Essential Cybersecurity Controls (ECC – 1 : 2018)
Anil Sahore
Enabling organisations in the Middle East/Saudi Arabia to implement AI, Cyber Security, PDPL & Data Privacy and Data Management Frameworks
Authority: National Cybersecurity Authority (NCA)
Objective: To set the minimum cybersecurity requirements for information and technology assets in organizations.
Scope:
Applicable to government organizations in the Kingdom of Saudi Arabia (including ministries, authorities, establishments and others) and its companies and entities, as well as private sector organizations owning, operating or hosting Critical National Infrastructures
Requirements: The Essential Cybersecurity Controls consist of the following:
? 5 Cybersecurity Main Domains.
? 29 Cybersecurity Subdomains.
? 114 Cybersecurity Controls.
Audit and Compliance Process:
To comply with item 3 of article 10 of NCA’s mandate and as per the Royal Decree number 57231 dated 10/11/1439H, all organizations within the scope of these controls must implement whatever necessary to ensure continuous compliance with the controls.
NCA evaluates organizations’ compliance with the ECC through multiple means such as self-assessments by the organizations, periodic reports of the compliance tool or on-site audits.