @@ -1798,6 +3260,12 @@ objects: ref_id: 6.8.2.c description: keep systems that are critical to the relevant entities operation or to safety in secured zones; + translations: + es: + name: null + description: "mantendr\xE1n los sistemas que resulten cr\xEDticos para el\ + \ funcionamiento de la entidad pertinente o para la protecci\xF3n en zonas\ + \ seguras;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.d assessable: true depth: 4 @@ -1805,6 +3273,12 @@ objects: ref_id: 6.8.2.d description: deploy a demilitarised zone within their communication networks to ensure secure communication originating from or destined to their networks; + translations: + es: + name: null + description: "implantar\xE1n una zona desmilitarizada dentro de sus redes\ + \ de comunicaci\xF3n para ofrecer una comunicaci\xF3n segura desde o hacia\ + \ sus redes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.e assessable: true depth: 4 @@ -1812,6 +3286,12 @@ objects: ref_id: 6.8.2.e description: restrict access and communications between and within zones to those necessary for the operation of the relevant entities or for safety; + translations: + es: + name: null + description: "restringir\xE1n el acceso y las comunicaciones entre zonas\ + \ y dentro de ellas a lo necesario para el funcionamiento de las entidades\ + \ pertinentes o la seguridad;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.f assessable: true depth: 4 @@ -1819,12 +3299,23 @@ objects: ref_id: 6.8.2.f description: "separate the dedicated network for administration of network and\ \ information systems from the relevant entities\u2019 operational network;" + translations: + es: + name: null + description: "separar\xE1n la red espec\xEDfica para la administraci\xF3\ + n de los sistemas de redes y de informaci\xF3n de la red operativa de\ + \ las entidades pertinentes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.g assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2 ref_id: 6.8.2.g description: segregate network administration channels from other network traffic; + translations: + es: + name: null + description: "segregar\xE1n los canales de administraci\xF3n de la red del\ + \ resto de tr\xE1fico de la red;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.h assessable: true depth: 4 @@ -1832,6 +3323,12 @@ objects: ref_id: 6.8.2.h description: "separate the production systems for the relevant entities\u2019\ \ services from systems used in development and testing, including backups." + translations: + es: + name: null + description: "separar\xE1n los sistemas de producci\xF3n de los servicios\ + \ de las entidades pertinentes de los sistemas utilizados para el desarrollo\ + \ y las pruebas, incluidas las copias de seguridad." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.3 assessable: true depth: 3 @@ -1840,12 +3337,24 @@ objects: description: The relevant entities shall review and, where appropriate, update network segmentation at planned intervals and when significant incidents or significant changes to operations or risks. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n la segmentaci\xF3n de la red a intervalos planificados,\ + \ as\xED como cuando se produzcan incidentes significativos o cambios\ + \ significativos en las operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.9 - assessable: true + assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6 ref_id: '6.9' - description: Protection against malicious and unauthorised software + name: Protection against malicious and unauthorised software + translations: + es: + name: "Protecci\xF3n frente a los programas inform\xE1ticos maliciosos y\ + \ no autorizados" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.9.1 assessable: true depth: 3 @@ -1853,6 +3362,12 @@ objects: ref_id: 6.9.1 description: The relevant entities shall protect their network and information systems against malicious and unauthorised software. + translations: + es: + name: null + description: "Las entidades pertinentes proteger\xE1n sus sistemas de redes\ + \ y de informaci\xF3n frente a los programas inform\xE1ticos maliciosos\ + \ y no autorizados." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.9.2 assessable: true depth: 3 @@ -1864,12 +3379,27 @@ objects: and information systems are equipped with detection and response software, which is updated regularly in accordance with the risk assessment carried out pursuant to point 2.1 and the contractual agreements with the providers. + translations: + es: + name: null + description: "Para ello, las entidades pertinentes aplicar\xE1n, en particular,\ + \ medidas para detectar o impedir el uso de programas inform\xE1ticos\ + \ maliciosos o no autorizados. Las entidades pertinentes velar\xE1n, cuando\ + \ proceda, por que sus sistemas de redes y de informaci\xF3n est\xE9n\ + \ equipados con programas inform\xE1ticos de detecci\xF3n y respuesta,\ + \ que se actualicen peri\xF3dicamente de conformidad con la evaluaci\xF3\ + n de riesgos realizada con arreglo al punto 2.1 y los acuerdos contractuales\ + \ con los proveedores." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6 ref_id: '6.10' name: Vulnerability handling and disclosure + translations: + es: + name: "Gesti\xF3n y divulgaci\xF3n de las vulnerabilidades" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.1 assessable: true depth: 3 @@ -1878,12 +3408,23 @@ objects: description: The relevant entities shall obtain information about technical vulnerabilities in their network and information systems, evaluate their exposure to such vulnerabilities, and take appropriate measures to manage the vulnerabilities. + translations: + es: + name: null + description: "Las entidades pertinentes recibir\xE1n informaci\xF3n sobre\ + \ las vulnerabilidades de sus sistemas de redes y de informaci\xF3n, evaluar\xE1\ + n su exposici\xF3n a dichas vulnerabilidades y adoptar\xE1n las medidas\ + \ necesarias para gestionarlas." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10 ref_id: 6.10.2 description: 'For the purpose of point 6.10.1., the relevant entities shall:' + translations: + es: + name: null + description: 'A los efectos del punto 6.10.1, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2.a assessable: true depth: 4 @@ -1892,6 +3433,13 @@ objects: description: monitor information about vulnerabilities through appropriate channels, such as announcements of CSIRTs, competent authorities or information provided by suppliers or service providers; + translations: + es: + name: null + description: "supervisar\xE1n la informaci\xF3n sobre vulnerabilidades a\ + \ trav\xE9s de los canales adecuados, tales como los anuncios de los CSIRT,\ + \ las autoridades competentes o la informaci\xF3n facilitada por los proveedores\ + \ o prestadores de servicios;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2.b assessable: true depth: 4 @@ -1899,6 +3447,12 @@ objects: ref_id: 6.10.2.b description: perform, where appropriate, vulnerability scans, and record evidence of the results of the scans, at planned intervals; + translations: + es: + name: null + description: "realizar\xE1n, seg\xFAn proceda, exploraciones de vulnerabilidad\ + \ y registrar\xE1n pruebas de los resultados de las mismas, a intervalos\ + \ planificados;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2.c assessable: true depth: 4 @@ -1906,6 +3460,11 @@ objects: ref_id: 6.10.2.c description: address, without undue delay, vulnerabilities identified by the relevant entities as critical to their operations; + translations: + es: + name: null + description: "abordar\xE1n, sin demora indebida, las vulnerabilidades que\ + \ las entidades pertinentes consideren cr\xEDticas para sus operaciones;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2.d assessable: true depth: 4 @@ -1914,6 +3473,12 @@ objects: description: ensure that their vulnerability handling is compatible with their change management, security patch management, risk management and incident management procedures; + translations: + es: + name: null + description: "asegurar\xE1n que su gesti\xF3n de vulnerabilidades sea compatible\ + \ con sus procedimientos de gesti\xF3n de cambios, gesti\xF3n de parches\ + \ de seguridad, gesti\xF3n de riesgos y gesti\xF3n de incidentes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2.e assessable: true depth: 4 @@ -1921,6 +3486,12 @@ objects: ref_id: 6.10.2.e description: lay down a procedure for disclosing vulnerabilities in accordance with the applicable national coordinated vulnerability disclosure policy. + translations: + es: + name: null + description: "establecer\xE1n un procedimiento de divulgaci\xF3n de las\ + \ vulnerabilidades de conformidad con la pol\xEDtica coordinada de divulgaci\xF3\ + n de las vulnerabilidades nacional aplicable." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.3 assessable: true depth: 3 @@ -1930,6 +3501,14 @@ objects: relevant entities shall create and implement a plan to mitigate the vulnerability. In other cases, the relevant entities shall document and substantiate the reason why the vulnerability does not require remediation. + translations: + es: + name: null + description: "Cuando est\xE9 justificado por el posible impacto de la vulnerabilidad,\ + \ las entidades pertinentes crear\xE1n y llevar\xE1n a la pr\xE1ctica\ + \ un plan para mitigarla. En otros casos, las entidades pertinentes documentar\xE1\ + n y justificar\xE1n el motivo por el que la vulnerabilidad no requiere\ + \ reparaci\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.4 assessable: true depth: 3 @@ -1937,12 +3516,24 @@ objects: ref_id: 6.10.4 description: The relevant entities shall review and, where appropriate, update at planned intervals the channels they use for monitoring vulnerability information. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n a intervalos planificados los canales que utilizan para\ + \ supervisar la informaci\xF3n relativa a las vulnerabilidades." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7 assessable: false depth: 1 ref_id: '7' name: POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES (ARTICLE 21(2), POINT (F), OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "ORIENTACIONES Y PROCEDIMIENTOS PARA EVALUAR LA EFICACIA DE LAS MEDIDAS\ + \ DE GESTI\xD3N DE RIESGOS DE CIBERSEGURIDAD [Art\xEDculo 21, Apartado\ + \ 2, Letra F), de la directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.1 assessable: true depth: 2 @@ -1952,6 +3543,14 @@ objects: the relevant entities shall establish, implement and apply a policy and procedures to assess whether the cybersecurity risk-management measures taken by the relevant entity are effectively implemented and maintained. + translations: + es: + name: null + description: "A los efectos del art\xEDculo 21, apartado 2, letra f), de\ + \ la Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1\ + n, llevar\xE1n a la pr\xE1ctica y aplicar\xE1n orientaciones y procedimientos\ + \ para evaluar si las medidas para la gesti\xF3n de riesgos de ciberseguridad\ + \ que hayan adoptado se ejecutan y mantienen de manera efectiva." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2 assessable: true depth: 2 @@ -1960,6 +3559,13 @@ objects: description: 'The policy and procedures referred to in point 7.1. shall take into account results of the risk assessment pursuant to point 2.1. and past significant incidents. The relevant entities shall determine:' + translations: + es: + name: null + description: "Las orientaciones y procedimientos a que hace referencia el\ + \ punto 7.1 tendr\xE1n en cuenta los resultados de la evaluaci\xF3n de\ + \ riesgos conforme al punto 2.1 y los incidentes significativos ocurridos\ + \ en el pasado. Las entidades pertinentes determinar\xE1n:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.a assessable: true depth: 3 @@ -1967,6 +3573,11 @@ objects: ref_id: 7.2.a description: what cybersecurity risk-management measures are to be monitored and measured, including processes and controls; + translations: + es: + name: null + description: "qu\xE9 medidas para la gesti\xF3n de riesgos de ciberseguridad\ + \ deben supervisarse y medirse, incluidos los procedimientos y controles;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.b assessable: true depth: 3 @@ -1974,12 +3585,23 @@ objects: ref_id: 7.2.b description: the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results; + translations: + es: + name: null + description: "los m\xE9todos de supervisi\xF3n, medici\xF3n, an\xE1lisis\ + \ y evaluaci\xF3n, seg\xFAn corresponda, para asegurar resultados v\xE1\ + lidos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.c assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2 ref_id: 7.2.c description: when the monitoring and measuring is to be performed; + translations: + es: + name: null + description: "cu\xE1ndo deben realizarse la supervisi\xF3n y la medici\xF3\ + n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.d assessable: true depth: 3 @@ -1987,6 +3609,11 @@ objects: ref_id: 7.2.d description: who is responsible for monitoring and measuring the effectiveness of the cybersecurity risk-management measures; + translations: + es: + name: null + description: "qui\xE9nes son los responsables de supervisar y medir la eficacia\ + \ de las medidas para la gesti\xF3n de riesgos de ciberseguridad;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.e assessable: true depth: 3 @@ -1994,12 +3621,21 @@ objects: ref_id: 7.2.e description: when the results from monitoring and measurement are to be analysed and evaluated; + translations: + es: + name: null + description: "cu\xE1ndo se deben analizar y evaluar los resultados de la\ + \ supervisi\xF3n y la medici\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.f assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2 ref_id: 7.2.f description: who has to analyse and evaluate these results. + translations: + es: + name: null + description: "qui\xE9nes deben analizar y evaluar estos resultados." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.3 assessable: true depth: 2 @@ -2008,18 +3644,34 @@ objects: description: The relevant entities shall review and, where appropriate, update the policy and procedures at planned intervals and when significant incidents or significant changes to operations or risks. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n las orientaciones y los procedimientos a intervalos\ + \ planificados, as\xED como cuando se produzcan incidentes significativos\ + \ o cambios significativos en las operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8 assessable: false depth: 1 ref_id: '8' name: BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING (ARTICLE 21(2), POINT (G), OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "FORMACI\xD3N EN SEGURIDAD Y PR\xC1CTICAS B\xC1SICAS DE CIBERHIGIENE\ + \ [Art\xEDculo 21, Apartado 2, Letra G), de la directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8 ref_id: '8.1' - description: Awareness raising and basic cyber hygiene practices + name: Awareness raising and basic cyber hygiene practices + translations: + es: + name: "Mejora de la sensibilizaci\xF3n y pr\xE1cticas b\xE1sicas de ciberhigiene" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.1 assessable: true depth: 3 @@ -2030,6 +3682,15 @@ objects: of management bodies, as well as direct suppliers and service providers are aware of risks, are informed of the importance of cybersecurity and apply cyber hygiene practices. + translations: + es: + name: null + description: "A los efectos del art\xEDculo 21, apartado 2, letra g), de\ + \ la Directiva (UE) 2022/2555, las entidades pertinentes se asegurar\xE1\ + n de que sus empleados, incluidos los miembros de los \xF3rganos de direcci\xF3\ + n, as\xED como sus proveedores y prestadores de servicios directos sean\ + \ conscientes de los riesgos, est\xE9n informados de la importancia de\ + \ la ciberseguridad y apliquen pr\xE1cticas de ciberhigiene." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.2 assessable: true depth: 3 @@ -2039,6 +3700,14 @@ objects: to their employees, including members of management bodies, as well as to direct suppliers and service providers where appropriate in accordance with point 5.1.4., an awareness raising programme, which shall:' + translations: + es: + name: null + description: "A los efectos del punto 8.1.1, las entidades pertinentes ofrecer\xE1\ + n a sus empleados, incluidos los miembros de los \xF3rganos de direcci\xF3\ + n, as\xED como a sus proveedores y prestadores de servicios directos,\ + \ seg\xFAn proceda de conformidad con el punto 5.1.4, un programa de mejora\ + \ de la sensibilizaci\xF3n que:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.2.a assessable: true depth: 4 @@ -2046,6 +3715,11 @@ objects: ref_id: 8.1.2.a description: be scheduled over time, so that the activities are repeated and cover new employees; + translations: + es: + name: null + description: "se programar\xE1 a lo largo del tiempo, de forma que se repitan\ + \ las actividades e incluya a los nuevos empleados;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.2.b assessable: true depth: 4 @@ -2054,6 +3728,13 @@ objects: description: be established in line with the network and information security policy, topic- specific policies and relevant procedures on network and information security; + translations: + es: + name: null + description: "se establecer\xE1 en consonancia con la pol\xEDtica de seguridad\ + \ de las redes y la informaci\xF3n, las pol\xEDticas espec\xEDficas y\ + \ los procedimientos pertinentes en materia de seguridad de las redes\ + \ y de la informaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.2.c assessable: true depth: 4 @@ -2063,6 +3744,14 @@ objects: measures in place, contact points and resources for additional information and advice on cybersecurity matters, as well as cyber hygiene practices for users. + translations: + es: + name: null + description: "englobar\xE1 las ciberamenazas relevantes, las medidas para\ + \ la gesti\xF3n de riesgos de ciberseguridad en vigor, los puntos de contacto\ + \ y los recursos para obtener informaci\xF3n adicional y asesoramiento\ + \ sobre aspectos de ciberseguridad, as\xED como las pr\xE1cticas de ciberhigiene\ + \ para los usuarios." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.3 assessable: true depth: 3 @@ -2073,12 +3762,24 @@ objects: and offered at planned intervals taking into account changes in cyber hygiene practices, and the current threat landscape and risks posed to the relevant entities. + translations: + es: + name: null + description: "El programa de mejora de la sensibilizaci\xF3n se probar\xE1\ + \ en t\xE9rminos de eficacia, seg\xFAn proceda. El programa de mejora\ + \ de la sensibilizaci\xF3n se actualizar\xE1 y se ofrecer\xE1 a intervalos\ + \ planificados teniendo en cuenta los cambios en las pr\xE1cticas de ciberhigiene\ + \ y el panorama actual de amenazas y de riesgos para las entidades pertinentes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8 ref_id: '8.2' name: Security training + translations: + es: + name: "Formaci\xF3n en seguridad" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.1 assessable: true depth: 3 @@ -2087,6 +3788,13 @@ objects: description: The relevant entities shall identify employees, whose roles require security relevant skill sets and expertise, and ensure that they receive regular training on network and information system security. + translations: + es: + name: null + description: "Las entidades pertinentes indicar\xE1n cu\xE1les son los empleados\ + \ cuyos roles exigen capacidades y conocimientos especializados de seguridad\ + \ y velar\xE1n por que reciban formaci\xF3n peri\xF3dica sobre la seguridad\ + \ de los sistemas de redes y de informaci\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.2 assessable: true depth: 3 @@ -2097,6 +3805,15 @@ objects: policies and other relevant procedures on network and information security which lays down the training needs for certain roles and positions based on criteria. + translations: + es: + name: null + description: "Las entidades pertinentes establecer\xE1n, pondr\xE1n en marcha\ + \ y ejecutar\xE1n un programa de formaci\xF3n en consonancia con la pol\xED\ + tica de seguridad de las redes y de la informaci\xF3n, las pol\xEDticas\ + \ espec\xEDficas y otros procedimientos pertinentes en materia de seguridad\ + \ de las redes y de la informaci\xF3n que determine las necesidades de\ + \ formaci\xF3n de ciertos roles y puestos de acuerdo con criterios concretos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3 assessable: true depth: 3 @@ -2106,6 +3823,13 @@ objects: the job function of the employee and its effectiveness shall be assessed. Training shall take into consideration security measures in place and cover the following:' + translations: + es: + name: null + description: "La formaci\xF3n contemplada en el punto 8.2.1 se adecuar\xE1\ + \ a las funciones laborales de los empleados y se evaluar\xE1 su eficacia.\ + \ La formaci\xF3n tendr\xE1 en cuenta las medidas de seguridad en vigor\ + \ y englobar\xE1 lo siguiente:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3.a assessable: true depth: 4 @@ -2113,18 +3837,33 @@ objects: ref_id: 8.2.3.a description: instructions regarding the secure configuration and operation of the network and information systems, including mobile devices; + translations: + es: + name: null + description: "instrucciones relativas a la configuraci\xF3n y el funcionamiento\ + \ seguros de los sistemas de redes y de informaci\xF3n, incluidos los\ + \ dispositivos m\xF3viles;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3.b assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3 ref_id: 8.2.3.b description: briefing on known cyber threats; + translations: + es: + name: null + description: "informaci\xF3n sobre ciberamenazas conocidas;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3.c assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3 ref_id: 8.2.3.c description: training of the behaviour when security-relevant events occur. + translations: + es: + name: null + description: "formaci\xF3n relativa al comportamiento frente a sucesos relevantes\ + \ para la seguridad." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.4 assessable: true depth: 3 @@ -2133,6 +3872,12 @@ objects: description: The relevant entities shall apply training to staff members who transfer to new positions or roles which require security relevant skill sets and expertise. + translations: + es: + name: null + description: "Las entidades pertinentes llevar\xE1n a cabo la formaci\xF3\ + n para los miembros del personal que se trasladen a nuevos puestos o roles\ + \ que requieran capacidades y conocimientos especializados en seguridad." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.5 assessable: true depth: 3 @@ -2141,11 +3886,23 @@ objects: description: The program shall be updated and run periodically taking into account applicable policies and rules, assigned roles, responsibilities, as well as known cyber threats and technological developments. + translations: + es: + name: null + description: "El programa se actualizar\xE1 y desarrollar\xE1 de manera\ + \ peri\xF3dica teniendo en cuenta las normas y reglas aplicables, los\ + \ roles asignados, las responsabilidades, as\xED como las ciberamenazas\ + \ conocidas y los avances tecnol\xF3gicos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9 assessable: false depth: 1 ref_id: '9' name: CRYPTOGRAPHY (ARTICLE 21(2), POINT (H), OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "CRIPTOGRAF\xCDA [Art\xEDculo 21, Apartado 2, Letra H), de la directiva\ + \ (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.1 assessable: true depth: 2 @@ -2157,12 +3914,28 @@ objects: \ and effective use of cryptography to protect the confidentiality, authenticity\ \ and integrity of data in line with the relevant entities\u2019 asset classification\ \ and the results of the risk assessment carried out pursuant to point 2.1." + translations: + es: + name: null + description: "A los efectos del art\xEDculo 21, apartado 2, letra h), de\ + \ la Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1\ + n, llevar\xE1n a la pr\xE1ctica y aplicar\xE1n orientaciones y procedimientos\ + \ relativos a la criptograf\xEDa, con el objetivo de asegurar un uso adecuado\ + \ y eficaz de la misma para proteger la confidencialidad, autenticidad\ + \ e integridad de la informaci\xF3n en consonancia con la clasificaci\xF3\ + n de activos de las entidades pertinentes y los resultados de la evaluaci\xF3\ + n de riesgos realizada de conformidad con el punto 2.1." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9 ref_id: '9.2' description: 'The policy and procedures referred to in point 9.1 shall establish:' + translations: + es: + name: null + description: "Las orientaciones y procedimientos a que hace referencia el\ + \ punto 9.1 establecer\xE1n:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.a assessable: true depth: 3 @@ -2172,6 +3945,13 @@ objects: \ of assets, the type, strength and quality of the cryptographic measures\ \ required to protect the relevant entities\u2019 assets, including data at\ \ rest and data in transit;" + translations: + es: + name: null + description: "de acuerdo con la clasificaci\xF3n de activos de las entidades\ + \ pertinentes, el tipo, la firmeza y la calidad de las medidas criptogr\xE1\ + ficas necesarias para proteger los activos de dichas entidades, incluidos\ + \ los datos en reposo y los datos en tr\xE1nsito;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.b assessable: true depth: 3 @@ -2181,6 +3961,15 @@ objects: adopted, as well as cryptographic algorithms, cipher strength, cryptographic solutions and usage practices to be approved and required for use in the relevant entities, following, where appropriate, a cryptographic agility approach; + translations: + es: + name: null + description: "teniendo en cuenta la letra a), los protocolos o las familias\ + \ de protocolos que deben adoptarse, as\xED como los algoritmos criptogr\xE1\ + ficos, la solidez del cifrado, las soluciones criptogr\xE1ficas y las\ + \ pr\xE1cticas de uso que deben aprobarse y exigirse para su uso en las\ + \ entidades, siguiendo, cuando proceda, un enfoque de agilidad criptogr\xE1\ + fica;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c assessable: true depth: 3 @@ -2188,18 +3977,32 @@ objects: ref_id: 9.2.c description: "the relevant entities\u2019 approach to key management, including,\ \ where appropriate, methods for the following:" + translations: + es: + name: null + description: "el enfoque de las entidades pertinentes sobre la gesti\xF3\ + n de claves, que incluya, cuando proceda, m\xE9todos para lo siguiente:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.i assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c ref_id: 9.2.c.i description: generating different keys for cryptographic systems and applications; + translations: + es: + name: null + description: "generar distintas claves para sistemas y aplicaciones criptogr\xE1\ + ficos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.ii assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c ref_id: 9.2.c.ii description: issuing and obtaining public key certificates; + translations: + es: + name: null + description: "expedir y obtener certificados de clave p\xFAblica;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.iii assessable: true depth: 4 @@ -2207,12 +4010,22 @@ objects: ref_id: 9.2.c.iii description: distributing keys to intended entities, including how to activate keys when received; + translations: + es: + name: null + description: "distribuir claves a las entidades en cuesti\xF3n, incluida\ + \ informaci\xF3n sobre c\xF3mo activar las claves cuando se reciban;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.iv assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c ref_id: 9.2.c.iv description: storing keys, including how authorised users obtain access to keys; + translations: + es: + name: null + description: "almacenar claves, incluida informaci\xF3n sobre c\xF3mo acceden\ + \ a ellas los usuarios autorizados;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.v assessable: true depth: 4 @@ -2220,42 +4033,73 @@ objects: ref_id: 9.2.c.v description: changing or updating keys, including rules on when and how to change keys; + translations: + es: + name: null + description: "cambiar o actualizar las claves, incluida informaci\xF3n sobre\ + \ cu\xE1ndo y c\xF3mo modificarlas;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.vi assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c ref_id: 9.2.c.vi description: dealing with compromised keys; + translations: + es: + name: null + description: gestionar las claves en riesgo; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.vii assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c ref_id: 9.2.c.vii description: revoking keys including how to withdraw or deactivate keys; + translations: + es: + name: null + description: "anular claves, incluida informaci\xF3n sobre c\xF3mo retirarlas\ + \ o desactivarlas;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.viii assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c ref_id: 9.2.c.viii description: recovering lost or corrupted keys; + translations: + es: + name: null + description: recuperar las claves perdidas o corrompidas; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.ix assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c ref_id: 9.2.c.ix description: backing up or archiving keys; + translations: + es: + name: null + description: hacer copias de seguridad y crear archivos de las claves; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.x assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c ref_id: 9.2.c.x description: destroying keys; + translations: + es: + name: null + description: destruir claves; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.xi assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c ref_id: 9.2.c.xi description: logging and auditing of key management-related activities; + translations: + es: + name: null + description: "hacer un registro y auditar las actividades relativas a la\ + \ gesti\xF3n de claves." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.xii assessable: true depth: 4 @@ -2264,6 +4108,13 @@ objects: description: setting activation and deactivation dates for keys ensuring that the keys can only be used for the specified period of time according to the organization's rules on key management. + translations: + es: + name: null + description: "fijar las fechas de activaci\xF3n y desactivaci\xF3n de las\ + \ claves asegur\xE1ndose de que estas solo pueden utilizarse durante el\ + \ per\xEDodo de tiempo especificado de acuerdo con las normas de gesti\xF3\ + n de claves de la organizaci\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.3 assessable: true depth: 2 @@ -2272,18 +4123,34 @@ objects: description: The relevant entities shall review and, where appropriate, update their policy and procedures at planned intervals, taking into account the state of the art in cryptography. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n las orientaciones y los procedimientos a intervalos\ + \ planificados teniendo en cuenta los \xFAltimos avances en criptograf\xED\ + a." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10 assessable: false depth: 1 ref_id: '10' name: HUMAN RESOURCES SECURITY (ARTICLE 21(2), POINT (I), OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "SEGURIDAD DE LOS RECURSOS HUMANOS [Art\xEDculo 21, Apartado 2, Letra\ + \ I), de la directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10 ref_id: '10.1' name: Human resources security + translations: + es: + name: Seguridad de los recursos humanos + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.1 assessable: true depth: 3 @@ -2295,6 +4162,17 @@ objects: \ to their security responsibilities, as appropriate for the offered services\ \ and the job and in line with the relevant entities\u2019 policy on the security\ \ of network and information systems." + translations: + es: + name: null + description: "A los efectos del art\xEDculo 21, apartado 2, letra i), de\ + \ la Directiva (UE) 2022/2555, las entidades pertinentes se asegurar\xE1\ + n de que sus empleados y sus proveedores y prestadores de servicios directos,\ + \ cuando proceda, entiendan sus responsabilidades en materia de seguridad\ + \ y se comprometan a ellas, seg\xFAn convenga con relaci\xF3n a los servicios\ + \ ofrecidos y el puesto de trabajo y en consonancia con la pol\xEDtica\ + \ de seguridad de los sistemas de redes y de informaci\xF3n de la entidad\ + \ pertinente." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2 assessable: false depth: 3 @@ -2302,6 +4180,11 @@ objects: ref_id: 10.1.2 description: 'The requirement referred to in point 10.1.1. shall include the following:' + translations: + es: + name: null + description: "El requisito contemplado en el punto 10.1.1 incluir\xE1 lo\ + \ siguiente:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2.a assessable: true depth: 4 @@ -2310,6 +4193,13 @@ objects: description: mechanisms to ensure that all employees, direct suppliers and service providers, wherever applicable, understand and follow the standard cyber hygiene practices that the relevant entities apply pursuant to point 8.1.; + translations: + es: + name: null + description: "mecanismos para garantizar que todos los empleados, proveedores\ + \ y prestadores de servicios directos, cuando proceda, entiendan y respeten\ + \ las pr\xE1cticas est\xE1ndar de ciberhigiene aplicadas por las entidades\ + \ pertinentes de acuerdo con el punto 8.1;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2.b assessable: true depth: 4 @@ -2318,6 +4208,12 @@ objects: description: mechanisms to ensure that all users with administrative or privileged access are aware of and act in accordance with their roles, responsibilities and authorities; + translations: + es: + name: null + description: "mecanismos para garantizar que todos los usuarios que dispongan\ + \ de acceso de administraci\xF3n o privilegiado conozcan sus roles, responsabilidades\ + \ y autoridades y act\xFAen de conformidad con ellos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2.c assessable: true depth: 4 @@ -2326,6 +4222,13 @@ objects: description: mechanisms to ensure that members of management bodies understand and act in accordance with their role, responsibilities and authorities regarding network and information system security; + translations: + es: + name: null + description: "mecanismos para garantizar que los miembros de los \xF3rganos\ + \ de direcci\xF3n conozcan sus roles, responsabilidades y autoridades\ + \ y act\xFAen de conformidad con ellos en lo que se refiere a la seguridad\ + \ de los sistemas de redes y de informaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2.d assessable: true depth: 4 @@ -2334,6 +4237,13 @@ objects: description: mechanisms for hiring personnel qualified for the respective roles, such as reference checks, vetting procedures, validation of certifications, or written tests. + translations: + es: + name: null + description: "mecanismos para contratar personal cualificado para los roles\ + \ correspondientes, como por ejemplo, los controles de referencia, los\ + \ procedimientos de evaluaci\xF3n, la validaci\xF3n de certificaciones\ + \ o las pruebas escritas." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.3 assessable: true depth: 3 @@ -2343,12 +4253,24 @@ objects: to specific roles as referred to in point 1.2., as well as their commitment of human resources in that regard, at planned intervals and at least annually. They shall update the assignment where necessary. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n la asignaci\xF3n de\ + \ personal a roles espec\xEDficos, tal como se recoge en el punto 1.2,\ + \ as\xED como su atribuci\xF3n de recursos humanos a este respecto, a\ + \ intervalos planificados y al menos una vez al a\xF1o. Las entidades\ + \ actualizar\xE1n la asignaci\xF3n cuando sea necesario." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10 ref_id: '10.2' name: Vulnerability handling and disclosure + translations: + es: + name: "Comprobaci\xF3n de antecedentes" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.1 assessable: true depth: 3 @@ -2358,12 +4280,24 @@ objects: of the background of their employees, and where applicable of direct suppliers and service providers in accordance with point 5.1.4, if necessary for their role, responsibilities and authorisations. + translations: + es: + name: null + description: "Las entidades pertinentes se asegurar\xE1n, en la medida posible,\ + \ de comprobar los antecedentes personales de sus empleados y, cuando\ + \ proceda, de sus proveedores y prestadores de servicios directos, de\ + \ conformidad con el apartado 5.1.4, cuando resulte necesario para sus\ + \ roles, responsabilidades y autoridades." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2 ref_id: 10.2.2 description: 'For the purpose of point 10.2.1., the relevant entities shall:' + translations: + es: + name: null + description: 'A los efectos del punto 10.2.1, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.2.a assessable: true depth: 4 @@ -2372,6 +4306,12 @@ objects: description: put in place criteria, which set out which roles, responsibilities and authorities shall only be exercised by persons whose background has been verified; + translations: + es: + name: null + description: "aplicar\xE1n criterios que establezcan qu\xE9 roles, responsabilidades\ + \ y autoridades deben ejercer exclusivamente aquellas personas cuyos antecedentes\ + \ hayan sido comprobados;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.2.b assessable: true depth: 4 @@ -2383,6 +4323,16 @@ objects: regulations, and ethics in proportion to the business requirements, the asset classification as referred to in point 12.1. and the network and information systems to be accessed, and the perceived risks. + translations: + es: + name: null + description: "se asegurar\xE1n de que estas comprobaciones contempladas\ + \ en el punto 10.2.1 se lleven a cabo antes de que estas personas empiecen\ + \ a ejercer dichos roles, responsabilidades y autoridades, que tendr\xE1\ + n en cuenta las disposiciones legales, normativas y \xE9ticas aplicables\ + \ en proporci\xF3n a los requisitos operativos, la clasificaci\xF3n de\ + \ activos contemplada en el apartado 12.1 y los sistemas de redes y de\ + \ informaci\xF3n a los que va a accederse, as\xED como los riesgos percibidos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.3 assessable: true depth: 3 @@ -2390,12 +4340,21 @@ objects: ref_id: 10.2.3 description: The relevant entities shall review and, where appropriate, update the policy at planned intervals and update it where necessary. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n la pol\xEDtica a intervalos\ + \ planificados y la actualizar\xE1n seg\xFAn proceda." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.3 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10 ref_id: '10.3' name: Termination or change of employment procedures + translations: + es: + name: "Terminaci\xF3n o cambio de los procedimientos de contrataci\xF3n" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.3.1 assessable: true depth: 3 @@ -2404,6 +4363,13 @@ objects: description: The relevant entities shall ensure that network and information system security responsibilities and duties that remain valid after termination or change of employment of their employees are contractually defined and enforced. + translations: + es: + name: null + description: "Las entidades pertinentes se asegurar\xE1n de que la seguridad\ + \ de los sistemas de redes y de informaci\xF3n y las tareas que sigan\ + \ siendo v\xE1lidas tras la terminaci\xF3n o el cambio de empleo de sus\ + \ empleados se definan y ejecuten contractualmente." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.3.2 assessable: true depth: 3 @@ -2413,12 +4379,24 @@ objects: \ include in the individual\u2019s terms and conditions of employment, contract\ \ or agreement the responsibilities and duties that are still valid after\ \ termination of employment or contract, such as confidentiality clauses." + translations: + es: + name: null + description: "A los efectos del punto 10.3.1, las entidades pertinentes\ + \ recoger\xE1n en las condiciones de empleo, contrato o acuerdo de cada\ + \ persona, las responsabilidades y funciones que siguen teniendo validez\ + \ una vez finalizado el empleo o contrato, como por ejemplo las cl\xE1\ + usulas de confidencialidad." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.4 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10 ref_id: '10.4' name: Disciplinary process + translations: + es: + name: Procedimiento disciplinario + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.4.1 assessable: true depth: 3 @@ -2428,6 +4406,14 @@ objects: a disciplinary process for handling violations of network and information system security policies. The process shall take into consideration relevant legal, statutory, contractual and business requirements. + translations: + es: + name: null + description: "Las entidades pertinentes establecer\xE1n, comunicar\xE1n\ + \ y mantendr\xE1n un procedimiento disciplinario para gestionar los incumplimientos\ + \ de las pol\xEDticas de seguridad de los sistemas de redes y de informaci\xF3\ + n. El proceso tendr\xE1 en cuenta los requisitos legales, estatutarios,\ + \ contractuales y empresariales pertinentes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.4.2 assessable: true depth: 3 @@ -2436,17 +4422,33 @@ objects: description: The relevant entities shall review and, where appropriate, update the disciplinary process at planned intervals, and when necessary due to legal changes or significant changes to operations or risks. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n los procedimientos disciplinarios a intervalos planificados\ + \ o cuando resulte necesario debido a cambios jur\xEDdicos o cambios significativos\ + \ en las operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11 assessable: false depth: 1 ref_id: '11' name: ACCESS CONTROL (ARTICLE 21(2), POINTS (I) AND (J), OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "CONTROL DE ACCESOS [Art\xEDculo 21, Apartado 2, Letras I) y J), de\ + \ la directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11 ref_id: '11.1' name: Access control policy + translations: + es: + name: "Pol\xEDtica de control de accesos" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.1 assessable: true depth: 3 @@ -2457,12 +4459,26 @@ objects: physical access control policies for the access to their network and information systems, based on business requirements as well as network and information system security requirements. + translations: + es: + name: null + description: "A los efectos del art\xEDculo 21, apartado 2, letra i), de\ + \ la Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1\ + n, documentar\xE1n y pondr\xE1n en marcha pol\xEDticas de control de acceso\ + \ l\xF3gico y f\xEDsico relativas al acceso a sus sistemas de redes y\ + \ de informaci\xF3n; bas\xE1ndose en requisitos empresariales y en requisitos\ + \ de seguridad de los sistemas de redes y de informaci\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1 ref_id: 11.1.2 description: 'The policies referred to in point 11.1.1. shall:' + translations: + es: + name: null + description: "La pol\xEDtica a que hace referencia el punto 11.1.1 se encargar\xE1\ + \ de lo siguiente:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2.a assessable: true depth: 4 @@ -2470,12 +4486,22 @@ objects: ref_id: 11.1.2.a description: address access by persons, including staff, visitors, and external entities such as suppliers and service providers; + translations: + es: + name: null + description: el acceso de personas, como el personal, los visitantes y las + entidades externas, como los proveedores y prestadores de servicios; - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2.b assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2 ref_id: 11.1.2.b description: address access by network and information systems; + translations: + es: + name: null + description: "el acceso por parte de los sistemas de redes y de informaci\xF3\ + n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2.c assessable: true depth: 4 @@ -2483,6 +4509,11 @@ objects: ref_id: 11.1.2.c description: ensure that access is only granted to users that have been adequately authenticated. + translations: + es: + name: null + description: garantizar que solo se autorice el acceso a usuarios que hayan + sido debidamente autenticados. - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.3 assessable: true depth: 3 @@ -2491,12 +4522,23 @@ objects: description: The relevant entities shall review and, where appropriate, update the policies at planned intervals and when significant incidents or significant changes to operations or risks occur. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n las pol\xEDticas a intervalos planificados o cuando\ + \ se produzcan incidentes significativos o cambios significativos en las\ + \ operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11 ref_id: '11.2' name: Management of access rights + translations: + es: + name: "Gesti\xF3n de derechos de acceso" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.1 assessable: true depth: 3 @@ -2505,12 +4547,23 @@ objects: description: The relevant entities shall provide, modify, remove and document access rights to network and information systems in accordance with the access control policy referred to in point 11.1. + translations: + es: + name: null + description: "Las entidades pertinentes ofrecer\xE1n, modificar\xE1n, retirar\xE1\ + n y documentar\xE1n los derechos de acceso a los sistemas de redes y de\ + \ informaci\xF3n de conformidad con la pol\xEDtica de control de accesos\ + \ prevista en el punto 11.1." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2 ref_id: 11.2.2 description: 'The relevant entities shall:' + translations: + es: + name: null + description: 'Las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.a assessable: true depth: 4 @@ -2518,6 +4571,12 @@ objects: ref_id: 11.2.2.a description: assign and revoke access rights based on the principles of need-to-know, least privilege and separation of duties; + translations: + es: + name: null + description: "conceder\xE1n y retirar\xE1n los derechos de acceso sobre\ + \ la base de los principios de necesidad de conocer, el m\xEDnimo privilegio\ + \ y separaci\xF3n de competencias;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.b assessable: true depth: 4 @@ -2525,6 +4584,11 @@ objects: ref_id: 11.2.2.b description: ensure that access rights are modified accordingly upon termination or change of employment; + translations: + es: + name: null + description: "velar\xE1n por que los derechos de acceso se modifiquen en\ + \ consecuencia tras la terminaci\xF3n o el cambio de empleo;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.c assessable: true depth: 4 @@ -2532,6 +4596,11 @@ objects: ref_id: 11.2.2.c description: ensure that access to network and information systems is authorised by the relevant persons; + translations: + es: + name: null + description: "velar\xE1n por que las personas pertinentes autoricen el acceso\ + \ a los sistemas de redes y de informaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.d assessable: true depth: 4 @@ -2540,18 +4609,34 @@ objects: description: ensure that access rights appropriately address third-party access, such as visitors, suppliers and service providers, in particular by limiting access rights in scope and in duration; + translations: + es: + name: null + description: "velar\xE1n por que los derechos de acceso se encarguen debidamente\ + \ del acceso de terceros, como visitantes o proveedores y prestadores\ + \ de servicios, especialmente limitando los derechos de acceso en su alcance\ + \ y duraci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.e assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2 ref_id: 11.2.2.e description: maintain a register of access rights granted; + translations: + es: + name: null + description: "mantendr\xE1n un registro de los derechos de acceso concedidos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.f assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2 ref_id: 11.2.2.f description: apply logging to the management of access rights. + translations: + es: + name: null + description: "realizar\xE1n un registro de la gesti\xF3n de los derechos\ + \ de acceso." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.3 assessable: true depth: 3 @@ -2561,12 +4646,24 @@ objects: and shall modify them based on organisational changes. The relevant entities shall document the results of the review including the necessary changes of access rights. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n los derechos de acceso\ + \ a intervalos planificados y los modificar\xE1n seg\xFAn los cambios\ + \ organizativos. Las entidades pertinentes documentar\xE1n los resultados\ + \ de la revisi\xF3n e incluir\xE1n los cambios necesarios de los derechos\ + \ de acceso." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11 ref_id: '11.3' name: Privileged accounts and system administration accounts + translations: + es: + name: "Cuentas privilegiadas y cuentas de administraci\xF3n del sistema" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.1 assessable: true depth: 3 @@ -2575,12 +4672,24 @@ objects: description: The relevant entities shall maintain policies for management of privileged accounts and system administration accounts as part of the access control policy referred to in point 11.1. + translations: + es: + name: null + description: "Las entidades pertinentes dispondr\xE1n de orientaciones para\ + \ la gesti\xF3n de cuentas privilegiadas y cuentas de administraci\xF3\ + n del sistema como parte de la pol\xEDtica de control de acceso contemplada\ + \ en el punto 11.1." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3 ref_id: 11.3.2 description: 'The policies referred to in point 11.3.1. shall:' + translations: + es: + name: null + description: "La pol\xEDtica a que hace referencia el punto 11.3.1 se encargar\xE1\ + \ de lo siguiente:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2.a assessable: true depth: 4 @@ -2589,6 +4698,13 @@ objects: description: establish strong identification, authentication such as multi-factor authentication, and authorisation procedures for privileged accounts and system administration accounts; + translations: + es: + name: null + description: "establecer procedimientos s\xF3lidos de identificaci\xF3n\ + \ y autenticaci\xF3n, como la autenticaci\xF3n de m\xFAltiples factores,\ + \ y procedimientos de autorizaci\xF3n para cuentas privilegiadas y cuentas\ + \ de administraci\xF3n del sistema;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2.b assessable: true depth: 4 @@ -2596,6 +4712,12 @@ objects: ref_id: 11.3.2.b description: set up specific accounts to be used for system administration operations exclusively, such as installation, configuration, management or maintenance; + translations: + es: + name: null + description: "crear cuentas espec\xEDficas que vayan a utilizarse exclusivamente\ + \ para operaciones de administraci\xF3n del sistema, tales como la instalaci\xF3\ + n, la configuraci\xF3n, la gesti\xF3n o el mantenimiento;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2.c assessable: true depth: 4 @@ -2603,6 +4725,11 @@ objects: ref_id: 11.3.2.c description: individualise and restrict system administration privileges to the highest extent possible, + translations: + es: + name: null + description: "personalizar y restringir en la mayor medida posible los privilegios\ + \ de la administraci\xF3n del sistema;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2.d assessable: true depth: 4 @@ -2610,6 +4737,11 @@ objects: ref_id: 11.3.2.d description: provide that system administration accounts are only used to connect to system administration systems. + translations: + es: + name: null + description: "prever que las cuentas de administraci\xF3n del sistema solo\ + \ se utilicen para conectarse a los sistemas de administraci\xF3n correspondientes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.3 assessable: true depth: 3 @@ -2619,12 +4751,24 @@ objects: accounts and system administration accounts at planned intervals and be modified based on organisational changes, and shall document the results of the review, including the necessary changes of access rights.' + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n los derechos de acceso\ + \ de las cuentas privilegiadas y las cuentas de administraci\xF3n del\ + \ sistema a intervalos planificados, los modificar\xE1n teniendo en cuenta\ + \ los cambios organizativos y documentar\xE1n los resultados de la revisi\xF3\ + n, incluidos los cambios necesarios en los derechos de acceso." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11 ref_id: '11.4' name: Administration systems + translations: + es: + name: "Sistemas de administraci\xF3n" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.1 assessable: true depth: 3 @@ -2633,12 +4777,22 @@ objects: description: The relevant entities shall restrict and control the use of system administration systems in accordance with the access control policy referred to in point 11.1. + translations: + es: + name: null + description: "Las entidades pertinentes restringir\xE1n el uso de los sistemas\ + \ de administraci\xF3n del sistema de conformidad con la pol\xEDtica de\ + \ control de accesos prevista en el punto 11.1." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4 ref_id: 11.4.2 description: 'For that purpose, the relevant entities shall:' + translations: + es: + name: null + description: 'A tal efecto, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.2.a assessable: true depth: 4 @@ -2646,6 +4800,12 @@ objects: ref_id: 11.4.2.a description: only use system administration systems for system administration purposes, and not for any other operations; + translations: + es: + name: null + description: "utilizar\xE1n \xFAnicamente sistemas de administraci\xF3n\ + \ del sistema a efectos de administraci\xF3n del mismo y no para otras\ + \ operaciones;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.2.b assessable: true depth: 4 @@ -2653,6 +4813,12 @@ objects: ref_id: 11.4.2.b description: separate logically such systems from application software not used for system administrative purposes, + translations: + es: + name: null + description: "separar l\xF3gicamente estos sistemas de los programas de\ + \ aplicaci\xF3n que no se utilicen con fines de administraci\xF3n del\ + \ sistema;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.2.c assessable: true depth: 4 @@ -2660,12 +4826,21 @@ objects: ref_id: 11.4.2.c description: protect access to system administration systems through authentication and encryption. + translations: + es: + name: null + description: "proteger\xE1n el acceso a los sistemas de administraci\xF3\ + n del sistema mediante la autenticaci\xF3n y el cifrado." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11 ref_id: '11.5' name: Identification + translations: + es: + name: "Identificaci\xF3n" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.1 assessable: true depth: 3 @@ -2673,12 +4848,22 @@ objects: ref_id: 11.5.1 description: The relevant entities shall manage the full life cycle of identities of network and information systems and their users. + translations: + es: + name: null + description: "Las entidades pertinentes gestionar\xE1n todo el ciclo de\ + \ vida de las identidades de los sistemas de redes y de informaci\xF3\ + n y sus usuarios." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5 ref_id: 11.5.2 description: 'For that purpose, the relevant entities shall:' + translations: + es: + name: null + description: 'A tal efecto, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2.a assessable: true depth: 4 @@ -2686,24 +4871,42 @@ objects: ref_id: 11.5.2.a description: set up unique identities for network and information systems and their users; + translations: + es: + name: null + description: "crear\xE1n identidades \xFAnicas para los sistemas de redes\ + \ y de informaci\xF3n y sus usuarios;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2.b assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2 ref_id: 11.5.2.b description: link the identity of users to a single person; + translations: + es: + name: null + description: "asociar\xE1n la identidad de los usuarios a una sola persona;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2.c assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2 ref_id: 11.5.2.c description: ensure oversight of identities of network and information systems; + translations: + es: + name: null + description: "se encargar\xE1n de la supervisi\xF3n de las identidades de\ + \ los sistemas de redes y de informaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2.d assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2 ref_id: 11.5.2.d description: apply logging to the management of identities. + translations: + es: + name: null + description: "realizar\xE1n un registro de la gesti\xF3n de las identidades." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.3 assessable: true depth: 3 @@ -2715,6 +4918,16 @@ objects: and documentation. The relevant entities shall take identities assigned to multiple persons into account in the cybersecurity risk management framework referred to in point 2.1. + translations: + es: + name: null + description: "las entidades pertinentes solo autorizar\xE1n las identidades\ + \ asignadas a m\xFAltiples personas, como las identidades compartidas,\ + \ cuando sean necesarias por razones empresariales u operativas y est\xE9\ + n sujetas a un proceso de aprobaci\xF3n y documentaci\xF3n expl\xEDcito.\ + \ Las entidades pertinentes tendr\xE1n en cuenta las identidades asignadas\ + \ a m\xFAltiples personas en el marco de gesti\xF3n de riesgos de ciberseguridad\ + \ contemplado en el punto 2.1." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.4 assessable: true depth: 3 @@ -2723,12 +4936,23 @@ objects: description: The relevant entities shall regularly review the identities for network and information systems and their users and, if no longer needed, deactivate them without delay. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n peri\xF3dicamente las\ + \ identidades correspondientes a los sistemas de redes y de informaci\xF3\ + n y sus usuarios y, cuando ya no sean necesarias, las desactivar\xE1n\ + \ inmediatamente." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11 ref_id: '11.6' name: Authentication + translations: + es: + name: "Autenticaci\xF3n" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.1 assessable: true depth: 3 @@ -2736,12 +4960,22 @@ objects: ref_id: 11.6.1 description: The relevant entities shall implement secure authentication procedures and technologies based on access restrictions and the policy on access control. + translations: + es: + name: null + description: "Las entidades pertinentes pondr\xE1n en marcha tecnolog\xED\ + as y procedimientos de autenticaci\xF3n seguros basados en las restricciones\ + \ de acceso y en la pol\xEDtica de control de acceso." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6 ref_id: 11.6.2 description: 'For that purpose, the relevant entities shall:' + translations: + es: + name: null + description: 'A tal efecto, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.a assessable: true depth: 4 @@ -2749,6 +4983,11 @@ objects: ref_id: 11.6.2.a description: ensure the strength of authentication is appropriate to the classification of the asset to be accessed; + translations: + es: + name: null + description: "garantizar\xE1n que la solidez de la autenticaci\xF3n sea\ + \ adecuada para a la clasificaci\xF3n del activo al que se va a acceder;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.b assessable: true depth: 4 @@ -2757,6 +4996,14 @@ objects: description: control the allocation to users and management of secret authentication information by a process that ensures the confidentiality of the information, including advising personnel on appropriate handling of authentication information; + translations: + es: + name: null + description: "controlar la asignaci\xF3n a los usuarios y la gesti\xF3n\ + \ de informaci\xF3n de autenticaci\xF3n secreta mediante un proceso que\ + \ garantice la confidencialidad de la informaci\xF3n, incluido el asesoramiento\ + \ al personal sobre el tratamiento adecuado de la informaci\xF3n de autenticaci\xF3\ + n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.c assessable: true depth: 4 @@ -2764,6 +5011,12 @@ objects: ref_id: 11.6.2.c description: require the change of authentication credentials initially, at predefined intervals and upon suspicion that the credentials were compromised; + translations: + es: + name: null + description: "exigir el cambio de credenciales de autenticaci\xF3n al principio,\ + \ a intervalos predefinidos y cuando se sospeche que las credenciales\ + \ corren alg\xFAn peligro;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.d assessable: true depth: 4 @@ -2771,6 +5024,12 @@ objects: ref_id: 11.6.2.d description: require the reset of authentication credentials and the blocking of users after a predefined number of unsuccessful log-in attempts; + translations: + es: + name: null + description: "exigir el restablecimiento de las credenciales y el bloqueo\ + \ de los usuarios tras un n\xFAmero predefinido de intentos de conexi\xF3\ + n infructuosos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.e assessable: true depth: 4 @@ -2778,6 +5037,11 @@ objects: ref_id: 11.6.2.e description: terminate inactive sessions after a predefined period of inactivity; and + translations: + es: + name: null + description: "cerrar las sesiones inactivas tras un per\xEDodo de inactividad\ + \ predefinido; y" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.f assessable: true depth: 4 @@ -2785,6 +5049,11 @@ objects: ref_id: 11.6.2.f description: require separate credentials to access privileged access or administrative accounts. + translations: + es: + name: null + description: "exigir credenciales separadas para obtener un acceso privilegiado\ + \ o acceder a cuentas de administraci\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.3 assessable: true depth: 3 @@ -2794,6 +5063,14 @@ objects: authentication methods, in accordance with the associated assessed risk and the classification of the asset to be accessed, and unique authentication information. + translations: + es: + name: null + description: "En la medida de lo posible, las entidades pertinentes utilizar\xE1\ + n los m\xE9todos de autenticaci\xF3n m\xE1s avanzados, de conformidad\ + \ con el riesgo evaluado asociado y la clasificaci\xF3n del activo al\ + \ que se vaya a acceder, as\xED como informaci\xF3n de autenticaci\xF3\ + n exclusiva." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.4 assessable: true depth: 3 @@ -2801,12 +5078,21 @@ objects: ref_id: 11.6.4 description: The relevant entities shall review the authentication procedures and technologies at planned intervals. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n los procedimientos\ + \ y las tecnolog\xEDas de autenticaci\xF3n a intervalos planificados." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.7 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11 ref_id: '11.7' name: Multi-factor authentication + translations: + es: + name: "Autenticaci\xF3n de m\xFAltiples factores" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.7.1 assessable: true depth: 3 @@ -2817,6 +5103,14 @@ objects: \ for accessing the relevant entities\u2019 network and information systems,\ \ where appropriate, in accordance with the classification of the asset to\ \ be accessed." + translations: + es: + name: null + description: "Las entidades pertinentes velar\xE1n por que los usuarios\ + \ sean autenticados mediante m\xFAltiples factores de autenticaci\xF3\ + n o mecanismos de autenticaci\xF3n continua para acceder a los sistemas\ + \ de redes y de informaci\xF3n la entidad, cuando proceda, de conformidad\ + \ con la clasificaci\xF3n del activo al que se va a acceder." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.7.2 assessable: true depth: 3 @@ -2824,17 +5118,32 @@ objects: ref_id: 11.7.2 description: The relevant entities shall ensure that the strength of authentication is appropriate for the classification of the asset to be accessed. + translations: + es: + name: null + description: "Las entidades pertinentes se asegurar\xE1n de que la solidez\ + \ de la autenticaci\xF3n sea adecuada a la clasificaci\xF3n del activo\ + \ al que se va a acceder." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12 assessable: false depth: 1 ref_id: '12' name: ASSET MANAGEMENT (ARTICLE 21(2), POINT (I), OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "GESTI\xD3N DE ACTIVOS [Art\xEDculo 21, Apartado 2, Letra I), de la\ + \ directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12 ref_id: '12.1' name: Asset classification + translations: + es: + name: "Clasificaci\xF3n de activos" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.1 assessable: true depth: 3 @@ -2844,18 +5153,35 @@ objects: the relevant entities shall lay down classification levels of all assets, including information, in scope of their network and information systems for the level of protection required. + translations: + es: + name: null + description: "A los efectos del art\xEDculo 21, apartado 2, letra i), de\ + \ la Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1\ + n los niveles de clasificaci\xF3n de todos los activos, incluida la informaci\xF3\ + n, que formen parte del \xE1mbito de sus sistemas de redes y de informaci\xF3\ + n con relaci\xF3n al nivel de protecci\xF3n requerido." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1 ref_id: 12.1.2 description: 'For the purpose of point 12.1.1., the relevant entities shall:' + translations: + es: + name: null + description: 'A los efectos del punto 12.1.1, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2.a assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2 ref_id: 12.1.2.a description: lay down a system of classification levels for assets; + translations: + es: + name: null + description: "establecer\xE1n un sistema de niveles de clasificaci\xF3n\ + \ de los activos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2.b assessable: true depth: 4 @@ -2864,6 +5190,13 @@ objects: description: associate all assets with a classification level, based on confidentiality, integrity, authenticity and availability requirements, to indicate the protection required according to their sensitivity, criticality, risk and business value; + translations: + es: + name: null + description: "asociar\xE1n todos los activos con un nivel de clasificaci\xF3\ + n, basado en los requisitos de confidencialidad, integridad, autenticidad\ + \ y disponibilidad, para indicar la protecci\xF3n requerida en funci\xF3\ + n de su sensibilidad, criticidad, riesgo y valor empresarial;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2.c assessable: true depth: 4 @@ -2872,6 +5205,13 @@ objects: description: align the availability requirements of the assets with the delivery and recovery objectives set out in their business continuity and disaster recovery plans. + translations: + es: + name: null + description: "amoldar\xE1n los requisitos de disponibilidad de los activos\ + \ a los objetivos de entrega y recuperaci\xF3n establecidos en sus planes\ + \ de continuidad de las actividades y de recuperaci\xF3n en caso de cat\xE1\ + strofe." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.3 assessable: true depth: 3 @@ -2879,12 +5219,22 @@ objects: ref_id: 12.1.3 description: The relevant entities shall conduct periodic reviews of the classification levels of assets and update them, where appropriate. + translations: + es: + name: null + description: "Las entidades pertinentes realizar\xE1n revisiones peri\xF3\ + dicas de los niveles de clasificaci\xF3n de los activos y los actualizar\xE1\ + n, seg\xFAn proceda." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12 ref_id: '12.2' name: Handling of assets + translations: + es: + name: "Gesti\xF3n de activos" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.1 assessable: true depth: 3 @@ -2894,12 +5244,24 @@ objects: for the proper handling of assets, including information, in accordance with their network and information security policy, and shall communicate the policy on proper handling of assets to anyone who uses or handles assets. + translations: + es: + name: null + description: "Las entidades pertinentes establecer\xE1n, pondr\xE1n en marcha\ + \ y aplicar\xE1n una pol\xEDtica para la correcta gesti\xF3n de los activos,\ + \ incluida la informaci\xF3n, acorde con su pol\xEDtica de seguridad de\ + \ las redes y de la informaci\xF3n y la pondr\xE1n en conocimiento de\ + \ todo aquel que utilice o gestione los activos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2 ref_id: 12.2.2 description: 'The policy shall:' + translations: + es: + name: null + description: "Dicha pol\xEDtica:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.2.a assessable: true depth: 4 @@ -2907,6 +5269,12 @@ objects: ref_id: 12.2.2.a description: cover the entire life cycle of the assets, including acquisition, use, storage, transportation and disposal; + translations: + es: + name: null + description: "har\xE1 referencia a toda la vida \xFAtil de los activos,\ + \ especialmente su adquisici\xF3n, uso, almacenamiento, transporte y eliminaci\xF3\ + n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.2.b assessable: true depth: 4 @@ -2914,6 +5282,12 @@ objects: ref_id: 12.2.2.b description: provide rules on the safe use, safe storage, safe transport, and the irretrievable deletion and destruction of the assets; + translations: + es: + name: null + description: "establecer\xE1 normas para su uso seguro, su almacenamiento\ + \ seguro, su transporte seguro y la supresi\xF3n y destrucci\xF3n irreversibles\ + \ de los activos;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.2.c assessable: true depth: 4 @@ -2921,6 +5295,11 @@ objects: ref_id: 12.2.2.c description: provide that the transfer shall take place in a secure manner, in accordance with the type of asset to be transferred. + translations: + es: + name: null + description: "prever\xE1 que la transferencia se lleve a cabo de manera\ + \ segura, de conformidad con el tipo de activo que transfiera." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.3 assessable: true depth: 3 @@ -2929,12 +5308,23 @@ objects: description: The relevant entities shall review and, where appropriate, update the policy at planned intervals and when significant incidents or significant changes to operations or risks occur. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n la pol\xEDtica a intervalos planificados o cuando se\ + \ produzcan incidentes significativos o cambios significativos en las\ + \ operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12 ref_id: '12.3' name: Removable media policy + translations: + es: + name: "Pol\xEDtica de soportes extra\xEDbles" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.1 assessable: true depth: 3 @@ -2945,12 +5335,26 @@ objects: \ employees and third parties who handle removable storage media at the relevant\ \ entities\u2019 premises or other locations where the removable media is\ \ connected to the relevant entities\u2019 network and information systems." + translations: + es: + name: null + description: "Las entidades pertinentes establecer\xE1n, pondr\xE1n en marcha\ + \ y aplicar\xE1n una pol\xEDtica relativa a la gesti\xF3n de soportes\ + \ de almacenamiento extra\xEDbles y la pondr\xE1n en conocimiento de sus\ + \ empleados y de terceros que manipulen soportes de almacenamiento extra\xED\ + bles en las instalaciones de las entidades pertinentes o en otros lugares\ + \ en los que los soportes extra\xEDbles est\xE9n conectados a los sistemas\ + \ de redes y de informaci\xF3n de la entidad." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3 ref_id: 12.3.2 description: 'The policy shall:' + translations: + es: + name: null + description: "Dicha pol\xEDtica:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2.a assessable: true depth: 4 @@ -2958,6 +5362,12 @@ objects: ref_id: 12.3.2.a description: provide for a technical prohibition of the connection of removable media unless there is an organisational reason for their use; + translations: + es: + name: null + description: "prever\xE1 una prohibici\xF3n t\xE9cnica para la conexi\xF3\ + n de soportes extra\xEDbles salvo que existan razones internas para su\ + \ uso;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2.b assessable: true depth: 4 @@ -2966,6 +5376,13 @@ objects: description: "provide for disabling self-execution from such media and scanning\ \ the media for malicious code before they are used on the relevant entities\u2019\ \ systems;" + translations: + es: + name: null + description: "prever\xE1 la deshabilitaci\xF3n de la reproducci\xF3n autom\xE1\ + tica desde dichos soportes y la detecci\xF3n de c\xF3digos maliciosos\ + \ en los mismos antes de que se utilicen en los sistemas de las entidades\ + \ pertinentes;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2.c assessable: true depth: 4 @@ -2973,6 +5390,12 @@ objects: ref_id: 12.3.2.c description: provide measures for controlling and protecting portable storage devices containing data while in transit and in storage; + translations: + es: + name: null + description: "prever\xE1 medidas para controlar y proteger los soportes\ + \ de almacenamiento extra\xEDbles que contengan datos durante el tr\xE1\ + nsito y el almacenamiento;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2.d assessable: true depth: 4 @@ -2980,6 +5403,12 @@ objects: ref_id: 12.3.2.d description: where appropriate, provide measures for the use of cryptographic techniques to protect data on removable storage media. + translations: + es: + name: null + description: "seg\xFAn proceda, prever\xE1 medidas para la utilizaci\xF3\ + n de t\xE9cnicas criptogr\xE1ficas para proteger los datos contenidos\ + \ en los soportes de almacenamiento extra\xEDbles." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.3 assessable: true depth: 3 @@ -2988,12 +5417,23 @@ objects: description: The relevant entities shall review and, where appropriate, update the policy at planned intervals and when significant incidents or significant changes to operations or risks occur. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\ + \ actualizar\xE1n la pol\xEDtica a intervalos planificados o cuando se\ + \ produzcan incidentes significativos o cambios significativos en las\ + \ operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12 ref_id: '12.4' name: Asset inventory + translations: + es: + name: Inventario de activos + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.1 assessable: true depth: 3 @@ -3002,6 +5442,12 @@ objects: description: The relevant entities shall develop and maintain a complete, accurate, up-to-date and consistent inventory of their assets. They shall record changes to the entries in the inventory in a traceable manner. + translations: + es: + name: null + description: "Las entidades pertinentes crear\xE1n y mantendr\xE1n un inventario\ + \ completo, preciso, actualizado y coherente de sus activos. Registrar\xE1\ + n los cambios en las entradas del inventario de manera que puedan rastrearse." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.2 assessable: true depth: 4 @@ -3010,12 +5456,22 @@ objects: description: 'The granularity of the inventory of the assets shall be at a level appropriate for the needs of the relevant entities. The inventory shall include the following:' + translations: + es: + name: null + description: "La granularidad del inventario de los activos se situar\xE1\ + \ en un nivel adecuado a las necesidades de las entidades pertinentes.\ + \ El inventario incluir\xE1 lo siguiente:" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.2.a assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.1 ref_id: 12.4.2.a description: the list of operations and services and their description, + translations: + es: + name: null + description: "la lista de operaciones y servicios y su descripci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.2.b assessable: true depth: 4 @@ -3023,6 +5479,12 @@ objects: ref_id: 12.4.2.b description: "the list of network and information systems and other associated\ \ assets supporting the relevant entities\u2019 operations and services." + translations: + es: + name: null + description: "la lista de sistemas de redes y de informaci\xF3n y otros\ + \ activos asociados que sirvan de apoyo a las operaciones y servicios\ + \ de las entidades pertinentes." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.3 assessable: true depth: 3 @@ -3030,13 +5492,24 @@ objects: ref_id: 12.4.3 description: The relevant entities shall regularly review and update the inventory and their assets and document the history of changes. + translations: + es: + name: null + description: "Las entidades pertinentes revisar\xE1n y actualizar\xE1n peri\xF3\ + dicamente el inventario y sus activos y registrar\xE1n el historial de\ + \ cambios." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.5 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12 ref_id: '12.5' name: Deposit, return or deletion of assets upon termination of employment - - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:node414 + translations: + es: + name: "Dep\xF3sito, devoluci\xF3n o supresi\xF3n de activos al t\xE9rmino\ + \ de la relaci\xF3n laboral" + description: null + - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.5:1 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.5 @@ -3047,18 +5520,39 @@ objects: \ return or deletion of assets is not possible, the relevant entities shall\ \ ensure that the assets can no longer access the relevant entities\u2019\ \ network and information systems in accordance with point 12.2.2." + translations: + es: + name: null + description: "Las entidades pertinentes crear\xE1n, pondr\xE1n en marcha\ + \ y aplicar\xE1n procedimientos para que los activos bajo custodia del\ + \ personal sean depositados, devueltos o suprimidos al t\xE9rmino de la\ + \ relaci\xF3n laboral, y documentar\xE1n el dep\xF3sito, la devoluci\xF3\ + n y la supresi\xF3n de dichos activos.\n\nCuando no sea posible el dep\xF3\ + sito, la devoluci\xF3n o la supresi\xF3n de activos, las entidades pertinentes\ + \ se asegurar\xE1n de que dichos activos ya no puedan acceder a los sistemas\ + \ de redes y de informaci\xF3n de la entidad de conformidad con el punto\ + \ 12.2.2." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13 assessable: false depth: 1 ref_id: '13' name: ENVIRONMENTAL AND PHYSICAL SECURITY (ARTICLE 21(2), POINTS (C), (E) AND (I) OF DIRECTIVE (EU) 2022/2555) + translations: + es: + name: "SEGURIDAD MEDIOAMBIENTAL Y F\xCDSICA [Art\xEDculo 21, Apartado 2,\ + \ Letras C), E) e I), de la directiva (UE) 2022/2555]" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13 ref_id: '13.1' name: Supporting utilities + translations: + es: + name: "Servicios p\xFAblicos" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.1 assessable: true depth: 3 @@ -3068,12 +5562,24 @@ objects: the relevant entities shall prevent loss, damage or compromise of network and information systems or interruption to their operations due to the failure and disruption of supporting utilities. + translations: + es: + name: null + description: "A los efectos del art\xEDculo 21, apartado 2, letra c), de\ + \ la Directiva (UE) 2022/2555, las entidades pertinentes evitar\xE1n las\ + \ p\xE9rdidas, los da\xF1os o riesgos de los sistemas de redes y de informaci\xF3\ + n o la interrupci\xF3n de sus operaciones debido al fallo y la interrupci\xF3\ + n de los servicios p\xFAblicos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1 ref_id: 13.1.2 description: 'For that purpose, the relevant entities shall, where appropriate:' + translations: + es: + name: null + description: 'A tal efecto, cuando proceda, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.a assessable: true depth: 4 @@ -3082,12 +5588,24 @@ objects: description: protect facilities from power failures and other disruptions caused by failures in supporting utilities such as electricity, telecommunications, water supply, gas, sewage, ventilation and air conditioning; + translations: + es: + name: null + description: "proteger\xE1n las instalaciones de los fallos el\xE9ctricos\ + \ y de otras alteraciones causadas por fallos en servicios p\xFAblicos\ + \ como la electricidad, las telecomunicaciones, el suministro de agua,\ + \ el gas, las aguas residuales, la ventilaci\xF3n o el aire acondicionado;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.b assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2 ref_id: 13.1.2.b description: consider the use of redundancy in utilities services; + translations: + es: + name: null + description: "considerar\xE1n la utilizaci\xF3n de redundancias en los servicios\ + \ de utilidad p\xFAblica;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.c assessable: true depth: 4 @@ -3096,6 +5614,12 @@ objects: description: protect utility services for electricity and telecommunications, which transport data or supply network and information systems, against interception and damage; + translations: + es: + name: null + description: "proteger\xE1n los servicios p\xFAblicos de electricidad y\ + \ telecomunicaciones, que transportan datos u ofrecen sistemas de redes\ + \ y de informaci\xF3n, frente a la interceptaci\xF3n y los da\xF1os;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.d assessable: true depth: 4 @@ -3105,6 +5629,14 @@ objects: to the competent internal or external personnel events outside the minimum and maximum control thresholds referred to in point 13.2.2(b) affecting the utility services; + translations: + es: + name: null + description: "supervisar\xE1n los servicios p\xFAblicos contemplados en\ + \ la letra c) e informar\xE1n al personal interno o externo competente\ + \ de los sucesos que tengan lugar m\xE1s all\xE1 de los umbrales m\xED\ + nimo y m\xE1ximo de control a que se refiere el punto 13.2.2, letra b),\ + \ que afecten a los servicios de utilidad p\xFAblica;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.e assessable: false depth: 4 @@ -3112,6 +5644,12 @@ objects: ref_id: 13.1.2.e description: conclude contracts for the emergency supply with corresponding services, such as for the fuel for emergency power supply; + translations: + es: + name: null + description: "concluir\xE1n contratos para el suministro de emergencia con\ + \ los servicios correspondientes, tales como el combustible para el suministro\ + \ el\xE9ctrico de emergencia;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.f assessable: true depth: 4 @@ -3121,6 +5659,14 @@ objects: supply of the network and information systems necessary for the operation of the service offered, in particular the electricity, temperature and humidity control, telecommunications and Internet connection. + translations: + es: + name: null + description: "Garantizar\xE1n la eficacia continua, supervisar\xE1n, mantendr\xE1\ + n y probar\xE1n el suministro de los sistemas de redes y de informaci\xF3\ + n necesarios para el funcionamiento del servicio ofrecido, especialmente\ + \ la electricidad, el control de la temperatura y la humedad, las telecomunicaciones\ + \ y la conexi\xF3n a Internet." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.3 assessable: true depth: 3 @@ -3129,12 +5675,23 @@ objects: description: The relevant entities shall test, review and, where appropriate, update the protection measures on a regular basis or following significant incidents or significant changes to operations or risks. + translations: + es: + name: null + description: "Las entidades pertinentes comprobar\xE1n, revisar\xE1n y,\ + \ cuando proceda, actualizar\xE1n las medidas de protecci\xF3n de forma\ + \ peri\xF3dica o despu\xE9s de incidentes significativos o cambios significativos\ + \ en las operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13 ref_id: '13.2' name: Protection against physical and environmental threats + translations: + es: + name: "Protecci\xF3n contra las amenazas f\xEDsicas y medioambientales" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.1 assessable: true depth: 3 @@ -3145,12 +5702,26 @@ objects: from physical and environmental threats, such as natural disasters and other intentional or unintentional threats, based on the results of the risk assessment carried out pursuant to point 2.1. + translations: + es: + name: null + description: "A los efectos del art\xEDculo 21, apartado 2, letra e), de\ + \ la Directiva (UE) 2022/2555, las entidades pertinentes evitar\xE1n o\ + \ reducir\xE1n las consecuencias de los sucesos que tengan lugar a causa\ + \ de amenazas f\xEDsicas y medioambientales, como las cat\xE1strofes naturales\ + \ y otras amenazas intencionadas o inintencionadas, a partir de los resultados\ + \ de la evaluaci\xF3n de riesgos realizada de conformidad con el punto\ + \ 2.1." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2 ref_id: 13.2.2 description: 'For that purpose, the relevant entities shall, where appropriate:' + translations: + es: + name: null + description: 'A tal efecto, cuando proceda, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.2.a assessable: true depth: 4 @@ -3158,6 +5729,11 @@ objects: ref_id: 13.2.2.a description: design and implement protection measures against physical and environmental threats; + translations: + es: + name: null + description: "dise\xF1ar\xE1n y pondr\xE1n en marcha medidas de protecci\xF3\ + n contra las amenazas f\xEDsicas y medioambientales;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.2.b assessable: true depth: 4 @@ -3165,6 +5741,11 @@ objects: ref_id: 13.2.2.b description: determine minimum and maximum control thresholds for physical and environmental threats; + translations: + es: + name: null + description: "determinar\xE1n umbrales m\xEDnimos y m\xE1ximos de control\ + \ de las amenazas f\xEDsicas y medioambientales;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.2.c assessable: true depth: 4 @@ -3173,6 +5754,13 @@ objects: description: monitor environmental parameters and report to the competent internal or external personnel events outside the minimum and maximum control thresholds referred to in point (b). + translations: + es: + name: null + description: "supervisar\xE1n los par\xE1metros medioambientales e informar\xE1\ + n al personal interno o externo competente de los sucesos que tengan lugar\ + \ m\xE1s all\xE1 de los umbrales m\xEDnimo y m\xE1ximo de control a que\ + \ se refiere la letra b)." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.3 assessable: true depth: 3 @@ -3182,12 +5770,23 @@ objects: update the protection measures against physical and environmental threats on a regular basis or following significant incidents or significant changes to operations or risks. + translations: + es: + name: null + description: "Las entidades pertinentes comprobar\xE1n, revisar\xE1n y,\ + \ cuando proceda, actualizar\xE1n las medidas de protecci\xF3n de forma\ + \ peri\xF3dica o despu\xE9s de incidentes significativos o cambios significativos\ + \ en las operaciones o los riesgos." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13 ref_id: '13.3' name: Perimeter and physical access control + translations: + es: + name: "Control de acceso perimetral y f\xEDsico" + description: null - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.1 assessable: true depth: 3 @@ -3196,12 +5795,23 @@ objects: description: For the purpose of Article 21(2)(i) of Directive (EU) 2022/2555, the relevant entities shall prevent and monitor unauthorised physical access, damage and interference to their network and information systems. + translations: + es: + name: null + description: "A los efectos del art\xEDculo 21, apartado 2, letra i), de\ + \ la Directiva (UE) 2022/2555, las entidades pertinentes evitar\xE1n y\ + \ controlar\xE1n el acceso f\xEDsico no autorizado, los da\xF1os y las\ + \ interferencias a sus sistemas de redes y de informaci\xF3n." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2 assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3 ref_id: 13.3.2 description: 'For that purpose, the relevant entities shall:' + translations: + es: + name: null + description: 'A tal efecto, las entidades pertinentes:' - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2.a assessable: true depth: 4 @@ -3210,6 +5820,13 @@ objects: description: on the basis of the risk assessment carried out pursuant to point 2.1, lay down and use security perimeters to protect areas where network and information systems and other associated assets are located; + translations: + es: + name: null + description: "sobre la base de la evaluaci\xF3n de riesgos realizada con\ + \ arreglo al punto 2.1, establecer\xE1n y utilizar\xE1n per\xEDmetros\ + \ de seguridad para proteger las zonas en las que se ubican los sistemas\ + \ de redes y de informaci\xF3n;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2.b assessable: true depth: 4 @@ -3217,18 +5834,33 @@ objects: ref_id: 13.3.2.b description: protect the areas referred to in point (a) by appropriate entry controls and access points; + translations: + es: + name: null + description: "proteger\xE1n las zonas a que se refiere la letra a) mediante\ + \ controles de entrada y puntos de acceso adecuados;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2.c assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2 ref_id: 13.3.2.c description: design and implement physical security for offices, rooms and facilities, + translations: + es: + name: null + description: "dise\xF1ar\xE1n e implantar\xE1n la seguridad f\xEDsica de\ + \ las oficinas, las salas y las instalaciones;" - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2.d assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2 ref_id: 13.3.2.d description: continuously monitor their premises for unauthorised physical access. + translations: + es: + name: null + description: "supervisar\xE1n de manera continuada sus instalaciones en\ + \ lo que se refiere al acceso f\xEDsico no autorizado." - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.3 assessable: true depth: 3 @@ -3237,3 +5869,10 @@ objects: description: The relevant entities shall test, review and, where appropriate, update the physical access control measures on a regular basis or following significant incidents or significant changes to operations or risks. + translations: + es: + name: null + description: "Las entidades pertinentes comprobar\xE1n, revisar\xE1n y,\ + \ cuando proceda, actualizar\xE1n las medidas de control del acceso f\xED\ + sico de forma peri\xF3dica o despu\xE9s de incidentes significativos o\ + \ cambios significativos en las operaciones o los riesgos."