National Cybersecurity Authority Compliance

Ensure compliance with the NCA’s Essential Cybersecurity Controls Standard (ECC-1)

The National Cybersecurity Authority (NCA) is Saudi Arabia’s competent national entity responsible for boosting the cybersecurity of the kingdom and protecting its vital interests, national security and sensitive infrastructure.

The authority was established on 31 October 2017 by royal decree, and linked to the office of the king, with a mandate that includes but is not limited to “drafting the national strategy for cybersecurity and overseeing its implementation; cybersecurity frameworks, controls, and compliance; building and operating cybersecurity operation centers; developing human capabilities in cybersecurity; raising awareness on cybersecurity; stimulating growth of the cybersecurity sector and encouraging innovation and investment therein; and establishing ties with similar agencies abroad and private entities for the mutual exchange of knowledge and expertise in cybersecurity.”

As a key step in meeting this mandate, the authority established the Essential Cybersecurity Controls (ECC-1: 2018) to set the minimum cybersecurity requirements for national organizations


The Essential Cybersecurity Controls consist of 5 cybersecurity main domains, 29 cybersecurity subdomains, 114 cybersecurity controls.

The ECC main domains are:

Cybersecurity Governance

Cybersecurity Defense

Cybersecurity Resilience

Third-Party and Cloud Computing Cybersecurity.

Industrial Control Systems (ICS) Cybersecurity.

Start Securing Your Business Today

Compliance with the ECC is mandatory for all government entities, as well as private entities providing critical national infrastructure. However, the NCA strongly encourages all organizations and entities in Saudi Arabia, even ones where compliance with the ECC is not mandatory, to still to leverage the ECC to implement best practices to improve and enhance their cybersecurity.

How SirajTech can help your organization with ECC implementation and compliance

Our ECC Compliance Services are designed to assist you in securing your organization, while achieving compliance at the same time. We work closely with your stakeholders to establish statements of applicability tailored specifically to your organization, develop a detailed gap assessment using the ECC assessment toolkit provided by the NCA, and we provide a roadmap for compliance focused on the areas that do not meet the applicable controls. SirajTech will even collect and build the evidence of compliance as part of our service. Contact us now to get a free ECC consultation for your organization.